Leveraging Historical Versions of Android Apps for Efficient and Precise Taint Analysis
Title | Leveraging Historical Versions of Android Apps for Efficient and Precise Taint Analysis |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Jenkins, J., Cai, H. |
Conference Name | 2018 IEEE/ACM 15th International Conference on Mining Software Repositories (MSR) |
ISBN Number | 978-1-4503-5716-6 |
Keywords | analysis effectiveness, android, Android (operating system), Android devices, Android ecosystem, attacks, Benchmark testing, composability, differencing, evolution, EVOTAINT, Google, historical versions, incremental, incremental taint analysis, invasive software, Metrics, mobile computing, Open Source Software, pubcrawl, reachability analysis, real-world evolving Android apps, representative precise taint analysis, security, security vulnerabilities, simultaneous scalability, taint analysis, taint checking, Tools, user apps |
Abstract | Today, computing on various Android devices is pervasive. However, growing security vulnerabilities and attacks in the Android ecosystem constitute various threats through user apps. Taint analysis is a common technique for defending against these threats, yet it suffers from challenges in attaining practical simultaneous scalability and effectiveness. This paper presents a novel approach to fast and precise taint checking, called incremental taint analysis, by exploiting the evolving nature of Android apps. The analysis narrows down the search space of taint checking from an entire app, as conventionally addressed, to the parts of the program that are different from its previous versions. This technique improves the overall efficiency of checking multiple versions of the app as it evolves. We have implemented the techniques as a tool prototype, EVOTAINT, and evaluated our analysis by applying it to real-world evolving Android apps. Our preliminary results show that the incremental approach largely reduced the cost of taint analysis, by 78.6% on average, yet without sacrificing the analysis effectiveness, relative to a representative precise taint analysis as the baseline. |
URL | https://ieeexplore.ieee.org/document/8595209 |
Citation Key | jenkins_leveraging_2018 |
- invasive software
- user apps
- tools
- taint checking
- taint analysis
- simultaneous scalability
- security vulnerabilities
- security
- representative precise taint analysis
- real-world evolving Android apps
- reachability analysis
- pubcrawl
- Open Source Software
- mobile computing
- Metrics
- analysis effectiveness
- incremental taint analysis
- incremental
- historical versions
- EVOTAINT
- Evolution
- differencing
- composability
- Benchmark testing
- attacks
- Android ecosystem
- Android devices
- Android (operating system)
- android