NativeSummary: Summarizing Native Binary Code for Inter-language Static Analysis of Android Apps
With the prosperity of Android app research in the last decade, many static analysis techniques have been proposed. They generally aim to tackle DEX bytecode in Android apps. Beyond DEX bytecode, native code (usually written in C/C++) is prevalent in modern Android apps, whose analysis is usually overlooked by most existing analysis frameworks. Although a few recent works attempted to handle native code, they suffer from scalability and accuracy issues. In this paper, we propose NativeSummary, a novel inter-language static analysis framework for Android apps with high accuracy,
scalability, and compatibility. Our key idea is to extract semantic summary of the native binary code, then convert common usage patterns of JNI interface functions into Java bytecode operations,
and additionally transform native library function calls to bytecode calls. Along with this effort, we can empower the legacy Java static frameworks with the ability of inter-language data flow analysis without tampering their inherent logic. Extensive evaluation suggests that NativeSummary outperforms SOTA techniques in terms of accuracy, scalability and compatibility. NativeSummary
sheds light on the promising direction of inter-language analysis, and thousands of existing app analysis works can be boosted atop NativeSummary with almost no effort.
Fri 20 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 11:50 | |||
10:30 20mTalk | Atlas: Automating Cross-Language Fuzzing on Android Closed-Source Libraries Technical Papers Hao Xiong Zhejiang University; ZJU-Hangzhou Global Scientific and Technological Innovation Center, Qinming Dai Zhejiang University; ZJU-Hangzhou Global Scientific and Technological Innovation Center, Rui Chang Zhejiang University, Mingran Qiu Zhejiang University; ZJU-Hangzhou Global Scientific and Technological Innovation Center, Renxiang Wang Zhejiang University; ZJU-Hangzhou Global Scientific and Technological Innovation Center, Wenbo Shen Zhejiang University, Yajin Zhou Zhejiang University; ZJU-Hangzhou Global Scientific and Technological Innovation Center DOI | ||
10:50 20mTalk | Feedback-Driven Automated Whole Bug Report Reproduction for Android Apps Technical Papers Dingbang Wang University of Connecticut, Yu Zhao University of Cincinnati, Sidong Feng Monash University, Zhaoxu Zhang University of Southern California, William G.J. Halfond University of Southern California, Chunyang Chen TU Munich, Xiaoxia Sun China Mobile (Suzhou) Software Technology, Jiangfan Shi Zhejiang University, Tingting Yu University of Connecticut DOI | ||
11:10 20mTalk | NativeSummary: Summarizing Native Binary Code for Inter-language Static Analysis of Android Apps Technical Papers Jikai Wang Huazhong University of Science and Technology, Haoyu Wang Huazhong University of Science and Technology DOI | ||
11:30 20mTalk | Towards Automatic Oracle Prediction for AR Testing: Assessing Virtual Object Placement Quality under Real-World Scenes Technical Papers Xiaoyi Yang Rochester Institute of Technology, Yuxing Wang Rochester Institute of Technology, Tahmid Rafi University of Texas at San Antonio, Dongfang Liu Rochester Institute of Technology, Xiaoyin Wang University of Texas at San Antonio, Xueling Zhang Rochester Institute of Technology DOI | ||