Instrumenting Android and Java Applications as Easy as abc - Runtime Verification

Information Technology Reference

In-Depth Information

The techniques shown in this paper can not only be used for security purposes,

but also for code optimization and analysis in general. Many optimizations like

constant propagation or dead code elimination are already built into Soot, mak-

ing instrumentations easier for the user.

8 Examples

The SMS Messenger example (RV2013) as well as the instrumentation

examples can be downloaded from https://github.com/secure-software-

engineering/android-instrumentation-tutorial

References

1. International Data Corporation: Worldwide quarterly mobile phone tracker 3q12

(November 2012), http://www.idc.com/tracker/showproductinfo.jsp?prod

id=37

2. Bit9: Pausing google play: More than 100,000 android apps may pose security risks

(November 2012), http://www.bit9.com/pausing-google-play/

3. Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: Chex: statically vetting android apps for

component hijacking vulnerabilities. In: Proceedings of the 2012 ACM Conference

on Computer and Communications Security, pp. 229-240. ACM (2012)

4. Kim, J., Yoon, Y., Yi, K., Shin, J., Center, S.: Scandal: Static analyzer for de-

tecting privacy leaks in android applications. In: Proceedings of the Workshop on

Mobile Security Technologies (MoST), in Conjunction with the IEEE Symposium

on Security and Privacy (2012)

5. Yang, Z., Yang, M.: Leakminer: Detect information leakage on android with static

taint analysis. In: IEEE 2012 Third World Congress on Software Engineering

(WCSE), pp. 101-104 (2012)

6. Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.:

Taintdroid: an information-flow tracking system for realtime privacy monitoring

on smartphones. In: Proceedings of the 9th USENIX Conference on Operating

Systems Design and Implementation. OSDI 2010, pp. 1-6. USENIX Association,

Berkeley (2010)

7. Xu, R., Saıdi, H., Anderson, R.: Aurasium: practical policy enforcement for an-

droid applications. In: Proceedings of the 21st USENIX Conference on Security

Symposium, Security 2012, pp. 27-27. USENIX Association, Berkeley (2012)

8. Lam, P., Bodden, E., Lhotak, O., Hendren, L.: The soot framework for java program

analysis: a retrospective. In: Cetus Users and Compiler Infastructure Workshop,

CETUS 2011 (October 2011)

9. Allan, C., et al.: Abc: the aspectbench compiler for aspectj. In: Gluck, R., Lowry,

M. (eds.) GPCE 2005. LNCS, vol. 3676, pp. 10-16. Springer, Heidelberg (2005)

10. Android: Android security overview (December 2012),

http://source.android.com/tech/security/

11. Goolge Inc.: Google play (December 2012), https://play.google.com/

12. Bodden, E., Hermann, B., Lerch, J., Mezini, M.: Reducing human factors in software

security architectures. In: Future Security Conference (to appear, September 2013)

13. Oh, H.S., Kim, B.J., Choi, H.K., Moon, S.M.: Evaluation of android dalvik virtual

machine. In: Proceedings of the 10th International Workshop on Java Technologies

for Real-time and Embedded Systems, JTRES 2012, pp. 115-124 (2012)

Runtime Verification

Search WWH ::

Custom Search

Home