{"title":"扩展任意Android应用分析","authors":"Felix Pauck","doi":"10.1145/3551349.3561339","DOIUrl":null,"url":null,"abstract":"More apps are published every day and the functionality of each app increases steadily as well. Consequently app analyses are often overwhelmed when confronted with up-to-date, real-world apps. One of the biggest issues originates from the scalability of analyses with respect to libraries. Analyses, more precisely the tools implementing them, cannot distinguish the app’s code from the code of a library. Always analyzing the whole code base is the result. However, this is usually not necessary, for example, when a security property is checked, trusted libraries must not be analyzed. We propose an approach to differentiate an app’s code from a library’s code. The approach is based on clone detection and implemented in our prototype APK-Simplifier. As the evaluation shows APK-Simplifier can be employed in a cooperative analysis to remove library code and to enhance arbitrary analysis tools’ scalability. In fact, five analysis tools have been enabled to analyze five up-to-date, real-world apps they could not analyze before. Still, it is alerting that the majority of such apps remains not analyzable as also shown during evaluation.","PeriodicalId":197939,"journal":{"name":"Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Scaling Arbitrary Android App Analyses\",\"authors\":\"Felix Pauck\",\"doi\":\"10.1145/3551349.3561339\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"More apps are published every day and the functionality of each app increases steadily as well. Consequently app analyses are often overwhelmed when confronted with up-to-date, real-world apps. One of the biggest issues originates from the scalability of analyses with respect to libraries. Analyses, more precisely the tools implementing them, cannot distinguish the app’s code from the code of a library. Always analyzing the whole code base is the result. However, this is usually not necessary, for example, when a security property is checked, trusted libraries must not be analyzed. We propose an approach to differentiate an app’s code from a library’s code. The approach is based on clone detection and implemented in our prototype APK-Simplifier. As the evaluation shows APK-Simplifier can be employed in a cooperative analysis to remove library code and to enhance arbitrary analysis tools’ scalability. In fact, five analysis tools have been enabled to analyze five up-to-date, real-world apps they could not analyze before. Still, it is alerting that the majority of such apps remains not analyzable as also shown during evaluation.\",\"PeriodicalId\":197939,\"journal\":{\"name\":\"Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3551349.3561339\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3551349.3561339","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
More apps are published every day and the functionality of each app increases steadily as well. Consequently app analyses are often overwhelmed when confronted with up-to-date, real-world apps. One of the biggest issues originates from the scalability of analyses with respect to libraries. Analyses, more precisely the tools implementing them, cannot distinguish the app’s code from the code of a library. Always analyzing the whole code base is the result. However, this is usually not necessary, for example, when a security property is checked, trusted libraries must not be analyzed. We propose an approach to differentiate an app’s code from a library’s code. The approach is based on clone detection and implemented in our prototype APK-Simplifier. As the evaluation shows APK-Simplifier can be employed in a cooperative analysis to remove library code and to enhance arbitrary analysis tools’ scalability. In fact, five analysis tools have been enabled to analyze five up-to-date, real-world apps they could not analyze before. Still, it is alerting that the majority of such apps remains not analyzable as also shown during evaluation.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
