StubDroid: Automatic Inference of Precise Data-Flow Summaries for the Android Framework
Smartphone users suffer from insucient information on how commercial as well as malicious apps handle sensitive data stored on their phones. Automated taint analyses address this problem by allowing users to detect and investigate how applications access and handle this data. A current problem with...
Saved in:
| Published in: | Proceedings / International Conference on Software Engineering pp. 725 - 735 |
|---|---|
| Main Authors: | , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
ACM
01.05.2016
|
| Subjects: | |
| ISSN: | 1558-1225 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | Smartphone users suffer from insucient information on how commercial as well as malicious apps handle sensitive data stored on their phones. Automated taint analyses address this problem by allowing users to detect and investigate how applications access and handle this data. A current problem with virtually all those analysis approaches is, though, that they rely on explicit models of the Android runtime library. In most cases, the existence of those models is taken for granted, despite the fact that the models are hard to come by: Given the size and evolution speed of a modern smartphone operating system it is prohibitively expensive to derive models manually from code or documentation. In this work, we therefore present StubDroid, the first fully automated approach for inferring precise and efficient library models for taint-analysis problems. StubDroid automatically constructs these summaries from a binary distribution of the library. In our experiments, we use StubDroid-inferred models to prevent the static taint analysis FlowDroid from having to re-analyze the Android runtime library over and over again for each analyzed app. As the results show, the models make it possible to analyze apps in seconds whereas most complete re-analyses would time out after 30 minutes. Yet, StubDroid yields comparable precision. In comparison to manually crafted summaries, StubDroid's cause the analysis to be more precise and to use less time and memory. |
|---|---|
| AbstractList | Smartphone users suffer from insucient information on how commercial as well as malicious apps handle sensitive data stored on their phones. Automated taint analyses address this problem by allowing users to detect and investigate how applications access and handle this data. A current problem with virtually all those analysis approaches is, though, that they rely on explicit models of the Android runtime library. In most cases, the existence of those models is taken for granted, despite the fact that the models are hard to come by: Given the size and evolution speed of a modern smartphone operating system it is prohibitively expensive to derive models manually from code or documentation. In this work, we therefore present StubDroid, the first fully automated approach for inferring precise and efficient library models for taint-analysis problems. StubDroid automatically constructs these summaries from a binary distribution of the library. In our experiments, we use StubDroid-inferred models to prevent the static taint analysis FlowDroid from having to re-analyze the Android runtime library over and over again for each analyzed app. As the results show, the models make it possible to analyze apps in seconds whereas most complete re-analyses would time out after 30 minutes. Yet, StubDroid yields comparable precision. In comparison to manually crafted summaries, StubDroid's cause the analysis to be more precise and to use less time and memory. |
| Author | Arzt, Steven Bodden, Eric |
| Author_xml | – sequence: 1 givenname: Steven surname: Arzt fullname: Arzt, Steven email: steven.arzt@cased.de organization: Secure Software Eng. Group, Tech. Univ. Darmstadt, Darmstadt, Germany – sequence: 2 givenname: Eric surname: Bodden fullname: Bodden, Eric email: eric.bodden@uni-paderborn.de organization: Secure Software Eng. Group, Tech. Univ. Darmstadt, Darmstadt, Germany |
| BookMark | eNotjkFLwzAYhqMouM2dPXjJH-hMmqT94q1sVgcDhSkeR9J-wejaSJox_Pd26Onh4YWHd0ou-tAjITecLTiX6i4HkCXwxYnAizMy16NKxYTQjPFzMuFKQcbzXF2R6TB8MsYKqfWEvG_Twa5i8O09rQ4pdCb5hq57hxH7Bmlw9CVi4wekK5NMVu_DkW4PXWeix4G6EGn6QFr17alB62g6PIb4dU0undkPOP_njLzVD6_Lp2zz_LheVpvM5LJMmQFbSFZqJ9GAlugAW-mAQWkNd-NmGmXB6taKBrTJNYBzLRZKCOa4smJGbv-6HhF339GPx352JUABgotfCXVTTA |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1145/2884781.2884816 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9781450339001 145033900X |
| EISSN | 1558-1225 |
| EndPage | 735 |
| ExternalDocumentID | 7886831 |
| Genre | orig-research |
| GroupedDBID | -~X .4S .DC 123 23M 29O 5VS 6IE 6IF 6IH 6IK 6IL 6IM 6IN 8US AAJGR AAWTH ABLEC ADZIZ AFFNX ALMA_UNASSIGNED_HOLDINGS APO ARCSS AVWKF BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO EDO FEDTE I-F I07 IEGSK IJVOP IPLJI M43 OCL RIE RIL RIO RNS XOL |
| ID | FETCH-LOGICAL-a247t-a8b64079f4ea894ef8ed4f8087ba1fb64ac5b8b9db3c89a2988ffde65330f15b3 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 54 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000406138600001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 02:07:14 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a247t-a8b64079f4ea894ef8ed4f8087ba1fb64ac5b8b9db3c89a2988ffde65330f15b3 |
| PageCount | 11 |
| ParticipantIDs | ieee_primary_7886831 |
| PublicationCentury | 2000 |
| PublicationDate | 2016-May |
| PublicationDateYYYYMMDD | 2016-05-01 |
| PublicationDate_xml | – month: 05 year: 2016 text: 2016-May |
| PublicationDecade | 2010 |
| PublicationTitle | Proceedings / International Conference on Software Engineering |
| PublicationTitleAbbrev | ICSE |
| PublicationYear | 2016 |
| Publisher | ACM |
| Publisher_xml | – name: ACM |
| SSID | ssj0006499 |
| Score | 2.2948825 |
| Snippet | Smartphone users suffer from insucient information on how commercial as well as malicious apps handle sensitive data stored on their phones. Automated taint... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 725 |
| SubjectTerms | Analytical models Androids framework model Humanoid robots Libraries library model inference Operating systems Smart phones Software engineering Static analysis summary |
| Title | StubDroid: Automatic Inference of Precise Data-Flow Summaries for the Android Framework |
| URI | https://ieeexplore.ieee.org/document/7886831 |
| WOSCitedRecordID | wos000406138600001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV09T8MwELVKxcBUoEV8ywMjbknr2Gc2RIlgqSoVRLfKH2epEmpQSeDvY6dpYGBhipVIF8mR_e7i9-4RcuWVtAF2gWkhkPHEeRayas4C-IF2GDDL-MpsQk4mMJ-raYtcN1oYRKzIZ9iPw-os3-W2jL_KBqFcExBF0ztSio1Wq9l1RUjd69Y9CU8HQ4AoouzHK0Qz81_eKRV0ZJ3_vXSf9H40eHTaoMsBaeHqkHS2Jgy0XpNd8jorSjNe50t3S-_KIq9asNKnJkbuQ5hopIN0rAvNsrf8i84qyVookmnIWWnIAWkkNoYYNNuStXrkJXt4vn9ktVsC00MuC6bBxEM55TlqUBw9oOMebkAanfjwTNvUgFHOjCwoPVQA3jsUkV7qk9SMjkh7la_wmFBnU6Gs46Ha8VziEDxKK8JSFdyogGsnpBvnafG-aYixqKfo9O_bZ2QvZBliwxI8J-1iXeIF2bWfxfJjfVl9xW8DEZ-O |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PS8MwFA5jCnqauom_zcGj3eyWpi_eRC0bzjHYxN1GfrzAQFaZrf77Jl1XPXjx1NDCK6Qk33vN972PkCsrYu1gFwLJOQYsNDZwWTULHPiBNOgwS9nCbCIejWA2E-Maua60MIhYkM-w7YfFWb5Jde5_lXVcucbBi6a3vHNWqdaq9l3ukveyeU_Iok4XwMso2_4K3s78l3tKAR5J43-v3SOtHxUeHVf4sk9quDwgjY0NAy1XZZO8TrJcPazShbmld3mWFk1Y6aCKkVoXxlvpIH2QmQySt_SLTgrRmiuTqctaqcsCqac2uhg02dC1WuQleZze94PSLyGQXRZngQTlj-WEZShBMLSAhlm4gVjJ0LpnUkcKlDCqp0HIrgCw1iD3BFMbRqp3SOrLdIlHhBodcaENc_WOZTF2wWKsuVusnCnhkO2YNP08zd_XLTHm5RSd_H37kuz0p8_D-XAwejoluy7n4GvO4BmpZ6scz8m2_swWH6uL4ot-A4Dqotc |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+%2F+International+Conference+on+Software+Engineering&rft.atitle=StubDroid%3A+Automatic+Inference+of+Precise+Data-Flow+Summaries+for+the+Android+Framework&rft.au=Arzt%2C+Steven&rft.au=Bodden%2C+Eric&rft.date=2016-05-01&rft.pub=ACM&rft.eissn=1558-1225&rft.spage=725&rft.epage=735&rft_id=info:doi/10.1145%2F2884781.2884816&rft.externalDocID=7886831 |