JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis
| العنوان: | JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis |
|---|---|
| المؤلفون: | Jordan Samhi, Jun Gao, Nadia Daoudi, Pierre Graux, Henri Hoyez, Xiaoyu Sun, Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein |
| المساهمون: | Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg [Luxembourg], Extra Small Extra Safe (2XS), Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 (CRIStAL), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS)-Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), Technische Universität Kaiserslautern (TU Kaiserslautern), Monash University [Clayton], Fonds National de la Recherche - FnR [sponsor], Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Trustworthy Software Engineering (TruX) [research center] |
| المصدر: | the 44th International Conference on Software Engineering 2022 (ICSE 2022) the 44th International Conference on Software Engineering 2022 (ICSE 2022), May 2022, Pittsburgh, PA, United States |
| بيانات النشر: | HAL CCSD, 2022. |
| سنة النشر: | 2022 |
| مصطلحات موضوعية: | Computer science [C05] [Engineering, computing & technology], Software Engineering (cs.SE), FOS: Computer and information sciences, Computer Science - Software Engineering, Static Analysis, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], Android Security, Android code unification, Sciences informatiques [C05] [Ingénierie, informatique & technologie] |
| الوصف: | Native code is now commonplace within Android app packages where it co-exists and interacts with Dex bytecode through the Java Native Interface to deliver rich app functionalities. Yet, state-of-the-art static analysis approaches have mostly overlooked the presence of such native code, which, however, may implement some key sensitive, or even malicious, parts of the app behavior. This limitation of the state of the art is a severe threat to validity in a large range of static analyses that do not have a complete view of the executable code in apps. To address this issue, we propose a new advance in the ambitious research direction of building a unified model of all code in Android apps. The JuCify approach presented in this paper is a significant step towards such a model, where we extract and merge call graphs of native code and bytecode to make the final model readily-usable by a common Android analysis framework: in our implementation, JuCify builds on the Soot internal intermediate representation. We performed empirical investigations to highlight how, without the unified model, a significant amount of Java methods called from the native code are "unreachable" in apps' call-graphs, both in goodware and malware. Using JuCify, we were able to enable static analyzers to reveal cases where malware relied on native code to hide invocation of payment library code or of other sensitive code in the Android framework. Additionally, JuCify's model enables state-of-the-art tools to achieve better precision and recall in detecting data leaks through native code. Finally, we show that by using JuCify we can find sensitive data leaks that pass through native code. Comment: In the proceedings of the 44th International Conference on Software Engineering 2022 (ICSE 2022) |
| اللغة: | English |
| URL الوصول: | https://explore.openaire.eu/search/publication?articleId=doi_dedup___::0be88a86535b8789803000d0fa9b3a8a https://hal.univ-lille.fr/hal-03522693 |
| حقوق: | OPEN |
| رقم الأكسشن: | edsair.doi.dedup.....0be88a86535b8789803000d0fa9b3a8a |
| قاعدة البيانات: | OpenAIRE |
| الوصف غير متاح. |