StaDynA: Addressing the problem of dynamic code updates in the security analysis of android applications

Y. Zhauniarovich; M. Ahmad; O. Gadyatskaya; B. Crispo; F. Massacci

doi:10.1145/2699026.2699105

StaDynA: Addressing the problem of dynamic code updates in the security analysis of android applications

Y. Zhauniarovich, M. Ahmad, O. Gadyatskaya, B. Crispo, F. Massacci

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Copyright © 2015 ACM.Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android mal- ware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These tech- niques defuse even the most recent static analyzers (e.g., [12, 21, 31]) that usually operate under the "closed world" assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behav- ior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA.

Original language	English
Title of host publication	CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
Publisher	Association for Computing Machinery, Inc
Pages	37-48
ISBN (Print)	9781450331913
DOIs	https://doi.org/10.1145/2699026.2699105
Publication status	Published - 2 Mar 2015
Externally published	Yes
Event	5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015 - San Antonio, United States Duration: 2 Mar 2015 → 4 Mar 2015

Publication series

Name	CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

Conference

Conference	5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015
Country/Territory	United States
City	San Antonio
Period	2/03/15 → 4/03/15

Access to Document

10.1145/2699026.2699105

Persistent URL (handle)

Persistent link

Cite this

Zhauniarovich, Y., Ahmad, M., Gadyatskaya, O., Crispo, B., & Massacci, F. (2015). StaDynA: Addressing the problem of dynamic code updates in the security analysis of android applications. In CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (pp. 37-48). (CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy). Association for Computing Machinery, Inc. https://doi.org/10.1145/2699026.2699105

Zhauniarovich, Y. ; Ahmad, M. ; Gadyatskaya, O. et al. / StaDynA : Addressing the problem of dynamic code updates in the security analysis of android applications. CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2015. pp. 37-48 (CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy).

@inproceedings{2224d5aadeee4e2491b2d7f79697056c,

title = "StaDynA: Addressing the problem of dynamic code updates in the security analysis of android applications",

abstract = "Copyright {\textcopyright} 2015 ACM.Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android mal- ware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These tech- niques defuse even the most recent static analyzers (e.g., [12, 21, 31]) that usually operate under the {"}closed world{"} assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behav- ior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA.",

author = "Y. Zhauniarovich and M. Ahmad and O. Gadyatskaya and B. Crispo and F. Massacci",

year = "2015",

month = mar,

day = "2",

doi = "10.1145/2699026.2699105",

language = "English",

isbn = "9781450331913",

series = "CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy",

publisher = "Association for Computing Machinery, Inc",

pages = "37--48",

booktitle = "CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy",

note = "5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015 ; Conference date: 02-03-2015 Through 04-03-2015",

}

Zhauniarovich, Y, Ahmad, M, Gadyatskaya, O, Crispo, B & Massacci, F 2015, StaDynA: Addressing the problem of dynamic code updates in the security analysis of android applications. in CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery, Inc, pp. 37-48, 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015, San Antonio, United States, 2/03/15. https://doi.org/10.1145/2699026.2699105

StaDynA: Addressing the problem of dynamic code updates in the security analysis of android applications. / Zhauniarovich, Y.; Ahmad, M.; Gadyatskaya, O. et al.
CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2015. p. 37-48 (CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy).

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - StaDynA

T2 - 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015

AU - Zhauniarovich, Y.

AU - Ahmad, M.

AU - Gadyatskaya, O.

AU - Crispo, B.

AU - Massacci, F.

PY - 2015/3/2

Y1 - 2015/3/2

N2 - Copyright © 2015 ACM.Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android mal- ware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These tech- niques defuse even the most recent static analyzers (e.g., [12, 21, 31]) that usually operate under the "closed world" assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behav- ior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA.

AB - Copyright © 2015 ACM.Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android mal- ware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These tech- niques defuse even the most recent static analyzers (e.g., [12, 21, 31]) that usually operate under the "closed world" assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behav- ior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA.

UR - https://www.scopus.com/pages/publications/84928156461

UR - https://www.scopus.com/inward/citedby.url?scp=84928156461&partnerID=8YFLogxK

U2 - 10.1145/2699026.2699105

DO - 10.1145/2699026.2699105

M3 - Conference contribution

SN - 9781450331913

T3 - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

SP - 37

EP - 48

BT - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery, Inc

Y2 - 2 March 2015 through 4 March 2015

ER -

Zhauniarovich Y, Ahmad M, Gadyatskaya O, Crispo B, Massacci F. StaDynA: Addressing the problem of dynamic code updates in the security analysis of android applications. In CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc. 2015. p. 37-48. (CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy). doi: 10.1145/2699026.2699105

StaDynA: Addressing the problem of dynamic code updates in the security analysis of android applications

Abstract

Publication series

Conference

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this