Filters








7 Hits in 2.6 sec

HornDroid: Practical and Sound Static Analysis of Android Applications by SMT Solving

Stefano Calzavara, Ilya Grishchenko, Matteo Maffei
2016 2016 IEEE European Symposium on Security and Privacy (EuroS&P)  
We present HornDroid, a new tool for the static analysis of information flow properties in Android applications.  ...  As a matter of fact, HornDroid outperforms state-of-the-art Android static analysis tools on benchmarks proposed by the community.  ...  HornDroid Our tool, HornDroid, targets a sound and practical information flow analysis for Android applications.  ... 
doi:10.1109/eurosp.2016.16 dblp:conf/eurosp/CalzavaraGM16 fatcat:if6djm7genbijallzxbarhhtt4

HornDroid: Practical and Sound Static Analysis of Android Applications by SMT Solving [article]

Stefano Calzavara, Ilya Grishchenko, Matteo Maffei
2017 pre-print
We present HornDroid, a new tool for the static analysis of information flow properties in Android applications.  ...  As a matter of fact, HornDroid outperforms state-of-the-art Android static analysis tools on benchmarks proposed by the community.  ...  HornDroid Our tool, HornDroid, targets a sound and practical information flow analysis for Android applications.  ... 
doi:10.1109/eurosp&.p20.196.16 arXiv:1707.07866v1 fatcat:mkc4gugyefhwrhmohxqsrru6e4

Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques

Amit Seal Ami, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, Denys Poshyvanyk
2021 ACM Transactions on Privacy and Security  
However, existing tools, and specifically, static analysis tools, trade soundness of the analysis for precision and performance and are hence sound y .  ...  This article describes the Mutation-Based Soundness Evaluation (μSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix flaws, by leveraging the well-founded  ...  We thank Richie Bonnett for his contributions to the conference paper version of this work. This work is supported in part by the NSF-1815336 and NSF-1815186.  ... 
doi:10.1145/3439802 fatcat:jij564rmn5akhdpqdk5pzdempi

A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications

Stefano Calzavara, Ilya Grishchenko, Adrien Koutsos, Matteo Maffei
2017 2017 IEEE 30th Computer Security Foundations Symposium (CSF)  
method call Uncaught pp ((λ,v * );v;ĥ;k) Abstract uncaught exception RHSpp(v) Abstract value of right-hand side LiftHeap(ĥ;k) Abstract heap lifting Reach(v;ĥ;k) Abstract heap reachability Abstract static  ...  blocksl ::=b | ⊥ Abstract flow-sensitive heapĥ ::= (pp →l) * Abstract filterk ::= (pp → bb) * Abstract local state AStatepp((λ,v * );v * ;ĥ;k) Abstract abnormal state Resc,m((λ,v * );v;ĥ;k) Abstract result of  ...  Critical Infrastructures from Cyber Attacks (www.filierasicura.it) funded by CISCO Systems Inc. and Leonardo SpA, and by the German Federal Ministry of Education and Research (BMBF) through the Center  ... 
doi:10.1109/csf.2017.19 dblp:conf/csfw/CalzavaraGKM17 fatcat:63cirlb5ozbrvorsaxr7zdtoum

Let's Face It: Faceted Values for Taint Tracking [chapter]

Daniel Schoepe, Musard Balliu, Frank Piessens, Andrei Sabelfeld
2016 Lecture Notes in Computer Science  
static and dynamic taint trackers for Android.  ...  Precision of taint tracking is key for its success in practice: being a vulnerability analysis, false positives must be low for the analysis to be practical.  ...  Acknowledgments This work was funded by the European Community under the ProSecuToR project and the Swedish research agencies SSF and VR.  ... 
doi:10.1007/978-3-319-45744-4_28 fatcat:jscyfz6j2jal3fp5ayjy5mq75i

Information flow based defensive chain for data leakage detection and prevention: a survey [article]

Ning Xi, Chao Chen, Jun Zhang, Cong Sun, Shigang Liu, Pengbin Feng, Jianfeng Ma
2021 arXiv   pre-print
Mobile and IoT applications have greatly enriched our daily life by providing convenient and intelligent services.  ...  Research challenges and future directions are also pointed out by consideration of the integrity of the defensive chain.  ...  Sound static analysis by SMT solving.  ... 
arXiv:2106.04951v1 fatcat:apib4mmp3va43dv5he7xu3aay4

A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications [article]

Stefano Calzavara, Ilya Grishchenko, Adrien Koutsos, Matteo Maffei
2017 arXiv   pre-print
The present paper proposes the first static analysis for Android applications which is both flow-sensitive on the heap abstraction and provably sound with respect to a rich formal model of the Android  ...  We formulate the analysis as a set of Horn clauses defining a sound over-approximation of the semantics of the Android application to analyse, borrowing ideas from recency abstraction and extending them  ...  Critical Infrastructures from Cyber Attacks (www.filierasicura.it) funded by CISCO Systems Inc. and Leonardo SpA, and by the German Federal Ministry of Education and Research (BMBF) through the Center  ... 
arXiv:1705.10482v2 fatcat:fj7i2tjjgbgifbzj4d373leijm