Towards cross-platform cross-language analysis with soot

Abstract

To assess the security and quality of the growing number of programs on desktop computers, mobile devices, and servers, companies often rely on static analysis techniques. While static analysis has been applied successfully to various problems, the academic literature has largely focused on a subset of programming languages and frameworks, and often only on a single language at a time. Many tools have been created for Java and Android. In this paper, we present a first step toward re-using the existing Soot framework and its analyses for other platforms. We implement a frontend for converting the CIL assembly code of the .net Framework into Soot's Jimple code and show that this is possible without modifying Jimple nor overly losing semantic information. The frontend integrates Java/Android with CIL analysis and scales to large programs. A case study demonstrates the detection of real-world malware that uses CIL code inside an Android app to hide its behavior.