A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications

2017 IEEE 30th Computer Security Foundations Symposium (CSF) Pub Date : 2017-05-30 DOI:10.1109/CSF.2017.19

Stefano Calzavara, Ilya Grishchenko, Adrien Koutsos, Matteo Maffei

{"title":"A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications","authors":"Stefano Calzavara, Ilya Grishchenko, Adrien Koutsos, Matteo Maffei","doi":"10.1109/CSF.2017.19","DOIUrl":null,"url":null,"abstract":"The present paper proposes the first static analysis for Android applications which is both flow-sensitive on the heap abstraction and provably sound with respect to a rich formal model of the Android platform. We formulate the analysis as a set of Horn clauses defining a sound over-approximation of the semantics of the Android application to analyse, borrowing ideas from recency abstraction and extending them to our concurrent setting. Moreover, we implement the analysis in HornDroid, a state-of-the-art information flow analyser for Android applications. Our extension allows HornDroid to perform strong updates on heap-allocated data structures, thus significantly increasing its precision, without sacrificing its soundness guarantees. We test our implementation on DroidBench, a popular benchmark of Android applications developed by the research community, and we show that our changes to HornDroid lead to an improvement in the precision of the tool, while having only a moderate cost in terms of efficiency. Finally, we assess the scalability of our tool to the analysis of real applications.","PeriodicalId":269696,"journal":{"name":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","volume":"11 7","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF.2017.19","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

The present paper proposes the first static analysis for Android applications which is both flow-sensitive on the heap abstraction and provably sound with respect to a rich formal model of the Android platform. We formulate the analysis as a set of Horn clauses defining a sound over-approximation of the semantics of the Android application to analyse, borrowing ideas from recency abstraction and extending them to our concurrent setting. Moreover, we implement the analysis in HornDroid, a state-of-the-art information flow analyser for Android applications. Our extension allows HornDroid to perform strong updates on heap-allocated data structures, thus significantly increasing its precision, without sacrificing its soundness guarantees. We test our implementation on DroidBench, a popular benchmark of Android applications developed by the research community, and we show that our changes to HornDroid lead to an improvement in the precision of the tool, while having only a moderate cost in terms of efficiency. Finally, we assess the scalability of our tool to the analysis of real applications.

查看原文本刊更多论文

用于Android应用程序静态分析的可靠的流敏感堆抽象

本文提出了Android应用程序的第一个静态分析，它在堆抽象上是流敏感的，并且相对于Android平台的丰富形式化模型来说是可靠的。我们将分析表述为一组Horn子句，这些子句定义了要分析的Android应用程序的语义的合理过度近似值，从近因抽象中借用一些想法并将其扩展到我们的并发设置中。此外，我们在HornDroid中实现了分析，HornDroid是Android应用程序的最先进的信息流分析器。我们的扩展允许HornDroid在堆分配的数据结构上执行强大的更新，从而显着提高其精度，而不会牺牲其可靠性保证。我们在DroidBench上测试了我们的实现，DroidBench是研究社区开发的一个流行的Android应用程序基准，我们表明，我们对HornDroid的更改导致了工具精度的提高，同时在效率方面只有适度的成本。最后，我们评估了我们的工具在实际应用分析中的可扩展性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 IEEE 30th Computer Security Foundations Symposium (CSF)

自引率

0.00%

发文量