Taming Reflection
نویسندگان
چکیده
Android developers heavily use reflection in their apps for legitimate reasons. However, is also significantly used hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools are challenged by the presence of reflective calls, which they usually ignore. Thus, results security analysis, e.g., private data leaks, incomplete, given measures taken malware writers to elude detection. We propose a new instrumentation-based approach address this issue non-invasive way. Specifically, we introduce community prototype tool called DroidRA, reduces resolution calls composite constant propagation problem and then leverages COAL solver infer values targets. After that, it automatically instruments app replace with corresponding Java traditional paradigm. Our augments an so that can be more effectively statically analyzable, including such analyzers not reflection-aware. evaluate DroidRA on benchmark as well real-world apps, demonstrate indeed target subsequently allow provide sound complete results.
منابع مشابه
Taming Reflection
Static program analyses and transformations for Java face many problems when analyzing programs that use reflection or custom class loaders: How can a static analysis know which reflective calls the program will execute? How can it get hold of classes that the program loads from remote locations or even generates on the fly? And if the analysis transforms classes, how can these classes be re-in...
متن کاملTaming Entanglement
Using a spontaneous parametric-downconversion source of photon pairs, we are working towards the creation of arbitrary 2-qubit quantum states with high fidelity. Currently, all physically allowable combinations of polarization entanglement and mixture can be produced, including maximally-entangled mixed states. The states are experimentally measured and refined via computer-automated quantum-st...
متن کاملTaming Linux
This paper describes the overall design, partial implementation and brief performance evaluation of a system in which Linux and its applications run besides real-time applications. The separation of the real-time and time-sharing subsystems is not restricted to the use of the CPU but enforced as well for other resources, namely main memory and caches. This paper details the changes needed for t...
متن کاملTaming Subsystems
The embedded and mobile computing market with its wide range of innovations is expected to remain growing in the foreseeable future. Recent developments in the embedded computing technology offer more performance thereby facilitating applications of unprecedented utility. Open systems, such as Linux, provide access to a huge software base. Nevertheless, these systems have to coexist with critic...
متن کاملTaming Nonrenormalizability
Nonrenormalizable scalar fields, such as φn, n ≥ 5, require infinitely many distinct counter terms when perturbed about the free theory, and lead to free theories when defined as the continuum limit of a lattice regularized theory restricted only to arbitrary mass and coupling constant renormalization. Based on the proposal that functional integrals for interacting nonrenormalizable models do n...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: ACM Transactions on Software Engineering and Methodology
سال: 2021
ISSN: ['1049-331X', '1557-7392']
DOI: https://doi.org/10.1145/3440033