In the past, researchers have developed a number of popular taint-analysis approaches, particularly in the context of Android applications. Numerous studies have shown that automated code analyses are adopted by developers only if they yield a good “signal to noise ratio”, i.e., high precision. Many previous studies have reported analysis precision quantitatively, but this gives little insight into what can and should be done to increase precision further.
To guide future research on increasing precision, we present a comprehensive study that evaluates static Android taint-analysis results on a qualitative level. To unravel the exact nature of taint flows, we have designed COVA, an analysis tool to compute partial path constraints that inform about the circumstances under which taint flows may actually occur in practice.
We have conducted a qualitative study on the taint flows in 1,022 real-world Android applications. Our results reveal several key findings: Many taint flows occur only under specific conditions, e.g., environment settings, user interaction, I/O. Taint analyses should consider the application context to discern such situations. COVA shows that few taint flows are guarded by multiple different kinds of conditions simultaneously, so tools that seek to confirm true positives dynamically can concentrate on one kind at a time, e.g., only simulating user interactions. Lastly, many false positives arise due to a too liberal source/sink configuration. Taint analyses must be more carefully configured, and their configuration could benefit from better tool assistance.
| Slides (A Qualitative Analysis of Android Taint-Analysis Results) (COVA-ASE19-Talk-public.pdf) | 1.57MiB |
Tue 12 NovDisplayed time zone: Tijuana, Baja California change
13:40 - 15:20 | Mobile 2Research Papers / Journal First Presentations at Hillcrest Chair(s): Myra Cohen Iowa State University | ||
13:40 20mTalk | A Qualitative Analysis of Android Taint-Analysis Results Research Papers Linghui Luo Paderborn University, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Johannes Späth Fraunhofer IEM Pre-print File Attached | ||
14:00 20mTalk | Goal-Driven Exploration for Android Applications Research Papers Pre-print | ||
14:20 20mTalk | RANDR: Record and Replay for Android Applications via Targeted Runtime Instrumentation Research Papers Onur Sahin Boston University, Assel Aliyeva Boston University, Hariharan Mathavan Boston University, Ayse Coskun Boston University, Manuel Egele Boston University, USA | ||
14:40 20mTalk | Specifying Callback Control Flow of Mobile Apps Using Finite Automata Journal First Presentations Link to publication | ||
15:00 20mTalk | MalScan: Fast Market-Wide Mobile Malware Scanning by Social-Network Centrality Analysis Research Papers Yueming Wu Huazhong University of Science and Technology, Xiaodi Li University of Texas at Dallas, Deqing Zou Huazhong University of Science and Technology, Wei Yang University of Texas at Dallas, Xin Zhang Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology Pre-print | ||