Reflection is a language feature which allows to analyze and transform the behavior of classes at the runtime. Reflection is used for software debugging and testing. Malware authors can leverage re ection to subvert the malware de- tection by static analyzers. Re ection initializes the class, invokes any method of class, or accesses any field of class. But, instead of utilizing usual programming language syn- tax, reflection passes classes/methods etc. as parameters to reflective APIs. As a consequence, these parameters can be constructed dynamically or can be encrypted by malware. These cannot be detected by state-of-the-art static tools. We propose EspyDroid, a system that combines dynamic analysis with code instrumentation for a more precise and automated detection of malware employing re ection. Weflevaluate EspyDroid on 28 benchmark apps employing majorflre ection categories. Our technique show improved results over FlowDroid via detection of additional undetected ows. These flows have potential to leak sensitive and private in- formation of the users, through various sinks.

POSTER: Detection of information leaks via reflection in android apps

Conti M.
2017

Abstract

Reflection is a language feature which allows to analyze and transform the behavior of classes at the runtime. Reflection is used for software debugging and testing. Malware authors can leverage re ection to subvert the malware de- tection by static analyzers. Re ection initializes the class, invokes any method of class, or accesses any field of class. But, instead of utilizing usual programming language syn- tax, reflection passes classes/methods etc. as parameters to reflective APIs. As a consequence, these parameters can be constructed dynamically or can be encrypted by malware. These cannot be detected by state-of-the-art static tools. We propose EspyDroid, a system that combines dynamic analysis with code instrumentation for a more precise and automated detection of malware employing re ection. Weflevaluate EspyDroid on 28 benchmark apps employing majorflre ection categories. Our technique show improved results over FlowDroid via detection of additional undetected ows. These flows have potential to leak sensitive and private in- formation of the users, through various sinks.
2017
ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security
2017 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2017
9781450349444
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11577/3506477
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? 4
  • OpenAlex ND
social impact