NativeSummary: Summarizing Native Binary Code for Inter-language Static Analysis of Android Apps
This program is tentative and subject to change.
With the prosperity of Android app research in the last decade, many static analysis techniques have been proposed. They generally aim to tackle DEX bytecode in Android apps. Beyond DEX bytecode, native code (usually written in C/C++) is prevalent in modern Android apps, whose analysis is usually overlooked by most existing analysis frameworks. Although a few recent works attempted to handle native code, they suffer from scalability and accuracy issues. In this paper, we propose NativeSummary, a novel inter-language static analysis framework for Android apps with high accuracy, scalability, and compatibility. Our key idea is to extract semantic summaries of the native binary code, then convert common usage patterns of JNI interface functions into Java bytecode operations, and additionally transform native library function calls to bytecode calls. Along with this effort, we can empower the legacy Java static frameworks (e.g., FlowDroid) with the ability of inter-language data flow analysis without tampering with their inherent logic. Extensive evaluation suggests that NativeSummary outperforms SOTA techniques in terms of accuracy, scalability and compatibility. NativeSummary sheds light on the promising direction of inter-language analysis, and thousands of existing app analysis works can be boosted atop NativeSummary with almost no effort.
This program is tentative and subject to change.
Fri 20 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 11:50 | |||
10:30 20mTalk | Atlas: Automating Cross-Language Fuzzing on Android Closed-Source Libraries Technical Papers Hao Xiong Zhejiang University, Qinming Dai Zhejiang University, Rui Chang Zhejiang University, Mingran Qiu Zhejiang University, Renxiang Wang Zhejiang University, Wenbo Shen Zhejing University, Yajin Zhou Zhejiang University DOI | ||
10:50 20mTalk | Feedback-Driven Automated Whole Bug Report Reproduction for Android Apps Technical Papers Dingbang Wang University of Connecticut, Yu Zhao University of Central Missouri, Sidong Feng Monash University, Zhaoxu Zhang University of Southern California, William G.J. Halfond University of Southern California, Chunyang Chen Technical University of Munich (TUM), Xiaoxia Sun China Mobile (Suzhou) Software Technology Co., Ltd., Jiangfan Shi , Tingting Yu University of Connecticut | ||
11:10 20mTalk | NativeSummary: Summarizing Native Binary Code for Inter-language Static Analysis of Android Apps Technical Papers Jikai Wang Huazhong University of Science and Technology, Haoyu Wang Huazhong University of Science and Technology | ||
11:30 20mTalk | Towards Automatic Oracle Prediction for AR testing: Assessing Virtual Object Placement Quality under Real-world Scenes Technical Papers Xiaoyi Yang Rochester Institute of Technology, Yuxing Wang Rochester Institute of Technology, Tahmid Rafi University of Texas at San Antonio, Dongfang Liu Rochester Institute of Technology, Xiaoyin Wang University of Texas at San Antonio, Xueling Zhang Rochester Institute of Technology | ||