TY - GEN
T1 - Boosting static analysis of Android apps through code instrumentation
AU - Li, Li
N1 - Publisher Copyright:
© 2016 ACM.
PY - 2016/5/14
Y1 - 2016/5/14
N2 - Static analysis has been applied to dissect Android apps for many years. The main advantage of using static analysis is its efficiency and entire code coverage characteristics. However, the community has not yet produced complete tools to perform in-depth static analysis, putting users at risk to malicious apps. Because of the diverse challenges caused by Android apps, it is hard for a single tool to efficiently address all of them. Thus, in this work, we propose to boost static analysis of Android apps through code instrumentation, in which the knotty code can be reduced or simplified into an equivalent but analyzable code. Consequently, existing static analyzers, without any modification, can be leveraged to perform extensive analysis, although originally they cannot. Previously, we have successfully applied instrumentation for two challenges of static analysis of Android apps: Inter-Component Communication (ICC) and Reflection. However, these two case studies are implemented separately and the implementation is not reusable, letting some functionality, that could be reused from one to another, be reinvented and thus lots of resources are wasted. To this end, in this work, we aim at providing a generic and non-invasive approach for existing static analyzers, enabling them to perform more broad analysis.
AB - Static analysis has been applied to dissect Android apps for many years. The main advantage of using static analysis is its efficiency and entire code coverage characteristics. However, the community has not yet produced complete tools to perform in-depth static analysis, putting users at risk to malicious apps. Because of the diverse challenges caused by Android apps, it is hard for a single tool to efficiently address all of them. Thus, in this work, we propose to boost static analysis of Android apps through code instrumentation, in which the knotty code can be reduced or simplified into an equivalent but analyzable code. Consequently, existing static analyzers, without any modification, can be leveraged to perform extensive analysis, although originally they cannot. Previously, we have successfully applied instrumentation for two challenges of static analysis of Android apps: Inter-Component Communication (ICC) and Reflection. However, these two case studies are implemented separately and the implementation is not reusable, letting some functionality, that could be reused from one to another, be reinvented and thus lots of resources are wasted. To this end, in this work, we aim at providing a generic and non-invasive approach for existing static analyzers, enabling them to perform more broad analysis.
UR - https://www.scopus.com/pages/publications/85018428932
U2 - 10.1145/2889160.2889258
DO - 10.1145/2889160.2889258
M3 - 会议稿件
AN - SCOPUS:85018428932
T3 - Proceedings - International Conference on Software Engineering
SP - 819
EP - 822
BT - Proceedings - 5th International Workshop on Green and Sustainable Software, GREENS 2016
PB - IEEE Computer Society
T2 - 2016 IEEE/ACM 38th IEEE International Conference on Software Engineering, ICSE 2016
Y2 - 14 May 2016 through 22 May 2016
ER -