Dynamically Generating Callback Summaries for Enhancing Static Analysis

Authors Steven Arzt , Marc Miltenberger , Julius Näumann



PDF
Thumbnail PDF

File

LIPIcs.ECOOP.2024.4.pdf
  • Filesize: 1.12 MB
  • 27 pages

Document Identifiers

Author Details

Steven Arzt
  • Fraunhofer SIT | ATHENE - National Research Center for Applied Cybersecurity, Darmstadt, Germany
Marc Miltenberger
  • Fraunhofer SIT | ATHENE - National Research Center for Applied Cybersecurity, Darmstadt, Germany
Julius Näumann
  • TU Darmstadt | ATHENE - National Research Center for Applied Cybersecurity, Darmstadt, Germany

Cite AsGet BibTex

Steven Arzt, Marc Miltenberger, and Julius Näumann. Dynamically Generating Callback Summaries for Enhancing Static Analysis. In 38th European Conference on Object-Oriented Programming (ECOOP 2024). Leibniz International Proceedings in Informatics (LIPIcs), Volume 313, pp. 4:1-4:27, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024)
https://doi.org/10.4230/LIPIcs.ECOOP.2024.4

Abstract

Interprocedural static analyses require a complete and precise callgraph. Since third-party libraries are responsible for large portions of the code of an app, a substantial fraction of the effort in callgraph generation is therefore spent on the library code for each app. For analyses that are oblivious to the inner workings of a library and only require the user code to be processed, the library can be replaced with a summary that allows to reconstruct the callbacks from library code back to user code. To improve performance, we propose the automatic generation and use of precise pre-computed callgraph summaries for commonly used libraries. Reflective method calls within libraries and callback-driven APIs pose further challenges for generating precise callgraphs using static analysis. Pre-computed summaries can also help analyses avoid these challenges. We present CGMiner, an approach for automatically generating callgraph models for library code. It dynamically observes sample apps that use one or more particular target libraries. As we show, CGMiner yields more than 94% of correct edges, whereas existing work only achieves around 33% correct edges. CGMiner avoids the high false positive rate of existing tools. We show that CGMiner integrated into FlowDroid uncovers 40% more data flows than our baseline without callback summaries.

Subject Classification

ACM Subject Classification
  • Software and its engineering → Dynamic analysis
Keywords
  • dynamic analysis
  • callback detection
  • java
  • android

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. Kevin Allix, Tegawendé F Bissyandé, Jacques Klein, and Yves Le Traon. Androzoo: Collecting millions of android apps for the research community. In 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR), pages 468-471. IEEE, 2016. Google Scholar
  2. Steven Arzt and Eric Bodden. Stubdroid: automatic inference of precise data-flow summaries for the android framework. In 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE), pages 725-735. IEEE, 2016. Google Scholar
  3. Steven Arzt, Siegfried Rasthofer, and Eric Bodden. Instrumenting android and java applications as easy as abc. In International Conference on Runtime Verification, pages 364-381. Springer, 2013. Google Scholar
  4. Steven Arzt, Siegfried Rasthofer, and Eric Bodden. Susi: A tool for the fully automated classification and categorization of android sources and sinks. University of Darmstadt, Tech. Rep. TUDCS-2013-0114, 2013. Google Scholar
  5. Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Acm Sigplan Notices, 49(6):259-269, 2014. Google Scholar
  6. Tanzirul Azim and Iulian Neamtiu. Targeted and depth-first exploration for systematic testing of android apps. In Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications, pages 641-660, 2013. Google Scholar
  7. Eric Bodden, Andreas Sewe, Jan Sinschek, Hela Oueslati, and Mira Mezini. Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders. In 2011 33rd International Conference on Software Engineering (ICSE), pages 241-250. IEEE, 2011. Google Scholar
  8. Yinzhi Cao, Yanick Fratantonio, Antonio Bianchi, Manuel Egele, Christopher Kruegel, Giovanni Vigna, and Yan Chen. Edgeminer: Automatically detecting implicit control flow transitions through the android framework. In NDSS, 2015. Google Scholar
  9. Shauvik Roy Choudhary, Alessandra Gorla, and Alessandro Orso. Automated test input generation for android: Are we there yet? (e). In 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 429-440, 2015. URL: https://doi.org/10.1109/ASE.2015.89.
  10. Google, Inc. Ui/application exerciser monkey, 2023. URL: https://developer.android.com/studio/test/other-testing-tools/monkey.
  11. Neville Grech, George Fourtounis, Adrian Francalanza, and Yannis Smaragdakis. Heaps don't lie: countering unsoundness with heap snapshots. Proceedings of the ACM on Programming Languages, 1(OOPSLA):1-27, 2017. Google Scholar
  12. Chenkai Guo, Quanqi Ye, Naipeng Dong, Guangdong Bai, Jin Song Dong, and Jing Xu. Automatic construction of callback model for android application. In 2016 21st International Conference on Engineering of Complex Computer Systems (ICECCS), pages 231-234. IEEE, 2016. Google Scholar
  13. Chun-Hung Hsiao, Jie Yu, Satish Narayanasamy, Ziyun Kong, Cristiano L Pereira, Gilles A Pokam, Peter M Chen, and Jason Flinn. Race detection for event-driven mobile applications. ACM SIGPLAN Notices, 49(6):326-336, 2014. Google Scholar
  14. Patrick Lam, Eric Bodden, Ondrej Lhotak, and Laurie Hendren. The soot framework for java program analysis: a retrospective. In Cetus Users and Compiler Infastructure Workshop (CETUS 2011), oktober 2011. Google Scholar
  15. Ondrej Lhoták. Comparing call graphs. In Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, pages 37-42, 2007. Google Scholar
  16. Ondřej Lhoták and Laurie Hendren. Scaling java points-to analysis using spark. In Görel Hedin, editor, Compiler Construction, volume 2622 of Lecture Notes in Computer Science, pages 153-169. Springer Berlin Heidelberg, 2003. URL: https://doi.org/10.1007/3-540-36579-6_12.
  17. Li Li, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. An investigation into the use of common libraries in android apps. In 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), volume 1, pages 403-414, 2016. URL: https://doi.org/10.1109/SANER.2016.52.
  18. Yepang Liu, Chang Xu, and Shing-Chi Cheung. Where has my battery gone? finding sensor related energy black holes in smartphone applications. In 2013 IEEE international conference on pervasive Computing and Communications (PerCom), pages 2-10. IEEE, 2013. Google Scholar
  19. Marc Miltenberger, Julien Gerding, Jens Guthmann, and Steven Arzt. Dfarm: massive-scaling dynamic android app analysis on real hardware. In Proceedings of the IEEE/ACM 7th International Conference on Mobile Software Engineering and Systems, pages 12-15, 2020. Google Scholar
  20. Danilo Dominguez Perez and Wei Le. Generating predicate callback summaries for the android framework. In 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft), pages 68-78. IEEE, 2017. Google Scholar
  21. Danilo Dominguez Perez and Wei Le. Specifying callback control flow of mobile apps using finite automata. IEEE Transactions on Software Engineering, 47(2):379-392, 2021. URL: https://doi.org/10.1109/TSE.2019.2893207.
  22. Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, and Eric Bodden. Harvesting runtime values in android applications that feature anti-analysis techniques. In NDSS, 2016. Google Scholar
  23. Siegfried Rasthofer, Steven Arzt, Stefan Triller, and Michael Pradel. Making malory behave maliciously: Targeted fuzzing of android execution environments. In 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE), pages 300-311. IEEE, 2017. Google Scholar
  24. Vijay Sundaresan, Laurie Hendren, Chrislain Razafimahefa, Raja Vallée-Rai, Patrick Lam, Etienne Gagnon, and Charles Godin. Practical virtual method call resolution for java. In Proceedings of the 15th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA '00, pages 264-280, New York, NY, USA, 2000. Association for Computing Machinery. URL: https://doi.org/10.1145/353171.353189.
  25. Raja Vallee-Rai and Laurie J. Hendren. Jimple: Simplifying java bytecode for analyses and transformations, 1998. Google Scholar
  26. Nicolas Viennot, Edward Garcia, and Jason Nieh. A measurement study of google play. In The 2014 ACM international conference on Measurement and modeling of computer systems, pages 221-233, 2014. Google Scholar
  27. Shengqian Yang, Haowei Wu, Hailong Zhang, Yan Wang, Chandrasekar Swaminathan, Dacong Yan, and Atanas Rountev. Static window transition graphs for android. Automated Software Engineering, 25(4):833-873, 2018. Google Scholar
  28. Shengqian Yang, Dacong Yan, Haowei Wu, Yan Wang, and Atanas Rountev. Static control-flow analysis of user-driven callbacks in android applications. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, volume 1, pages 89-99. IEEE, 2015. Google Scholar
  29. Wei Yang, Mukul R Prasad, and Tao Xie. A grey-box approach for automated gui-model generation of mobile applications. In International Conference on Fundamental Approaches to Software Engineering, pages 250-265. Springer, 2013. Google Scholar
  30. Zhemin Yang, Min Yang, Yuan Zhang, Guofei Gu, Peng Ning, and X Sean Wang. Appintent: Analyzing sensitive data transmission in android for privacy leakage detection. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 1043-1054, 2013. Google Scholar
  31. Weilei Zhang and Barbara G Ryder. Automatic construction of accurate application call graph with library call abstraction for java. Journal of Software Maintenance and Evolution: Research and Practice, 19(4):231-252, 2007. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail