Taming Reflection

Sun, Xiaoyu; Li, Li; Bissyandé, Tegawendé F.; Klein, Jacques; Octeau, Damien; Grundy, John

doi:10.1145/3440033

Cited by 13 publications

(2 citation statements)

References 70 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Nevertheless, even for relection, our approach can still detect around one-third of HSOs. To better mitigate the impact of relection-based obfuscation on our approach, we further propose to strengthen the capability of HiSenDroid by integrating the state-of-the-art relection analysis tool DroidRA to handle relection usages [67]. After statically locating the relective calls, DroidRA can transform a relection-included Android app to a relection-free version, where the located relective calls will be represented by standard java calls.…”

Section: Impact Of Code Obfuscationmentioning

confidence: 99%

“…Therefore, we believe that the technical capabilities and our results would not be signiicantly impacted by code obfuscation. Nevertheless, as part of our future work, we plan to integrate other approaches developed by our fellow researchers to mitigate these long-standing challenges, e.g., by applying DroidRA [40,67] to mitigate the impact of relection-enhanced code obfuscations.…”

Section: Limitationsmentioning

confidence: 99%

See 1 more Smart Citation

Demystifying Hidden Sensitive Operations in Android Apps

Sun

Chen

et al. 2023

ACM Trans. Softw. Eng. Methodol.

Self Cite

View full text Add to dashboard Cite

Security of Android devices is now paramount, given their wide adoption among consumers. As researchers develop tools for statically or dynamically detecting suspicious apps, malware writers regularly update their attack mechanisms to hide malicious behavior implementation. This poses two problems to current research techniques: static analysis approaches, given their over-approximations, can report an overwhelming number of false alarms, while dynamic approaches will miss those behaviors that are hidden through evasion techniques. We propose in this work a static approach specifically targeted at highlighting hidden sensitive operations, mainly sensitive data flows. The prototype version of HiSenDroid has been evaluated on a large-scale dataset of thousands of malware and goodware samples on which it successfully revealed anti-analysis code snippets aiming at evading detection by dynamic analysis. We further experimentally show that, with FlowDroid, some of the hidden sensitive behaviors would eventually lead to private data leaks. Those leaks would have been hard to spot either manually among the large number of false positives reported by the state of the art static analyzers, or by dynamic tools. Overall, by putting the light on hidden sensitive operations, HiSenDroid helps security analysts in validating potential sensitive data operations, which would be previously unnoticed.

show abstract

Section: Impact Of Code Obfuscationmentioning

confidence: 99%

Section: Limitationsmentioning

confidence: 99%

Demystifying Hidden Sensitive Operations in Android Apps

Sun

Chen

et al. 2023

ACM Trans. Softw. Eng. Methodol.

Self Cite

View full text Add to dashboard Cite

show abstract

DroidHook: a novel API-hook based Android malware dynamic analysis sandbox

Cui

Sun²,

Lin³

2023

Autom Softw Eng

View full text Add to dashboard Cite

Execution Recording and Reconstruction for Detecting Information Flows in Android Apps

2023

View full text Add to dashboard Cite

Security researchers utilize taint analyses to uncover suspicious behaviors in Android apps. Current static taint analyzers cannot handle ICC, reflection, and lifecycles dependably, increasing the result verification cost. On the other hand, current dynamic taint trackers accurately detect execution paths. However, they depend on specific Android versions and modified devices, reducing their usability and applicability. In addition, they require app exercise every time running the taint analysis. This paper presents a new dynamic taint tracker called T-Recs, tracking information flows by recording and reconstructing the app execution. First, before the taint analysis, the app's runtime data are obtained by instrumenting logging code into the app's bytecode and running the app to be independent of specific Android versions and devices. Then, T-Recs performs the taint analysis accurately with the logged data and separately from the app exercise. This paper is an extended version of our work published. Previously, T-Recs' accuracy was mainly evaluated in privacy leak detection. The results show that T-Recs outperforms compared analyzers, which are FlowDroid (w/ and w/o IC3), Amandroid, DroidSafe, and TaintDroid (w/ and w/o IntelliDroid). This paper also involves DroidRA and IccTA. This paper shows that T-Recs detects ICC-and reflection-related leaks missed by FlowDroid in popular Google Play apps. The other static analyzers fail to analyze most of the apps. These experiments also indicate an advantage of T-Recs: its users can re-execute T-Recs' taint analysis without re-exercising the app. T-Recs' app-runtime overhead and parallel execution performance were also evaluated, and the results are acceptable.

show abstract

Taming Reflection

Cited by 13 publications

References 70 publications

Demystifying Hidden Sensitive Operations in Android Apps

Demystifying Hidden Sensitive Operations in Android Apps

DroidHook: a novel API-hook based Android malware dynamic analysis sandbox

Execution Recording and Reconstruction for Detecting Information Flows in Android Apps

Contact Info

Product

Resources

About