Wu et al., 2021 - Google Patents
When program analysis meets bytecode search: Targeted and efficient inter-procedural analysis of modern Android apps in BackDroidWu et al., 2021
View PDF- Document ID
- 18395402061778519130
- Author
- Wu D
- Gao D
- Deng R
- KC C
- Publication year
- Publication venue
- 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
External Links
Snippet
Widely-used Android static program analysis tools, eg, Amandroid and FlowDroid, perform the whole-app inter-procedural analysis that is comprehensive but fundamentally difficult to handle modern (large) apps. The average app size has increased three to four times over …
- 238000004458 analytical method 0 title abstract description 130
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3676—Test management for coverage analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3612—Software analysis for verifying properties of programs by runtime analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformations of program code
- G06F8/41—Compilation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Petsios et al. | Slowfuzz: Automated domain-independent detection of algorithmic complexity vulnerabilities | |
| Shoshitaishvili et al. | Sok:(state of) the art of war: Offensive techniques in binary analysis | |
| Chandramohan et al. | Bingo: Cross-architecture cross-os binary search | |
| Wu et al. | When program analysis meets bytecode search: Targeted and efficient inter-procedural analysis of modern Android apps in BackDroid | |
| Zhang et al. | How well does LLM generate security tests? | |
| Hawblitzel et al. | Ironclad apps:{End-to-End} security via automated {Full-System} verification | |
| Li et al. | I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis | |
| Clause et al. | Dytan: a generic dynamic taint analysis framework | |
| Schwartz et al. | All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask) | |
| Liang et al. | Deepfuzzer: Accelerated deep greybox fuzzing | |
| Luo et al. | Tchecker: Precise static inter-procedural analysis for detecting taint-style vulnerabilities in php applications | |
| Zhang et al. | {CryptoREX}: Large-scale analysis of cryptographic misuse in {IoT} devices | |
| Jin et al. | Exgen: Cross-platform, automated exploit generation for smart contract vulnerabilities | |
| Ali-Gombe et al. | Toward a more dependable hybrid analysis of android malware using aspect-oriented programming | |
| Kang et al. | Scaling javascript abstract interpretation to detect and exploit node. js taint-style vulnerability | |
| Hassanshahi et al. | Web-to-application injection attacks on android: Characterization and detection | |
| CN111859380B (en) | Zero false alarm detection method for Android App loopholes | |
| Alhanahnah et al. | Dina: Detecting hidden android inter-app communication in dynamic loaded code | |
| Zeng et al. | Palantír: Optimizing attack provenance with hardware-enhanced system observability | |
| Wu et al. | Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing | |
| Zhou et al. | Finding the missing piece: Permission specification analysis for android NDK | |
| Qiang et al. | Patch-related vulnerability detection based on symbolic execution | |
| Gibbs et al. | Operation mango: Scalable discovery of {Taint-Style} vulnerabilities in binary firmware services | |
| Ibrahim et al. | Microarchitectural leakage templates and their application to cache-based side channels | |
| Ye et al. | FunFuzz: A Function-Oriented Fuzzer for Smart Contract Vulnerability Detection with High Effectiveness and Efficiency |