Together strong: cooperative Android app analysis

Pauck, Felix; Wehrheim, Heike

doi:10.1145/3338906.3338915

Cited by 15 publications

(5 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A common strategy for dividing the search space in sequential or interleaved combinations is to restrict the subsequent verifiers to the yet uncovered search space, e.g., not yet covered test goals [12], open proof obligations [67], or yet unexplored program paths [8,10,19,31,33,41,42,47,53,71]. Some parallel combinations like CoDiDroid [80], distributed assertion checking [93], or the compositional tester sketched in conditional testing [12] decompose the verification statically into separate subtasks. Furthermore, some techniques split the search space to run different instances of the same analysis in parallel on different parts of the program.…”

Section: Related Workmentioning

confidence: 99%

Parallel Program Analysis via Range Splitting

Haltermann

Jakobs

Richter

et al. 2023

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Ranged symbolic execution has been proposed as a way of scaling symbolic execution by splitting the task of path exploration onto several workers running in parallel. The split is conducted along path ranges which – simply speaking – describe sets of paths. Workers can then explore path ranges in parallel.In this paper, we propose ranged analysis as the generalization of ranged symbolic execution to arbitrary program analyses. This allows us to not only parallelize a single analysis, but also run different analyses on different ranges of a program in parallel. Besides this generalization, we also provide a novel range splitting strategy operating along loop bounds, complementing the existing random strategy of the original proposal. We implemented ranged analysis within the tool CPAchecker and evaluated it on programs from the SV-COMP benchmark. The evaluation in particular shows the superiority of loop bounds splitting over random splitting. We furthermore find that compositions of ranged analyses can solve analysis tasks that none of the constituent analysis alone can solve.

show abstract

Section: Related Workmentioning

confidence: 99%

Parallel Program Analysis via Range Splitting

Haltermann

Jakobs

Richter

et al. 2023

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Pauck and Wehrheim proposed CoDiDroid, a framework for cooperative taint flow analysis for Android apps [38]. Within their framework, different analysis tools with specialized capabilities are combined as black-boxes.…”

Section: Related Workmentioning

confidence: 99%

CoVEGI: Cooperative Verification via Externally Generated Invariants

Haltermann

Wehrheim

2021

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Software verification has recently made enormous progress due to the development of novel verification methods and the speed-up of supporting technologies like SMT solving. To keep software verification tools up to date with these advances, tool developers keep on integrating newly designed methods into their tools, almost exclusively by re-implementing the method within their own framework. While this allows for a conceptual re-use of methods, it nevertheless requires novel implementations for every new technique.In this paper, we employ cooperative verification in order to avoid re-implementation and enable usage of novel tools as black-box components in verification. Specifically, cooperation is employed for the core ingredient of software verification which is invariant generation. Finding an adequate loop invariant is key to the success of a verification run. Our framework named CoVEGI allows a master verification tool to delegate the task of invariant generation to one or several specialized helper invariant generators. Their results are then utilized within the verification run of the master verifier, allowing in particular for crosschecking the validity of the invariant. We experimentally evaluate our framework on an instance with two masters and three different invariant generators using a number of benchmarks from SV-COMP 2020. The experiments show that the use of CoVEGI can increase the number of correctly verified tasks without increasing the used resources.

show abstract

“…In the area of Android taint analysis there exist many static (Arzt et al 2014;Wei et al 2014;Gordon et al 2015;Li et al 2015;Bosu et al 2017), dynamic (Enck et al 2014), and hybrid (Benz et al 2020;Pauck and Wehrheim 2019) analysis tools as well as a couple of benchmark suites (Arzt et al 2014;Wei et al 2014;Mitra and Ranganath 2017). We highlight the most prominent static analysis tools and benchmark suites with respect to taint analyses.…”

Section: Related Workmentioning

confidence: 99%

TaintBench: Automatic real-world malware benchmarking of Android taint analyses

et al. 2021

Self Cite

View full text Add to dashboard Cite

Due to the lack of established real-world benchmark suites for static taint analyses of Android applications, evaluations of these analyses are often restricted and hard to compare. Even in evaluations that do use real-world apps, details about the ground truth in those apps are rarely documented, which makes it difficult to compare and reproduce the results. To push Android taint analysis research forward, this paper thus recommends criteria for constructing real-world benchmark suites for this specific domain, and presents TaintBench, the first real-world malware benchmark suite with documented taint flows. TaintBench benchmark apps include taint flows with complex structures, and addresses static challenges that are commonly agreed on by the community. Together with the TaintBench suite, we introduce the TaintBench framework, whose goal is to simplify real-world benchmarking of Android taint analyses. First, a usability test shows that the framework improves experts’ performance and perceived usability when documenting and inspecting taint flows. Second, experiments using TaintBench reveal new insights for the taint analysis tools Amandroid and FlowDroid: (i) They are less effective on real-world malware apps than on synthetic benchmark apps. (ii) Predefined lists of sources and sinks heavily impact the tools’ accuracy. (iii) Surprisingly, up-to-date versions of both tools are less accurate than their predecessors.

show abstract

Together strong: cooperative Android app analysis

Cited by 15 publications

References 23 publications

Parallel Program Analysis via Range Splitting

Parallel Program Analysis via Range Splitting

CoVEGI: Cooperative Verification via Externally Generated Invariants

TaintBench: Automatic real-world malware benchmarking of Android taint analyses

Contact Info

Product

Resources

About