Controlling Interactions with Libraries in Android Apps Through Runtime Enforcement

ACM Transactions on Autonomous and Adaptive Systems (TAAS) Pub Date : 2019-11-21 DOI:10.1145/3368087

O. Riganelli, D. Micucci, L. Mariani

{"title":"Controlling Interactions with Libraries in Android Apps Through Runtime Enforcement","authors":"O. Riganelli, D. Micucci, L. Mariani","doi":"10.1145/3368087","DOIUrl":null,"url":null,"abstract":"Android applications are executed on smartphones equipped with a variety of resources that must be properly accessed and controlled, otherwise the correctness of the executions and the stability of the entire environment might be negatively affected. For example, apps must properly acquire, use, and release microphones, cameras, and other multimedia devices, otherwise the behavior of the apps that use the same resources might be compromised. Unfortunately, several apps do not use resources correctly, for instance, due to faults and inaccurate design decisions. By interacting with these apps, users may experience unexpected behaviors, which in turn may cause instability and sporadic failures, especially when resources are accessed. In this article, we present an approach that lets users protect their environment from the apps that use resources improperly by enforcing the correct usage protocol. This is achieved by using software enforcers that can observe executions and change them when necessary. For instance, enforcers can detect that a resource has been acquired but not released and automatically perform the release operation, thus giving the possibility to use that same resource to the other apps. The main idea is that software libraries, in particular, the ones controlling access to resources, can be augmented with enforcers that can be activated and deactivated on demand by users to protect their environment from unwanted app behaviors. We call the software libraries augmented with one or more enforcers proactive libraries, because the activation of the enforcer decorates the library with proactive behaviors that can guarantee the correctness of the execution despite the invocation of the operations implemented by the library. For example, enforcers can detect that a resource has not been released on time and proactively release it. Our experimental results with 27 possible misuses of resources in real Android apps reveal that proactive libraries are able to effectively correct library misuses with negligible runtime overheads.","PeriodicalId":377078,"journal":{"name":"ACM Transactions on Autonomous and Adaptive Systems (TAAS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Autonomous and Adaptive Systems (TAAS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3368087","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

Android applications are executed on smartphones equipped with a variety of resources that must be properly accessed and controlled, otherwise the correctness of the executions and the stability of the entire environment might be negatively affected. For example, apps must properly acquire, use, and release microphones, cameras, and other multimedia devices, otherwise the behavior of the apps that use the same resources might be compromised. Unfortunately, several apps do not use resources correctly, for instance, due to faults and inaccurate design decisions. By interacting with these apps, users may experience unexpected behaviors, which in turn may cause instability and sporadic failures, especially when resources are accessed. In this article, we present an approach that lets users protect their environment from the apps that use resources improperly by enforcing the correct usage protocol. This is achieved by using software enforcers that can observe executions and change them when necessary. For instance, enforcers can detect that a resource has been acquired but not released and automatically perform the release operation, thus giving the possibility to use that same resource to the other apps. The main idea is that software libraries, in particular, the ones controlling access to resources, can be augmented with enforcers that can be activated and deactivated on demand by users to protect their environment from unwanted app behaviors. We call the software libraries augmented with one or more enforcers proactive libraries, because the activation of the enforcer decorates the library with proactive behaviors that can guarantee the correctness of the execution despite the invocation of the operations implemented by the library. For example, enforcers can detect that a resource has not been released on time and proactively release it. Our experimental results with 27 possible misuses of resources in real Android apps reveal that proactive libraries are able to effectively correct library misuses with negligible runtime overheads.

查看原文本刊更多论文

通过运行时强制控制Android应用程序与库的交互

Android应用程序是在智能手机上执行的，智能手机上配备了各种各样的资源，这些资源必须得到适当的访问和控制，否则可能会对执行的正确性和整个环境的稳定性产生负面影响。例如，应用程序必须正确获取、使用和释放麦克风、摄像头和其他多媒体设备，否则使用相同资源的应用程序的行为可能会受到损害。不幸的是，一些应用程序不能正确使用资源，例如，由于错误和不准确的设计决策。通过与这些应用程序交互，用户可能会遇到意想不到的行为，这反过来可能导致不稳定和零星的故障，特别是在访问资源时。在本文中，我们提出了一种方法，允许用户通过执行正确的使用协议来保护他们的环境免受不正确使用资源的应用程序的影响。这是通过使用可以观察执行并在必要时更改它们的软件执行器来实现的。例如，执行者可以检测到资源已被获取但未被释放，并自动执行释放操作，从而为其他应用程序提供使用相同资源的可能性。其主要思想是软件库，特别是那些控制资源访问的软件库，可以通过强制执行器来增强，这些强制执行器可以根据用户的需要激活和停用，以保护他们的环境免受不必要的应用程序行为的影响。我们将带有一个或多个执行者的软件库称为主动库，因为执行者的激活用主动行为装饰了库，这些行为可以保证执行的正确性，尽管调用了库实现的操作。例如，执行者可以检测到资源没有及时释放，并主动释放它。我们对真实Android应用中27种可能的资源滥用的实验结果表明，主动库能够有效地纠正库的滥用，而运行时开销可以忽略不计。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Autonomous and Adaptive Systems (TAAS)

自引率

0.00%

发文量