A fine-grained approach for Android taint analysis based on labeled taint value graphs

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-10-19 DOI:10.1016/j.cose.2024.104162

Dongming Xiang , Shuai Lin , Ke Huang , Zuohua Ding , Guanjun Liu , Xiaofeng Li

{"title":"A fine-grained approach for Android taint analysis based on labeled taint value graphs","authors":"Dongming Xiang , Shuai Lin , Ke Huang , Zuohua Ding , Guanjun Liu , Xiaofeng Li","doi":"10.1016/j.cose.2024.104162","DOIUrl":null,"url":null,"abstract":"<div><div>Static taint analysis is a widely used method to identify vulnerabilities in Android applications. However, the existing tools for static analysis often struggle with processing times, particularly when dealing with complex real-world programs. To reduce time consumption, some tools choose to sacrifice analytical precision, e.g., FastDroid sets an upper limit for analysis iterations in Android applications. In this paper, we propose a labeled taint value graph (LTVG) to store taint flows, and implement a fine-grained analysis tool called <em>LabeledDroid</em>. This graph is constructed based on the <em>taint value graph</em> (TVG) of FastDroid, and takes into account both precision and time consumption. That is, we decompile an Android app into Jimple statements, develop fine-grained propagation rules to handle <em>List</em>, and construct LTVGs according to these rules. Afterwards, we traverse LTVGs to obtain high-precision taint flows. An analysis of 39 apps from the TaintBench benchmark shows that LabeledDroid is 0.87 s faster than FastDroid on average. Furthermore, if some common accuracy parameters are adapted in both LabeledDroid and FastDroid, the experiment demonstrates that the former is more scalable. Moreover, the maximum analysis time of LabeledDroid is less than 200 s and its average time is 46.25 s, while FastDroid sometimes experiences timeouts with durations longer than 600 s. Additionally, LabeledDroid achieves a precision of 70% in handling lists, while FastDroid and TaintSA achieve precisions of 38.9% and 41.2%, respectively.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016740482400467X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Static taint analysis is a widely used method to identify vulnerabilities in Android applications. However, the existing tools for static analysis often struggle with processing times, particularly when dealing with complex real-world programs. To reduce time consumption, some tools choose to sacrifice analytical precision, e.g., FastDroid sets an upper limit for analysis iterations in Android applications. In this paper, we propose a labeled taint value graph (LTVG) to store taint flows, and implement a fine-grained analysis tool called LabeledDroid. This graph is constructed based on the taint value graph (TVG) of FastDroid, and takes into account both precision and time consumption. That is, we decompile an Android app into Jimple statements, develop fine-grained propagation rules to handle List, and construct LTVGs according to these rules. Afterwards, we traverse LTVGs to obtain high-precision taint flows. An analysis of 39 apps from the TaintBench benchmark shows that LabeledDroid is 0.87 s faster than FastDroid on average. Furthermore, if some common accuracy parameters are adapted in both LabeledDroid and FastDroid, the experiment demonstrates that the former is more scalable. Moreover, the maximum analysis time of LabeledDroid is less than 200 s and its average time is 46.25 s, while FastDroid sometimes experiences timeouts with durations longer than 600 s. Additionally, LabeledDroid achieves a precision of 70% in handling lists, while FastDroid and TaintSA achieve precisions of 38.9% and 41.2%, respectively.

查看原文本刊更多论文

基于标记污点值图的安卓污点分析精细方法

静态污点分析是一种广泛应用于识别安卓应用程序漏洞的方法。然而，现有的静态分析工具在处理时间上往往很吃力，尤其是在处理复杂的现实世界程序时。为了减少时间消耗，一些工具选择牺牲分析精度，例如，FastDroid 为安卓应用程序的分析迭代设置了上限。在本文中，我们提出了一种标记污点值图（LTVG）来存储污点流，并实现了一种名为 LabeledDroid 的细粒度分析工具。该图基于 FastDroid 的污点值图（TVG）构建，同时考虑了精度和时间消耗。也就是说，我们将 Android 应用程序反编译为 Jimple 语句，制定细粒度传播规则来处理 List，并根据这些规则构建 LTVG。然后，我们遍历 LTVGs 以获得高精度的污点流。对 TaintBench 基准测试中 39 个应用程序的分析表明，LabeledDroid 比 FastDroid 平均快 0.87 秒。此外，如果在 LabeledDroid 和 FastDroid 中调整一些共同的精度参数，实验表明前者的可扩展性更高。此外，LabeledDroid 的最长分析时间小于 200 秒，平均分析时间为 46.25 秒，而 FastDroid 有时会出现超过 600 秒的超时。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.