Challenges for static analysis of java reflection-literature review and empirical study
D Landman, A Serebrenik… - 2017 IEEE/ACM 39th …, 2017 - ieeexplore.ieee.org
The behavior of software that uses the Java Reflection API is fundamentally hard to predict
by analyzing code. Only recent static analysis approaches can resolve reflection under …
by analyzing code. Only recent static analysis approaches can resolve reflection under …
Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps
Today's smartphones are a ubiquitous source of private and confidential data. At the same
time, smartphone users are plagued by carelessly programmed apps that leak important …
time, smartphone users are plagued by carelessly programmed apps that leak important …
[PDF][PDF] The Soot framework for Java program analysis: a retrospective
You can write a compiler pass extending Soot, as either a BodyTransformer, for a
intraprocedural analysis; or SceneTransformer, for a whole-program analysis. You choose …
intraprocedural analysis; or SceneTransformer, for a whole-program analysis. You choose …
Checking app behavior against app descriptions
How do we know a program does what it claims to do? After clustering Android apps by their
description topics, we identify outliers in each cluster with respect to their API usage. A" …
description topics, we identify outliers in each cluster with respect to their API usage. A" …
Composite constant propagation: Application to android inter-component communication analysis
Many program analyses require statically inferring the possible values of composite types.
However, current approaches either do not account for correlations between object fields or …
However, current approaches either do not account for correlations between object fields or …
[PDF][PDF] Harvesting runtime values in Android applications that feature anti-analysis techniques.
It is generally challenging to tell apart malware from benign applications. To make this
decision, human analysts are frequently interested in runtime values: targets of reflective …
decision, human analysts are frequently interested in runtime values: targets of reflective …
Droidra: Taming reflection to support whole-program analysis of android apps
Android developers heavily use reflection in their apps for legitimate reasons, but also
significantly for hiding malicious actions. Unfortunately, current state-of-the-art static analysis …
significantly for hiding malicious actions. Unfortunately, current state-of-the-art static analysis …
Initialize once, start fast: application initialization at build time
Arbitrary program extension at run time in language-based VMs, eg, Java's dynamic class
loading, comes at a startup cost: high memory footprint and slow warmup. Cloud computing …
loading, comes at a startup cost: high memory footprint and slow warmup. Cloud computing …
SPLLIFT statically analyzing software product lines in minutes instead of years
A software product line (SPL) encodes a potentially large variety of software products as
variants of some common code base. Up until now, re-using traditional static analyses for …
variants of some common code base. Up until now, re-using traditional static analyses for …
Stadyna: Addressing the problem of dynamic code updates in the security analysis of android applications
Static analysis of Android applications can be hindered by the presence of the popular
dynamic code update techniques: dynamic class loading and reflection. Recent Android …
dynamic code update techniques: dynamic class loading and reflection. Recent Android …