StaDynA: Addressing the problem of dynamic code updates in the security analysis of android applications

Yury Zhauniarovich, Maqsood Ahmad, Olga Gadyatskaya, Bruno Crispo, Fabio Massacci

Research output: Chapter in Book/Report/Conference proceedingConference contribution

46 Citations (Scopus)

Abstract

Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android mal- ware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These tech- niques defuse even the most recent static analyzers (e.g., [12, 21, 31]) that usually operate under the "closed world" assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behav- ior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA.

Original languageEnglish
Title of host publicationCODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages37-48
Number of pages12
ISBN (Electronic)9781450331913
DOIs
Publication statusPublished - 1 Jan 2015
Externally publishedYes
Event5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015 - San Antonio, United States
Duration: 2 Mar 20154 Mar 2015

Other

Other5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015
CountryUnited States
CitySan Antonio
Period2/3/154/3/15

Fingerprint

Static analysis
Dynamic analysis

Keywords

  • Android
  • Dynamic code updates
  • Security analysis

ASJC Scopus subject areas

  • Information Systems
  • Software
  • Computer Science Applications

Cite this

Zhauniarovich, Y., Ahmad, M., Gadyatskaya, O., Crispo, B., & Massacci, F. (2015). StaDynA: Addressing the problem of dynamic code updates in the security analysis of android applications. In CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (pp. 37-48). Association for Computing Machinery, Inc. https://doi.org/10.1145/2699026.2699105

StaDynA : Addressing the problem of dynamic code updates in the security analysis of android applications. / Zhauniarovich, Yury; Ahmad, Maqsood; Gadyatskaya, Olga; Crispo, Bruno; Massacci, Fabio.

CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2015. p. 37-48.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Zhauniarovich, Y, Ahmad, M, Gadyatskaya, O, Crispo, B & Massacci, F 2015, StaDynA: Addressing the problem of dynamic code updates in the security analysis of android applications. in CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, pp. 37-48, 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015, San Antonio, United States, 2/3/15. https://doi.org/10.1145/2699026.2699105
Zhauniarovich Y, Ahmad M, Gadyatskaya O, Crispo B, Massacci F. StaDynA: Addressing the problem of dynamic code updates in the security analysis of android applications. In CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc. 2015. p. 37-48 https://doi.org/10.1145/2699026.2699105
Zhauniarovich, Yury ; Ahmad, Maqsood ; Gadyatskaya, Olga ; Crispo, Bruno ; Massacci, Fabio. / StaDynA : Addressing the problem of dynamic code updates in the security analysis of android applications. CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2015. pp. 37-48
@inproceedings{9741fc8b0df9452aa20087d04249b1af,
title = "StaDynA: Addressing the problem of dynamic code updates in the security analysis of android applications",
abstract = "Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android mal- ware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These tech- niques defuse even the most recent static analyzers (e.g., [12, 21, 31]) that usually operate under the {"}closed world{"} assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behav- ior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA.",
keywords = "Android, Dynamic code updates, Security analysis",
author = "Yury Zhauniarovich and Maqsood Ahmad and Olga Gadyatskaya and Bruno Crispo and Fabio Massacci",
year = "2015",
month = "1",
day = "1",
doi = "10.1145/2699026.2699105",
language = "English",
pages = "37--48",
booktitle = "CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy",
publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - StaDynA

T2 - Addressing the problem of dynamic code updates in the security analysis of android applications

AU - Zhauniarovich, Yury

AU - Ahmad, Maqsood

AU - Gadyatskaya, Olga

AU - Crispo, Bruno

AU - Massacci, Fabio

PY - 2015/1/1

Y1 - 2015/1/1

N2 - Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android mal- ware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These tech- niques defuse even the most recent static analyzers (e.g., [12, 21, 31]) that usually operate under the "closed world" assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behav- ior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA.

AB - Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android mal- ware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These tech- niques defuse even the most recent static analyzers (e.g., [12, 21, 31]) that usually operate under the "closed world" assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behav- ior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA.

KW - Android

KW - Dynamic code updates

KW - Security analysis

UR - http://www.scopus.com/inward/record.url?scp=84928156461&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84928156461&partnerID=8YFLogxK

U2 - 10.1145/2699026.2699105

DO - 10.1145/2699026.2699105

M3 - Conference contribution

AN - SCOPUS:84928156461

SP - 37

EP - 48

BT - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery, Inc

ER -