Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

6-2021

Abstract

Widely-used Android static program analysis tools,e.g., Amandroid and FlowDroid, perform the whole-app interprocedural analysis that is comprehensive but fundamentallydifficult to handle modern (large) apps. The average app size hasincreased three to four times over five years. In this paper, weexplore a new paradigm of targeted inter-procedural analysis thatcan skip irrelevant code and focus only on the flows of securitysensitive sink APIs. To this end, we propose a technique calledon-the-fly bytecode search, which searches the disassembled appbytecode text just in time when a caller needs to be located. In thisway, it guides targeted (and backward) inter-procedural analysisstep by step until reaching entry points, without relying on awhole-app graph. Such search-based inter-procedural analysis,however, is challenging due to Java polymorphism, callbacks,asynchronous flows, static initializers, and inter-component communication in Android apps. We overcome these unique obstaclesin our context by proposing a set of bytecode search mechanismsthat utilize flexible searches and forward object taint analysis.Atop this new inter-procedural analysis, we further adjust thetraditional backward slicing and forward constant propagation toprovide the complete dataflow tracking of sink API calls. We haveimplemented a prototype called BackDroid and compared it withAmandroid in analyzing 3,178 modern popular apps for cryptoand SSL misconfigurations. The evaluation shows that for suchsink-based problems, BackDroid is 37 times faster (2.13 v.s. 78.15minutes) and has no timed-out failure (v.s. 35% in Amandroid)while maintaining close or even better detection effectiveness.

Keywords

application programs, computer aided software engineering, data flow analysis

Discipline

Artificial Intelligence and Robotics | Computer and Systems Architecture | Graphics and Human Computer Interfaces | Information Security

Research Areas

Cybersecurity

Publication

Proceedings of the 51st IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021)

First Page

543

Last Page

554

ISBN

9781665435727

Identifier

10.1109/DSN48987.2021.00063

City or Country

Online

Share

COinS