DexLego: Reassembleable Bytecode Extraction for Aiding Static Analysis
نویسندگان
چکیده
The scale of Android applications in the market is growing rapidly. To efficiently detect the malicious behavior in these applications, an array of static analysis tools are proposed. However, static analysis tools suffer from code hiding techniques like packing, dynamic loading, self modifying, and reflection. In this paper, we thus present DEXLEGO, a novel system that performs a reassembleable bytecode extraction for aiding static analysis tools to reveal the malicious behavior of Android applications. DEXLEGO leverages just-in-time collection to extract data and bytecode from an application at runtime, and reassembles them to a new Dalvik Executable (DEX) file offline. The experiments on DroidBench and real-world applications show that DEXLEGO precisely reconstructs the behavior of an application in the reassembled DEX file, and significantly improves analysis result of the existing static analysis systems.
منابع مشابه
Sound Control-Flow Graph Extraction for Java Programs with Exceptions
We present an algorithm to extract control-flow graphs from Java bytecode, considering exceptional flows. We then establish its correctness: the behavior of the extracted graphs is shown to be a sound over-approximation of the behavior of the original programs. Thus, any temporal safety property that holds for the extracted control-flow graph also holds for the original program. This makes the ...
متن کاملOn the Relative Completeness of Bytecode Analysis Versus Source Code Analysis
We discuss the challenges faced by bytecode analyzers designed for code verification compared to similar analyzers for source code. While a bytecode-level analysis brings many simplifications, e.g., fewer cases, independence from source syntax, name resolution, etc., it also introduces precision loss that must be recovered either via preprocessing, more precise abstract domains, more precise tr...
متن کاملProvably Correct Control-Flow Graphs from Java Programs with Exceptions
We present an algorithm to extract flow graphs from Java bytecode, including exceptional control flows. We prove its correctness, meaning that the behavior of the extracted control-flow graph is a sound over-approximation of the behavior of the original program. Thus any safety property that holds for the extracted control-flow graph also holds for the original program. This makes control-flow ...
متن کاملStatic Resource Analysis for Java Bytecode Using Amortisation and Separation Logic
In this paper we describe a static analyser for Java bytecode which uses a combination of amortised analysis and Separation Logic due to Robert Atkey. With the help of Java annotations we are able to give precise resource utilisation constraints for Java methods which manipulate various heapbased data structures.
متن کاملBicolanoMT: a Formalization of Multi-Threaded Java at Bytecode Level
This paper describes a formalization of multi-threaded Java bytecode in Coq. The formalization builds on the existing Bicolano formalization for sequential Java bytecode – which captures basically all aspects of sequential bytecode supported by the CLDC (Java for mobile phones) platform. We use a special extension framework to extend the existing formalization in a systematic way. The formaliza...
متن کامل