research-article

StubDroid: automatic inference of precise data-flow summaries for the android framework

Authors:

Eric BoddenAuthors Info & Claims

ICSE '16: Proceedings of the 38th International Conference on Software Engineering

Pages 725 - 735

https://doi.org/10.1145/2884781.2884816

Published: 14 May 2016 Publication History

Abstract

Smartphone users suffer from insufficient information on how commercial as well as malicious apps handle sensitive data stored on their phones. Automated taint analyses address this problem by allowing users to detect and investigate how applications access and handle this data. A current problem with virtually all those analysis approaches is, though, that they rely on explicit models of the Android runtime library. In most cases, the existence of those models is taken for granted, despite the fact that the models are hard to come by: Given the size and evolution speed of a modern smartphone operating system it is prohibitively expensive to derive models manually from code or documentation.

In this work, we therefore present StubDroid, the first fully automated approach for inferring precise and efficient library models for taint-analysis problems. StubDroid automatically constructs these summaries from a binary distribution of the library. In our experiments, we use StubDroid-inferred models to prevent the static taint analysis FlowDroid from having to re-analyze the Android runtime library over and over again for each analyzed app. As the results show, the models make it possible to analyze apps in seconds whereas most complete re-analyses would time out after 30 minutes. Yet, StubDroid yields comparable precision. In comparison to manually crafted summaries, StubDroid's cause the analysis to be more precise and to use less time and memory.

References

[1]

S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, page 29. ACM, 2014.

Digital Library

[2]

W. Enck, P. Gilbert, B. gon Chun, L. P. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI, pages 393--407, 2010.

Digital Library

[3]

Y. Feng, S. Anand, I. Dillig, and A. Aiken. Apposcopy: Semantics-based detection of android malware. Technical report, Stanford University, 2013. submitted for publication.

[4]

A. P. Fuchs, A. Chaudhuri, and J. S. Foster. Scandroid: Automated security certification of android applications. Manuscript, Univ. of Maryland, http://www.cs.umd.edu/avik/projects/scandroidascaa, 2(3), 2009.

[5]

M. I. Gordon, D. Kim, J. Perkins, L. Gilham, N. Nguyen, and M. Rinard. Information-flow analysis of android applications in droidsafe. In Proc. of the Network and Distributed System Security Symposium (NDSS). The Internet Society, 2015.

[6]

W. Huang, Y. D. A. Milanova, and J. Dolby. Scalable and precise taint analysis for android. Technical report, Technical report, Department of Computer Science, Rensselaer Polytechnic Institute, 2015.

[7]

International Data Corporation. Worldwide quarterly mobile phone tracker 3q12, Nov. 2012. http://www.idc.com/tracker/showproductinfo.jsp?prod\_id=37.

[8]

J. Kim, Y. Yoon, K. Yi, and J. Shin. ScanDal: Static analyzer for detecting privacy leaks in android applications. In H. Chen, L. Koved, and D. S. Wallach, editors, MoST 2012: Mobile Security Technologies 2012, Los Alamitos, CA, USA, May 2012. IEEE.

[9]

D. King, B. Hicks, M. Hicks, and T. Jaeger. Implicit flows: Can't live with 'em, can't live without 'em. In R. Sekar and A. Pujari, editors, Information Systems Security, volume 5352 of Lecture Notes in Computer Science, pages 56--70. Springer Berlin Heidelberg, 2008.

Digital Library

[10]

P. Lam, E. Bodden, O. Lhoták, and L. Hendren. The soot framework for java program analysis: a retrospective. In Cetus Users and Compiler Infastructure Workshop (CETUS 2011), 2011.

[11]

G. T. Leavens, A. L. Baker, and C. Ruby. Jml: A notation for detailed design. In Behavioral specifications of Businesses and Systems, pages 175--188. Springer, 1999.

[12]

S. Lortz, H. Mantel, A. Starostin, T. Bähr, D. Schneider, and A. Weber. Cassandra: Towards a certifying app store for android. In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pages 93--104. ACM, 2014.

Digital Library

[13]

L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang. Chex: Statically vetting android apps for component hijacking vulnerabilities. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, pages 229--240, New York, NY, USA, 2012. ACM.

Digital Library

[14]

N. A. Naeem and O. Lhoták. Faster alias set analysis using summaries. In J. Knoop, editor, Compiler Construction, volume 6601 of Lecture Notes in Computer Science, pages 82--103. Springer Berlin Heidelberg, 2011.

Digital Library

[15]

T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In POPL '95, pages 49--61, 1995.

Digital Library

[16]

A. Rountev, M. Sharp, and G. Xu. Ide dataflow analysis in the presence of large object-oriented libraries. In L. Hendren, editor, Compiler Construction, volume 4959 of Lecture Notes in Computer Science, pages 53--68. Springer Berlin Heidelberg, 2008.

[17]

M. Sagiv, T. Reps, and S. Horwitz. Precise interprocedural dataflow analysis with applications to constant propagation. In TAPSOFT '95, pages 131--170, 1996.

Digital Library

[18]

M. Sridharan, S. Artzi, M. Pistoia, S. Guarnieri, O. Tripp, and R. Berg. F4f: Taint analysis of framework-based web applications. In Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA '11, pages 1053--1068, New York, NY, USA, 2011. ACM.

Digital Library

[19]

O. Tripp, M. Pistoia, P. Cousot, R. Cousot, and S. Guarnieri. Andromeda: Accurate and scalable security analysis of web applications. In FASE 2013, pages 210--225, 2013.

Digital Library

[20]

M. Zhang and H. Yin. Appsealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in android applications. Proceedings of the 21st Network and Distributed System Security (NDSS) Symposium, 2014.

[21]

Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In SP '12, pages 95--109, Washington, DC, USA, 2012. IEEE Computer Society.

Digital Library

[22]

H. Zhu, T. Dillig, and I. Dillig. Automated inference of library specifications for source-sink property verification. In C.-c. Shan, editor, Programming Languages and Systems, volume 8301 of Lecture Notes in Computer Science, pages 290--306. Springer International Publishing, 2013.

Digital Library

Cited By

Wang CZhang JWu RZhang C(2024)DAInfer: Inferring API Aliasing Specifications from Library Documentation via Neurosymbolic OptimizationProceedings of the ACM on Software Engineering10.1145/36608161:FSE(2469-2492)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660816
Samhi JJust RBissyandé TErnst MKlein JChristakis MPradel M(2024)Call Graph Soundness in Android Static AnalysisProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680333(945-957)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680333
Tang WDong DLi SWang CYao PZhou JZhang C(2024) Octopus: Scaling Value-Flow Analysis via Parallel Collection of Realizable Path ConditionsACM Transactions on Software Engineering and Methodology10.1145/363274333:3(1-33)Online publication date: 24-Jan-2024
https://dl.acm.org/doi/10.1145/3632743
Show More Cited By

Index Terms

StubDroid: automatic inference of precise data-flow summaries for the android framework
1. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning
      1. Program analysis
    2. Program semantics

Recommendations

Rethinking Soot for summary-based whole-program analysis
SOAP '12: Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis

Whole-program static analysis has been extensively studied and widely used in the past few decades. For modern object-oriented programs, scalability has become an important issue for using whole-program analysis in real-world tools. In addition, the ...
JN-SAF: Precise and Efficient NDK/JNI-aware Inter-language Static Analysis Framework for Security Vetting of Android Applications with Native Code
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

Android allows application developers to use native language (C/C++) to implement a part or the complete program. Recent research and our own statistics show that native payloads are commonly used in both benign and malicious apps. Current state-of-the-...
Relda2: an effective static analysis tool for resource leak detection in Android apps
ASE '16: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering

Resource leak is a common bug in Android applications (apps for short). In general, it is caused by missing release operations of the resources provided by Android (like Camera, Media Player and Sensors) that require programmers to explicitly release ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE '16: Proceedings of the 38th International Conference on Software Engineering

May 2016

1235 pages

ISBN:9781450339001

DOI:10.1145/2884781

General Chair:
Laura Dillon
Michigan State University
,
Program Chairs:
Willem Visser
Stellenbosch University, South Africa
,
Laurie Williams
North Carolina State University

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACM: Association for Computing Machinery
SIGSOFT: ACM Special Interest Group on Software Engineering
IEEE-CS\TCSE: TC on Software Engineering
IEEE-CS\DATC: IEEE Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

ICSE '16

Sponsor:

ACM
SIGSOFT
IEEE-CS\TCSE
IEEE-CS\DATC

ICSE '16: 38th International Conference on Software Engineering

May 14 - 22, 2016

Texas, Austin

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

53
Total Citations
View Citations
561
Total Downloads

Downloads (Last 12 months)57
Downloads (Last 6 weeks)8

Reflects downloads up to 13 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang CZhang JWu RZhang C(2024)DAInfer: Inferring API Aliasing Specifications from Library Documentation via Neurosymbolic OptimizationProceedings of the ACM on Software Engineering10.1145/36608161:FSE(2469-2492)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660816
Samhi JJust RBissyandé TErnst MKlein JChristakis MPradel M(2024)Call Graph Soundness in Android Static AnalysisProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680333(945-957)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680333
Tang WDong DLi SWang CYao PZhou JZhang C(2024) Octopus: Scaling Value-Flow Analysis via Parallel Collection of Realizable Path ConditionsACM Transactions on Software Engineering and Methodology10.1145/363274333:3(1-33)Online publication date: 24-Jan-2024
https://dl.acm.org/doi/10.1145/3632743
Sofaer RDavid YKang MYu JCao YYang JNieh JRoychoudhury APaiva AAbreu RStorey M(2024)RogueOne: Detecting Rogue Updates via Differential Data-flow Analysis Using Trust DomainsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639199(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639199
Wu RHe YHuang JWang CTang WShi QXiao XZhang CRoychoudhury APaiva AAbreu RStorey M(2024)LibAlchemy: A Two-Layer Persistent Summary Design for Taming Third-Party Libraries in Static Bug-Finding SystemsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639132(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639132
Ami AMoran KPoshyvanyk DNadkarni A(2024)"False negative - that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00019(3979-3997)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00019
Zhang ZMa HWu DGao DYi XChen YWu YJiang L(2024)MtdScout: Complementing the Identification of Insecure Methods in Android Apps via Source-to-Bytecode Signature Generation and Tree-based Layered Search2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP60621.2024.00045(724-740)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSP60621.2024.00045
Li HLu JMeng HCao LLi LGao L(2024)Boosting the Performance of Multi-Solver IFDS Algorithms with Flow-Sensitivity Optimizations2024 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)10.1109/CGO57630.2024.10444884(296-307)Online publication date: 2-Mar-2024
https://doi.org/10.1109/CGO57630.2024.10444884
Meng HLi HLu JShi CCao LLi LGao L(2024)AutoWeb: Automatically Inferring Web Framework Semantics via Configuration MutationEngineering of Complex Computer Systems10.1007/978-3-031-66456-4_20(369-389)Online publication date: 29-Sep-2024
https://doi.org/10.1007/978-3-031-66456-4_20
Meier SMover SKaki GChang B(2023)Historia: Refuting Callback Reachability with Message-History LogicsProceedings of the ACM on Programming Languages10.1145/36228657:OOPSLA2(1905-1934)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622865
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents