Challenges for static analysis of java reflection-literature review and empirical study

D Landman, A Serebrenik… - 2017 IEEE/ACM 39th …, 2017 - ieeexplore.ieee.org
The behavior of software that uses the Java Reflection API is fundamentally hard to predict
by analyzing code. Only recent static analysis approaches can resolve reflection under …

Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps

S Arzt, S Rasthofer, C Fritz, E Bodden, A Bartel… - ACM sigplan …, 2014 - dl.acm.org
Today's smartphones are a ubiquitous source of private and confidential data. At the same
time, smartphone users are plagued by carelessly programmed apps that leak important …

[PDF][PDF] The Soot framework for Java program analysis: a retrospective

P Lam, E Bodden, O Lhoták… - Cetus Users and …, 2011 - pdfs.semanticscholar.org
You can write a compiler pass extending Soot, as either a BodyTransformer, for a
intraprocedural analysis; or SceneTransformer, for a whole-program analysis. You choose …

Checking app behavior against app descriptions

A Gorla, I Tavecchia, F Gross, A Zeller - Proceedings of the 36th …, 2014 - dl.acm.org
How do we know a program does what it claims to do? After clustering Android apps by their
description topics, we identify outliers in each cluster with respect to their API usage. A" …

Composite constant propagation: Application to android inter-component communication analysis

D Octeau, D Luchaup, M Dering, S Jha… - 2015 IEEE/ACM 37th …, 2015 - ieeexplore.ieee.org
Many program analyses require statically inferring the possible values of composite types.
However, current approaches either do not account for correlations between object fields or …

[PDF][PDF] Harvesting runtime values in Android applications that feature anti-analysis techniques.

S Rasthofer, S Arzt, M Miltenberger, E Bodden - NDSS, 2016 - ndss-symposium.org
It is generally challenging to tell apart malware from benign applications. To make this
decision, human analysts are frequently interested in runtime values: targets of reflective …

Droidra: Taming reflection to support whole-program analysis of android apps

L Li, TF Bissyandé, D Octeau, J Klein - Proceedings of the 25th …, 2016 - dl.acm.org
Android developers heavily use reflection in their apps for legitimate reasons, but also
significantly for hiding malicious actions. Unfortunately, current state-of-the-art static analysis …

Initialize once, start fast: application initialization at build time

C Wimmer, C Stancu, P Hofer, V Jovanovic… - Proceedings of the …, 2019 - dl.acm.org
Arbitrary program extension at run time in language-based VMs, eg, Java's dynamic class
loading, comes at a startup cost: high memory footprint and slow warmup. Cloud computing …

SPLLIFT statically analyzing software product lines in minutes instead of years

E Bodden, T Tolêdo, M Ribeiro, C Brabrand… - ACM SIGPLAN …, 2013 - dl.acm.org
A software product line (SPL) encodes a potentially large variety of software products as
variants of some common code base. Up until now, re-using traditional static analyses for …

Stadyna: Addressing the problem of dynamic code updates in the security analysis of android applications

Y Zhauniarovich, M Ahmad, O Gadyatskaya… - Proceedings of the 5th …, 2015 - dl.acm.org
Static analysis of Android applications can be hindered by the presence of the popular
dynamic code update techniques: dynamic class loading and reflection. Recent Android …