skip to main content
10.1145/3488932.3497765acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

Driving Execution of Target Paths in Android Applications with (a) CAR

Published: 30 May 2022 Publication History

Abstract

Dynamic program analysis is commonly used to vet Android applications. One approach is targeted execution, in which interesting or suspicious code is specifically targeted and analyzed dynamically. However, faithful execution to just the paths that reach these targets can be difficult due to the dependencies they have on other parts of the application. Prior works that handle dependencies must favor either soundness or completeness to the detriment of the other. Techniques that rely on precise dependency tracking ultimately result in lower coverage of targets due to overhead. Meanwhile, other techniques that aim for completeness by ignoring or bypassing dependencies lead to unsound execution and false positives. In this paper, we treat dependencies through the lens of a path context, which represents the program state expected by the path as it is executing. We propose an approach that provides better completeness and low false positives using Context Approximation and Refinement (CAR), which combines static constraint analysis and dynamic error recovery to infer a context based on the desired path flow and refine it during execution. We show that the integration of CAR with targeted execution can reach 3.1x more target locations in popular Android applications than the existing state of the art while having a false detection rate of 9%, enabling more complete analysis and detection of security-sensitive behaviors.

Supplementary Material

MP4 File (ASIA-CCS22-fp135.mp4)
Presentation video for "Driving Execution of Target Paths in Android Applications with (a) CAR" for AsiaCCS 2022. We propose a new approach to targeted execution with Context Approximation and Refinement (CAR). CAR combines static constraint analysis and dynamic error recovery to enable scalable targeted execution for security analysis of Android applications. We show that CAR can dynamically reach 3.1x more target locations in popular Android applications than the existing state of the art while having a false detection rate of 9.0%, enabling more complete analysis and detection of security-sensitive behaviors.

References

[1]
Adrien Abraham, Radoniaina Andriatsimandefitra, Adrien Brunelat, J-F Lalande, and V Viet Triem Tong. 2015. GroddDroid: A gorilla for triggering malicious behaviors. In Proceedings of the 10th International Conference on Malicious and Unwanted Software (MALWARE, 2015). IEEE, 119--127.
[2]
Saswat Anand, Mayur Naik, Mary Jean Harrold, and Hongseok Yang. 2012. Automated concolic testing of smartphone apps. In Proceedings of the 20th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2012). ACM, 59.
[3]
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick Drew McDaniel. 2014. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2014). ACM, 259--269.
[4]
Tanzirul Azim and Iulian Neamtiu. 2013. Targeted and depth-first exploration for systematic testing of Android apps. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA 2013). ACM, 641--660.
[5]
Domagoj Babić, Lorenzo Martignoni, Stephen McCamant, and Dawn Song. 2011. Statically-directed dynamic automated test generation. In Proceedings of the 20th International Symposium on Software Testing and Analysis (ISSTA 2011). ACM, 12--22.
[6]
Luciano Bello and Marco Pistoia. 2018. ARES: Triggering payload of evasive Android malware. In Proceedings of the 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft@ICSE 2018). ACM, 2--12.
[7]
Ravi Bhoraskar, Seungyeop Han, Jinseong Jeon, Tanzirul Azim, Shuo Chen, Jaeyeon Jung, Suman Nath, Rui Wang, and David Wetherall. 2014. Brahmastra: Driving apps to test the security of third-party components. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security 2014). USENIX Association, 1021--1036.
[8]
Cristian Cadar, Daniel Dunbar, Dawson R Engler, et almbox. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2008). USENIX Association, 209--224.
[9]
Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, and Dawson R. Engler. 2007. EXE: A system for automatically generating inputs of death using symbolic execution. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS 2007). ACM.
[10]
Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In Tools and Algorithms for the Construction and Analysis of Systems. Springer, 337--340.
[11]
William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2010. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2010). USENIX Association, 393--407.
[12]
Yu Feng, Saswat Anand, Isil Dillig, and Alex Aiken. 2014. Apposcopy: Semantics-based detection of Android malware through static analysis. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2014). ACM, 576--587.
[13]
Patrice Godefroid, Nils Klarlund, and Koushik Sen. 2005. DART: Directed automated random testing. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2005). ACM, 213--223.
[14]
Michael Grace, Yajin Zhou, Qiang Zhang, Shihong Zou, and Xuxian Jiang. 2012. Riskranker: Scalable and accurate zero-day Android malware detection. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MobiSys 2012). ACM, 281--294.
[15]
Tianxiao Gu, Chengnian Sun, Xiaoxing Ma, Chun Cao, Chang Xu, Yuan Yao, Qirun Zhang, Jian Lu, and Zhendong Su. 2019. Practical GUI testing of Android applications via model abstraction and refinement. In Proceedings of the 41st IEEE/ACM International Conference on Software Engineering (ICSE 2019). IEEE/ACM, 269--280.
[16]
Yuyu He, Lei Zhang, Zhemin Yang, Yinzhi Cao, Keke Lian, Shuai Li, Wei Yang, Zhibo Zhang, Min Yang, Yuan Zhang, et almbox. 2020. TextExerciser: Feedback-driven Text Input Exercising for Android Applications. In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP 2020). IEEE, 1071--1087.
[17]
Gang Hu, Xinhao Yuan, Yang Tang, and Junfeng Yang. 2014. Efficiently, effectively detecting mobile app bugs with AppDoctor. In Proceedings of the 9th European Conference on Computer Systems (EuroSys 2014). ACM, 18:1--18:15.
[18]
Sarfraz Khurshid, Corina S Pua sua reanu, and Willem Visser. 2003. Generalized symbolic execution for model checking and testing. In Proceedings of the 9th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2003). Springer, 553--568.
[19]
Patrik Lantz and Anthony Desnos. 2011. DroidBox: An Android application sandbox for dynamic analysis. https://www.honeynet.org/projects/active/droidbox/. Accessed: June 2020.
[20]
Yuanchun Li, Ziyue Yang, Yao Guo, and Xiangqun Chen. 2017. DroidBot: A lightweight UI-guided test input generator for Android. In Proceedings of the 39th International Conference on Software Engineering Companion Volume (ICSE-C 2017). IEEE, 23--26.
[21]
Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, and Guofei Jiang. 2012. CHEX: statically vetting Android apps for component hijacking vulnerabilities. In Proceedings of the 2012 ACM SIGSAC Conference on Computer and Communications Security (CCS 2012). ACM, 229--240.
[22]
Aravind Machiry, Rohan Tahiliani, and Mayur Naik. 2013. Dynodroid: An input generation system for Android apps. In Proceedings of the 21st ACM SIGSOFT International Symposium on the Foundations of Software Engineeringg (FSE 2013). ACM, 224--234.
[23]
Riyadh Mahmood, Nariman Mirzaei, and Sam Malek. 2014. Evodroid: Segmented evolutionary testing of Android apps. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2014). ACM, 599--609.
[24]
Ke Mao, Mark Harman, and Yue Jia. 2016. Sapienz: Multi-objective automated testing for Android applications. In Proceedings of the 25th International Symposium on Software Testing and Analysis (ISSTA 2016). ACM, 94--105.
[25]
Nariman Mirzaei, Joshua Garcia, Hamid Bagheri, Alireza Sadeghi, and Sam Malek. 2016. Reducing combinatorics in GUI testing of Android applications. In Proceedings of the 39th IEEE/ACM International Conference on Software Engineering (ICSE 2016). IEEE/ACM, 559--570.
[26]
Kevin Moran, Mario Linares-Vásquez, Carlos Bernal-Cárdenas, Christopher Vendome, and Denys Poshyvanyk. 2016. Automatically discovering, reporting and reproducing Android application crashes. In Proceedings of the 2016 IEEE International Conference on Software Testing, Verification and Validation (ICST 2016). IEEE, 33--44.
[27]
Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. 2013. Effective inter-component communication mapping in Android: An essential step towards holistic security analysis. In Proceedings of the 22nd USENIX Security Symposium (USENIX Security 2013). USENIX Association, 543--558.
[28]
Riyad Parvez, Paul AS Ward, and Vijay Ganesh. 2016. Combining static analysis and targeted symbolic execution for scalable bug-finding in application binaries. In Proceedings of the 26th Annual International Conference on Computer Science and Software Engineering (CASCON 2016). IBM/ACM, 116--127.
[29]
Priyam Patel, Gokul Srinivasan, Sydur Rahaman, and Iulian Neamtiu. 2018. On the effectiveness of random testing for Android: or how I learned to stop worrying and love the monkey. In Proceedings of the 13th International Workshop on Automation of Software Test (AST@ICSE 2018). ACM, 34--37.
[30]
David A Ramos and Dawson R Engler. 2015. Under-constrained symbolic execution: Correctness checking for real code. In Proceedings of the 24th USENIX Security Symposium (USENIX Security 2015). USENIX Association, 49--64.
[31]
Bahman Rashidi and Carol Fung. 2016. Xdroid: An Android permission control using hidden Markov chain and online learning. In Proceedings of the 2016 IEEE Conference on Communications and Network Security (CNS 2016). IEEE, 46--54.
[32]
Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, and Eric Bodden. 2016. Harvesting runtime values in Android applications that feature anti-analysis techniques. In Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS 2016). The Internet Society.
[33]
Siegfried Rasthofer, Steven Arzt, Stefan Triller, and Michael Pradel. 2017. Making Malory behave maliciously: Targeted fuzzing of Android execution environments. In Proceedings of the 39th IEEE/ACM International Conference on Software Engineering (ICSE 2017). IEEE/ACM, 300--311.
[34]
Martin C Rinard, Cristian Cadar, Daniel Dumitran, Daniel M Roy, Tudor Leu, and William S Beebee. 2004. Enhancing Server Availability and Security Through Failure-Oblivious Computing. In Proceedings of the 6th USENIX Symposium on Operating System Design and Implementation (OSDI 2004). USENIX Association, 303--316.
[35]
Kevin A Roundy, Paula Barmaimon Mendelberg, Nicola Dell, Damon McCoy, Daniel Nissani, Thomas Ristenpart, and Acar Tamersoy. 2020. The Many Kinds of Creepware Used for Interpersonal Attacks. In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP 2020). IEEE.
[36]
Aleieldin Salem, Michael Hesse, Jona Neumeier, and Alexander Pretschner. 2019. Towards Empirically Assessing Behavior Stimulation Approaches for Android Malware. In Proceedings of the 13th International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2019). IARIA XPS Press, 47--52.
[37]
Koushik Sen, Darko Marinov, and Gul Agha. 2005. CUTE: A concolic unit testing engine for C . ACM SIGSOFT Software Engineering Notes, Vol. 30, 5 (2005), 263--272.
[38]
David Sounthiraraj, Justin Sahs, Garret Greenwood, Zhiqiang Lin, and Latifur Khan. 2014. SMV-Hunter: Large scale, automated detection of SSL/TLS man-in-the-middle vulnerabilities in Android apps. In Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS 2014. The Internet Society.
[39]
Ting Su, Guozhu Meng, Yuting Chen, Ke Wu, Weiming Yang, Yao Yao, Geguang Pu, Yang Liu, and Zhendong Su. 2017. Guided, stochastic model-based GUI testing of Android apps. In Proceedings of the 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017). ACM, 245--256.
[40]
Mingshen Sun, Tao Wei, and John Lui. 2016. TaintART: A practical multi-level information-flow tracking system for Android runtime. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS 2016). ACM, 331--342.
[41]
Kimberly Tam, Salahuddin J Khan, Aristide Fattori, and Lorenzo Cavallaro. 2015. CopperDroid: Automatic Reconstruction of Android Malware Behaviors. In Proceedings of the 22nd Annual Network and Distributed System Security Symposium (NDSS 2015). The Internet Society.
[42]
David Trabish, Andrea Mattavelli, Noam Rinetzky, and Cristian Cadar. 2018. Chopped symbolic execution. In Proceedings of the 40th International Conference on Software Engineering (ICSE 2018). ACM, 350--360.
[43]
Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot - a Java bytecode optimization framework. In Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research (CASCON 1999). IBM, 13.
[44]
Xiaolei Wang, Yuexiang Yang, and Sencun Zhu. 2018. Automated hybrid analysis of Android malware through augmenting fuzzing with forced execution. IEEE Transactions on Mobile Computing, Vol. 18, 12 (2018), 2768--2782.
[45]
Fengguo Wei, Sankardas Roy, and Xinming Ou. 2014. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of Android apps. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS 2014). ACM, 1329--1341.
[46]
Michelle Y Wong and David Lie. 2016. IntelliDroid: A targeted input generator for the dynamic analysis of Android malware. In Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS 2016). The Internet Society.
[47]
Michelle Y Wong and David Lie. 2018. Tackling runtime-based obfuscation in Android with TIRO. In Proceedings of the 27th USENIX Security Symposium (USENIX Security 2018). USENIX Association, 1247--1262.
[48]
Mingyuan Xia, Lu Gong, Yuanhao Lyu, Zhengwei Qi, and Xue Liu. 2015. Effective real-time Android application auditing. In Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP 2015). IEEE, 899--914.
[49]
Lok Kwong Yan and Heng Yin. 2012. Droidscope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In Proceedings of the 21st USENIX Security Symposium (USENIX Security 2012). USENIX Association, 569--584.
[50]
Shengqian Yang, Dacong Yan, Haowei Wu, Yan Wang, and Atanas Rountev. 2015. Static control-flow analysis of user-driven callbacks in Android applications. In Proceedings of the 37th IEEE/ACM International Conference on Software Engineering (ICSE 2015). IEEE/ACM, 89--99.
[51]
Zhemin Yang, Min Yang, Yuan Zhang, Guofei Gu, Peng Ning, and Xiaoyang Sean Wang. 2013. AppIntent: Analyzing sensitive data transmission in Android for privacy leakage detection. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS 2013). ACM, 1043--1054.
[52]
Wei You, Bin Liang, Wenchang Shi, Peng Wang, and Xiangyu Zhang. 2017. TaintMan: An ART-compatible dynamic taint analysis framework on unmodified and non-rooted Android devices. IEEE Transactions on Dependable and Secure Computing (DSC), Vol. 17, 1 (2017), 209--222.
[53]
Michal Zalewski. 2020. AFL. https://lcamtuf.coredump.cx/afl/. Accessed: June 2020.
[54]
Yuan Zhang, Min Yang, Bingquan Xu, Zhemin Yang, Guofei Gu, Peng Ning, X Sean Wang, and Binyu Zang. 2013. Vetting undesirable behaviors in Android apps with permission use analysis. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS 2013). ACM, 611--622.
[55]
Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong, Xinhui Han, and Wei Zou. 2012. SmartDroid: an automatic system for revealing ui-based trigger conditions in Android applications. In Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2012). ACM, 93--104.
[56]
Yajin Zhou and Xuxian Jiang. 2013. Detecting passive content leaks and pollution in Android applications. In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS 2013). The Internet Society.

Cited By

View all
  • (2025)MOSDroid: Obfuscation-resilient android malware detection using multisets of encoded opcode sequencesComputers & Security10.1016/j.cose.2025.104379(104379)Online publication date: Feb-2025
  • (2024)Unveiling Collusion-Based Ad Attribution Laundering Fraud: Detection, Analysis, and Security ImplicationsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670314(2963-2977)Online publication date: 2-Dec-2024

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security
May 2022
1291 pages
ISBN:9781450391405
DOI:10.1145/3488932
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2022

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. android malware
  2. android security
  3. computer security
  4. dynamic analysis
  5. malware detection
  6. mobile security
  7. program analysis
  8. static analysis
  9. symbolic execution

Qualifiers

  • Research-article

Funding Sources

Conference

ASIA CCS '22
Sponsor:

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)28
  • Downloads (Last 6 weeks)1
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)MOSDroid: Obfuscation-resilient android malware detection using multisets of encoded opcode sequencesComputers & Security10.1016/j.cose.2025.104379(104379)Online publication date: Feb-2025
  • (2024)Unveiling Collusion-Based Ad Attribution Laundering Fraud: Detection, Analysis, and Security ImplicationsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670314(2963-2977)Online publication date: 2-Dec-2024

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media