Tackling runtime-based obfuscation in Android with TIRO
|
|
- Caroline Waters
- 5 years ago
- Views:
Transcription
1 Tackling runtime-based obfuscation in Android with Michelle Wong and David Lie University of Toronto Usenix Security 2018
2 Android malware and analysis Mobile devices are a valuable target for malware developers Access to sensitive information and functionality Arms race between malware developers and security analyzers I do X Malware! Because X!!! 2
3 Java obfuscation Most Android applications written in Java Language-based obfuscation Obfuscation using Java features Reflection Dynamic code loading Application DEX Code Framework APIs JNI Application Native Code Native methods ART/DVM Runtime I do [?], where [?] might be X Linux Device Does it do X? Is it malware?!!! 3
4 Native obfuscation Can avoid runtime entirely by using native code Full-native code obfuscation No Java code or invocations to Java methods Application DEX Code Framework APIs JNI Application Native Code Seems very little malware do this ART/DVM Runtime Framework APIs mostly in Java Linux Requires access to undocumented Device low-level interfaces of system services!!! 4
5 Obfuscation via runtime tampering Language-based obfuscation ease of use, reliability difficulty of analysis Full-native code obfuscation Runtime-based? obfuscation I do Y and only Y (I mean X) Application DEX Code Framework APIs JNI Application Native Code Not malware! Doesn t do X ART/DVM Runtime Linux Device!!! 5
6 Unexpected code behavior Unexpected Unexpected Unexpected classes methods instructions I m loading I m invoking I m executing DEX D: class A from DEX D method B from class A instrs <abc> from method B class A: ART/DVM Runtime method B: <abc> Actually Actually Actually Loading Invoking Executing class E method I instrs <hac> <native> from DEX V from class L from method K Java 6
7 Android RunTime (ART) Investigated how code is loaded and executed within ART DEX D: class A: method B: ART <abc>!!! 7
8 ART code loading DEX D: ART class A: method B: <abc> java.lang. DexFile DEX file DEX file (mmap) (mmap) 1 2 DEX file hooking mcookie 1 art:: art:: DexFile DexFile begin_ 2 class A: class E: method B: method V: <abc> <bad>!!! 8
9 ART code loading DEX D: ART class A: method B: DEX file (mmap) mirror:: Class Unexpected classes <abc> 3 and methods class E: A: method V: B: <bad> <abc> art:: ArtMethod 1 2 DEX file hooking 3 Bytecode overwriting!!! 9
10 ART code execution Invoke B() in class A DEX D: ART (inherited from class O) class A: method B: DEX file mirror:: Class <abc> (mmap) class A: method B: vtable_ 4 art:: ArtMethod 4 ArtMethod hooking <abc> Unexpected methods!!! 10
11 ART code execution DEX D: ART class A: method B: DEX file mirror:: Class Unexpected instructions <abc> (mmap) art:: class A: ArtMethod method B: <bad> <abc> 6 code_item_offset_ 4 ArtMethod hooking 5 Method entry-point 5 entry_point_ hooking <trampoline> 6 Instruction hooking/ modification!!! 11
12 Runtime state tampering in ART DEX D: class A: method B: ART <abc> 1 2 DEX file hooking 4 ArtMethod hooking 3 Bytecode overwriting 5 Method entry-point? hooking 6 Instruction hooking/ modification!!! 12
13 Deobfuscation Unified framework to handle language-based and runtime-based obfuscation Pure static analysis: imprecise, no run-time information to deobfuscate Reflection targets, dynamically loaded code, etc. Pure dynamic analysis: lack of code coverage?!!! 13
14 Targeted execution static interesting behavior path constraints inject inputs dynamic 1 Wong, M.Y., and Lie,D. IntelliDroid: A targeted input generator for the dynamic analysis of Android malware. In Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS), 2016.!!! 14
15 Dealing with obfuscation static???? obfuscation interesting locations behavior path constraints ` inject inputs dynamic!!! 15
16 : A hybrid iterative deobfuscator static APK file Target Instrument run-time values, extracted code instrumented obfuscation locations deobfuscated application Observe Run security analysis dynamic!!! 16
17 Target Instrument Run Observe Reflection Target oncreate() { Identify obfuscation locations Extract call paths and constraints 7 Method method = klass.getmethod(decrypt( wzjg )); 8 method.invoke(receiver, args); } Target (Reflection) oncreate() Method::invoke()!!! 17
18 Target Instrument Run Observe Target Instrument oncreate() { Instrument obfuscation location Report dynamic values and code 7 Method method = klass.getmethod(decrypt( wzjg )); 8 method.invoke(receiver, args); } Target (Reflection) oncreate() Method::invoke() Instrument log(, method.getname())!!! 18
19 Target Instrument Run Observe Target Instrument Run oncreate() { Generate inputs from targeting Inject inputs to run obfuscation locations 7 Method method = klass.getmethod(decrypt( wzjg )); 8 method.invoke(receiver, args); } Target (Reflection) Run oncreate() Log: refl,oncreate,8, foo Method::invoke() Instrument log(, method.getname())!!! 19
20 Target Instrument Run Observe Target Instrument Run Observe oncreate() { Monitor deobfuscation log Extract dynamic values and code 7 Method method = klass.getmethod(decrypt( wzjg )); 8 method.invoke(receiver, args); Run Observe } Log: refl,oncreate,8, foo oncreate() foo()!!! 20
21 Handling runtime-based obfuscation hidden <java> <native> <java> modifies runtime state Record original ART state Check ART state!!! 21
22 TRuntime-based deobfuscation Example: Instruction hooking oncreate() { 7 nativefoo(); 8 bar(); }!!! 22
23 TRuntime-based deobfuscation Example: Instruction hooking oncreate() { Instrument (ART runtime) Target art:: bar() <native code> ArtMethod abc 7 nativefoo(); 8 bar(); code_item_offset_ entry_point_ xyz Run Log: oncreate,7,bar[code_item],xyz } Extracted DEX: <xyz> Observe oncreate() method_xyz()!!! 23
24 Iterative deobfuscation Target Instrument Example: 2 nd iteration oncreate() { method_xyz() { Observe Run 11 Method method = 7 nativefoo(); klass.getmethod(decode( vbs )); 8 bar(); 12 method.invoke(receiver, args); Target (Reflection) } }!!! 24
25 Implementation Static: Soot framework 2 for analysis and instrumentation Dynamic: Modified AOSP with instrumented ART runtime Android 4.4, 5.0, 6.0 Monitoring process to parse deobfuscation log and extract bytecode 2 Vallée-Rai, R., Co, P., Gagnon, E., Hendren, L., Lam, P., and Sundaresan, V. Soot - a Java bytecode optimization framework. In Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research (1999), CASCON 99, IBM Press, p. 13.!!! 25
26 Evaluation Ability to detect and deobfuscate techniques in modern Android malware Investigate use of language-based and runtime-based obfuscation in malware Deobfuscation performance (in paper)!!! 26
27 : Detection and deobfuscation Labeled obfuscated samples, categorized by obfuscator/packer Reflection Language-based Runtime-based Sensitive APIs Dynamic loading Native methods DEX file hooking Class data overwriting ArtMethod hooking Instruction hooking Instruction overwriting aliprotect baiduprotect dexprotector ijiamipacker naga_pha qihoopacker secshell Iterations Before 100% 53% After!!! 27
28 Obfuscation usage in malware Obfuscated malware samples from VirusTotal Language-based Runtime-based Reflection 58.5% DEX file hooking 64.0% Dynamic loading 79.9% Class data overwriting 0.7% Direct invocation 52.2% ArtMethod hooking 0.5% Reflected invocation 0.1% Method entry-point hooking 0.3% 80% Native invocation 49.2% Instruction hooking 33.7% Native methods 96.8% Instruction overwriting 0.1%!!! 28
29 Conclusion New category of obfuscation techniques in Android: runtime-based obfuscation : A hybrid iterative deobfuscation framework Handles both language-based and runtime-based techniques Deobfuscates modern malware and uncovers sensitive behaviors 80% of samples from VirusTotal dataset use runtime-based obfuscation 29
Tackling runtime-based obfuscation in Android with TIRO
Tackling runtime-based obfuscation in Android with TIRO Michelle Y. Wong and David Lie University of Toronto Abstract Obfuscation is used in malware to hide malicious activity from manual or automatic
More informationAre Your Mobile Apps Well Protected? Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic Unviersity
Are Your Mobile Apps Well Protected? Daniel Xiapu Luo csxluo@comp.polyu.edu.hk Department of Computing The Hong Kong Polytechnic Unviersity 1 What if your mobile app is reverse-engineered by others? Core
More informationAndroid app protection through anti-tampering and anti-debugging Techniques
Android app protection through anti-tampering and anti-debugging Techniques by Jia Wan A thesis submitted to the School of Computing in conformity with the requirements for the degree of Master of Science
More informationRipple: Reflection Analysis for Android Apps in Incomplete Information Environments
Ripple: Reflection Analysis for Android Apps in Incomplete Information Environments Yifei Zhang, Tian Tan, Yue Li and Jingling Xue Programming Languages and Compilers Group University of New South Wales
More informationThings You May Not Know About Android (Un)Packers: A Systematic Study based on Whole- System Emulation
Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole- System Emulation Yue Duan, Mu Zhang, Abhishek Vasisht Bhaskar, Heng Yin, Xiaorui Pan, Tongxin Li, Xueqiang Wang, XiaoFeng
More informationRATCOP: Relational Analysis Tool for Concurrent Programs
RATCOP: Relational Analysis Tool for Concurrent Programs Suvam Mukherjee 1, Oded Padon 2, Sharon Shoham 2, Deepak D Souza 1, and Noam Rinetzky 2 1 Indian Institute of Science, India 2 Tel Aviv University,
More informationAdaptive Unpacking of Android Apps
2017 IEEE/ACM 39th International Conference on Software Engineering Adaptive Unpacking of Android Apps Lei Xue, Xiapu Luo,LeYu, Shuai Wang, Dinghao Wu Department of Computing, The Hong Kong Polytechnic
More informationThe Terminator to Android Hardening Services. Yueqian Zhang, Xiapu Luo, Haoyang Yin Department of Computing The Hong Kong Polytechnic University
The Terminator to Android Hardening Services Yueqian Zhang, Xiapu Luo, Haoyang Yin Department of Computing The Hong Kong Polytechnic University 1 Source: Trend Micro Percentage of top 10 apps in each category
More informationCalFuzzer: An Extensible Active Testing Framework for Concurrent Programs Pallavi Joshi 1, Mayur Naik 2, Chang-Seo Park 1, and Koushik Sen 1
CalFuzzer: An Extensible Active Testing Framework for Concurrent Programs Pallavi Joshi 1, Mayur Naik 2, Chang-Seo Park 1, and Koushik Sen 1 1 University of California, Berkeley, USA {pallavi,parkcs,ksen}@eecs.berkeley.edu
More informationA Method-Based Ahead-of-Time Compiler For Android Applications
A Method-Based Ahead-of-Time Compiler For Android Applications Fatma Deli Computer Science & Software Engineering University of Washington Bothell November, 2012 2 Introduction This paper proposes a method-based
More informationClass Analysis for Testing of Polymorphism in Java Software
Class Analysis for Testing of Polymorphism in Java Software Atanas Rountev Ana Milanova Barbara G. Ryder Rutgers University, New Brunswick, NJ 08903, USA {rountev,milanova,ryder@cs.rutgers.edu Abstract
More informationAppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware
AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware Wenbo Yang 1(B), Yuanyuan Zhang 1, Juanru Li 1, Junliang Shu 1,BodongLi 1, Wenjun Hu 2,3,andDawuGu 1 1 Computer Science and
More informationVirtualSwindle: An Automated Attack Against In-App Billing on Android
Northeastern University Systems Security Lab VirtualSwindle: An Automated Attack Against In-App Billing on Android ASIACCS 2014 Collin Mulliner, William Robertson, Engin Kirda {crm,wkr,ek}[at]ccs.neu.edu
More informationAppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware
AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware Yang Wenbo 1(B), Zhang Yuanyuan 1, Li Juanru 1, Shu Junliang 1 Li Bodong 1, Hu Wenjun 2,3, Gu Dawu 1 1 Computer Science and
More informationRomain Thomas - Static instrumentation based on executable file formats
Romain Thomas - rthomas@quarkslab.com Static instrumentation based on executable file formats About Romain Thomas - Security engineer at Quarkslab Working on various topics: Android, (de)obfuscation, software
More informationNullable Method Detection
Nullable Method Detection Don t Repeat The Mistakes Others Have Already Fixed Manuel Leuenberger Master thesis 13.12.2016 Problem Terms terms = fields.terms(field); TermsEnum termsenum = terms.iterator();
More informationSmall footprint inspection techniques for Android
Small footprint inspection techniques for Android Damien Cauquil, Pierre Jaury 29C3 December 29, 2012 Damien Cauquil, Pierre Jaury Small footprint inspection techniques for Android 1 / 33 Introduction
More informationMobileFindr: Function Similarity Identification for Reversing Mobile Binaries. Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, Kang Li
MobileFindr: Function Similarity Identification for Reversing Mobile Binaries Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, Kang Li Reverse Engineering The process of taking a software program s binary
More informationChapter 2: Operating-System Structures. Operating System Concepts 9 th Edit9on
Chapter 2: Operating-System Structures Operating System Concepts 9 th Edit9on Silberschatz, Galvin and Gagne 2013 Chapter 2: Operating-System Structures 1. Operating System Services 2. User Operating System
More informationACCESSPROV: Tracking the Provenance of Access Control Decisions
ACCESSPROV: Tracking the Provenance of Access Control Decisions Frank Capobianco The Pennsylvania State University fnc110@cse.psu.edu Christian Skalka The University of Vermont skalka@cs.uvm.edu Trent
More informationAnother difference is that the kernel includes only the suspend to memory mechanism, and not the suspend to hard disk, which is used on PCs.
9. Android is an open-source operating system for mobile devices. Nowadays, it has more than 1.4 billion monthly active users (statistic from September 2015) and the largest share on the mobile device
More informationRuntime Integrity Checking for Exploit Mitigation on Embedded Devices
Runtime Integrity Checking for Exploit Mitigation on Embedded Devices Matthias Neugschwandtner IBM Research, Zurich eug@zurich.ibm.com Collin Mulliner Northeastern University, Boston collin@mulliner.org
More informationControl-Flow-Graph-Based Aspect Mining
Control-Flow-Graph-Based Aspect Mining Jens Krinke FernUniversität in Hagen, Germany krinke@acm.org Silvia Breu NASA Ames Research Center, USA silvia.breu@gmail.com Abstract Aspect mining tries to identify
More informationdroidcon Greece Thessaloniki September 2015
droidcon Greece Thessaloniki 10-12 September 2015 Reverse Engineering in Android Countermeasures and Tools $ whoami > Dario Incalza (@h4oxer) > Application Security Engineering Analyst > Android Developer
More informationIntroduction to Android development
Introduction to Android development Manifesto Digital We re an award winning London based digital agency that loves ideas design and technology We aim to make people s lives better, easier, fairer, more
More informationA Framework for Evaluating Mobile App Repackaging Detection Algorithms
A Framework for Evaluating Mobile App Repackaging Detection Algorithms Heqing Huang, PhD Candidate. Sencun Zhu, Peng Liu (Presenter) & Dinghao Wu, PhDs Repackaging Process Downloaded APK file Unpack Repackaged
More informationIOSR Journal of Computer Engineering (IOSRJCE) ISSN: Volume 3, Issue 3 (July-Aug. 2012), PP
IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661 Volume 3, Issue 3 (July-Aug. 2012), PP 50-55 Modeling Object Oriented Applications by Using Dynamic Information for the Iterative Recovery
More informationDetecting Advanced Android Malware by Data Flow Analysis Engine. Xu Hao & pll
Detecting Advanced Android Malware by Data Flow Analysis Engine Xu Hao & pll 2013.09 Content Background adfaer - Android Data Flow Analyzer Janus - Detect Reflection Experiment Future Work Android Security
More informationManaged. Code Rootkits. Hooking. into Runtime. Environments. Erez Metula ELSEVIER. Syngress is an imprint of Elsevier SYNGRESS
Managed Code Rootkits Hooking into Runtime Environments Erez Metula ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint
More informationAccess Control for Plugins in Cordova-based Hybrid Applications
2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising
More informationDimensions of Precision in Reference Analysis of Object-oriented Programming Languages. Outline
Dimensions of Precision in Reference Analysis of Object-oriented Programming Languages Dr. Barbara G. Ryder Rutgers University http://www.cs.rutgers.edu/~ryder http://prolangs.rutgers.edu/ Research supported,
More informationMobile application tamper detection scheme using dynamic code injection against repackaging attacks
J Supercomput (2016) 72:3629 3645 DOI 10.1007/s11227-016-1763-2 Mobile application tamper detection scheme using dynamic code injection against repackaging attacks Haehyun Cho 1 Jiwoong Bang 1 Myeongju
More informationEcoDroid: An Approach for Energy-Based Ranking of Android Apps
2015 IEEE/ACM 4th International Workshop on Green and Sustainable Software EcoDroid: An Approach for Energy-Based Ranking of Android Apps Reyhaneh Jabbarvand, Alireza Sadeghi, Joshua Garcia, Sam Malek,
More informationCHAPTER 2: SYSTEM STRUCTURES. By I-Chen Lin Textbook: Operating System Concepts 9th Ed.
CHAPTER 2: SYSTEM STRUCTURES By I-Chen Lin Textbook: Operating System Concepts 9th Ed. Chapter 2: System Structures Operating System Services User Operating System Interface System Calls Types of System
More informationChapter 2: Operating-System Structures
Chapter 2: Operating-System Structures Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System
More informationChapter 2: Operating-System Structures. Operating System Concepts 9 th Edition
Chapter 2: Operating-System Structures Silberschatz, Galvin and Gagne 2013 Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System
More informationDroid-AntiRM: Taming Control Flow Anti-analysis to Support Automated Dynamic Analysis of Android Malware
Droid-AntiRM: Taming Control Flow Anti-analysis to Support Automated Dynamic Analysis of Android Malware Xiaolei Wang College of Computer, National University of Defense Technology, China xiaoleiwang@nudt.edu.cn
More informationAndroid System Development Training 4-day session
Android System Development Training 4-day session Title Android System Development Training Overview Understanding the Android Internals Understanding the Android Build System Customizing Android for a
More informationDELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroid
DELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroid Mahmoud Hammad Software Engineering Ph.D. Candidate Mahmoud Hammad, Hamid Bagheri, and Sam Malek IEEE International Conference
More informationChapter 2: System Structures. Operating System Concepts 9 th Edition
Chapter 2: System Structures Silberschatz, Galvin and Gagne 2013 Chapter 2: System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs
More informationThe Impact of a Real-Time JVM on Middleware Performance: Lessons Learned from Implementing DDS on IBM s J9
The Impact of a Real-Time JVM on Middleware Performance: Lessons Learned from Implementing DDS on IBM s J9 Ken Brophy, Senior Applications Engineer, RTI Rick Warren, Lead Software Engineer, RTI Agenda
More informationFour Components of a Computer System
Four Components of a Computer System Operating System Concepts Essentials 2nd Edition 1.1 Silberschatz, Galvin and Gagne 2013 Operating System Definition OS is a resource allocator Manages all resources
More informationInvokeDynamic support in Soot
InvokeDynamic support in Soot Eric Bodden Secure Software Engineering Group European Center for Security and Privacy by Design (EC SPRIDE) Technische Universität Darmstadt Darmstadt, Germany eric.bodden@ec-spride.de
More informationIntroduction. Lecture 1. Operating Systems Practical. 5 October 2016
Introduction Lecture 1 Operating Systems Practical 5 October 2016 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.
More informationThe Research on Security Reinforcement of Android Applications
4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering (ICMMCCE 2015) The Research on Security Reinforcement of Android Applications Feng Xiaorong1, a, Lin Jun2,b and
More informationOperating System Services. User Services. System Operation Services. User Operating System Interface - CLI. A View of Operating System Services
Operating System Services One set of services for users The other set of services for system operations Operating Systems Structures Notice: This set of slides is based on the notes by Professor Perrone
More informationMOBILE DEFEND. Powering Robust Mobile Security Solutions
MOBILE DEFEND Powering Robust Mobile Security Solutions Table of Contents Introduction Trustlook SECURE ai Mobile Defend Who Uses SECURE ai Mobile Defend? How it Works o Mobile Device Risk Score o Mobile
More informationUnderstanding and Detecting Wake Lock Misuses for Android Applications
Understanding and Detecting Wake Lock Misuses for Android Applications Artifact Evaluated by FSE 2016 Yepang Liu, Chang Xu, Shing-Chi Cheung, and Valerio Terragni Code Analysis, Testing and Learning Research
More informationLecture 08. Android Permissions Demystified. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner. Operating Systems Practical
Lecture 08 Android Permissions Demystified Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner Operating Systems Practical 20 November, 2013 OSP Lecture 08, Android Permissions Demystified
More informationAppSpear: Bytecode Decryp0ng and DEX Reassembling for Packed Android Malware
AppSpear: Bytecode Decryp0ng and DEX Reassembling for Packed Android Malware Yang Wenbo, Zhang Yuanyuan, Li Juanru, Shu Junliang, Li Bodong, Hu Wenjun, Gu Dawu Sudeep Nanjappa Jayakumar Agenda Introduc0on
More informationIn-App virtualization to bypass Android security mechanisms of unrooted devices
In-App virtualization to bypass Android security mechanisms of unrooted devices julien.thomas@protektoid.com Protektoid Project March 1st, 2018 - Budapest 2 / 45 Outline 1 Introduction 2 Core principles
More informationP17 System Testing Monday, September 24, 2007
IBM Software Group P17 System Testing Monday, September 24, 2007 Module 8 : IBM Rational Testing Solutions Marty Swafford IBM Rational Software IBM Certified Solution Designer - Rational Manual Tester,
More informationCS260 Intro to Java & Android 02.Java Technology
CS260 Intro to Java & Android 02.Java Technology CS260 - Intro to Java & Android 1 Getting Started: http://docs.oracle.com/javase/tutorial/getstarted/index.html Java Technology is: (a) a programming language
More informationAriadnima - Android Component Flow Reconstruction and Visualization
2017 IEEE 31st International Conference on Advanced Information Networking and Applications Ariadnima - Android Component Flow Reconstruction and Visualization Dennis Titze, Konrad Weiss, Julian Schütte
More informationCh 7: Mobile Device Management. CNIT 128: Hacking Mobile Devices. Updated
Ch 7: Mobile Device Management CNIT 128: Hacking Mobile Devices Updated 4-4-17 What is MDM? Frameworks that control, monitor, and manage mobile devices Deployed across enterprises or service providers
More informationArchitecture Optimisation with Currawong
Architecture Optimisation with Currawong Nicholas FitzRoy-Dale NICTA and University of New South Wales nfd@cse.unsw.edu.au Ihor Kuz NICTA and University of New South Wales ihor.kuz@nicta.com.au Gernot
More informationCuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes
CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, Engin Kirda 02/23/2016 Android 2015
More informationUnderstanding and Detecting Wake Lock Misuses for Android Applications
Understanding and Detecting Wake Lock Misuses for Android Applications Artifact Evaluated Yepang Liu, Chang Xu, Shing-Chi Cheung, and Valerio Terragni Code Analysis, Testing and Learning Research Group
More informationUNPACK YOUR TROUBLES:.NET PACKER TRICKS AND COUNTERMEASURES. Marcin Hartung ESET, Poland
UNPACK YOUR TROUBLES:.NET PACKER TRICKS AND COUNTERMEASURES Marcin Hartung ESET, Poland Marcin Hartung hartung@eset.pl Eset Poland UNPACK YOUR TROUBLES:.NET PACKER TRICKS AND COUNTERMEASURES At Eset: programmer
More informationObject-Specific Redundancy Elimination Techniques
Object-Specific Redundancy Elimination Techniques Rhodes H. F. Brown and R. Nigel Horspool {rhodesb,nigelh@cs.uvic.ca Department of Computer Science University of Victoria, P.O. Box 3055 Victoria, BC,
More informationART JIT in Android N. Xueliang ZHONG Linaro ART Team
ART JIT in Android N Xueliang ZHONG Linaro ART Team linaro-art@linaro.org 1 Outline Android Runtime (ART) and the new challenges ART Implementation in Android N Tooling Performance Data & Findings Q &
More informationFrom Whence It Came: Detecting Source Code Clones by Analyzing Assembler
From Whence It Came: Detecting Source Code Clones by Analyzing Assembler Ian J. Davis and Michael W. Godfrey David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, Canada
More informationPractical and Efficient Exploit Mitigation for Embedded Devices
Practical and Efficient Exploit Mitigation for Embedded Devices Matthias Neugschwandtner IBM Research, Zurich Collin Mulliner Northeastern University, Boston Qualcomm Mobile Security Summit 2015 1 Embedded
More informationTowards Verifying Android Apps for the Absence of No-Sleep Energy Bugs
Towards Verifying Android Apps for the Absence of No-Sleep Energy Bugs Panagiotis Vekris Ranjit Jhala, Sorin Lerner, Yuvraj Agarwal University of California, San Diego 1 2 Software Energy Bugs 3 Software
More informationAssumption Hierarchy for a CHA Call Graph Construction Algorithm
Assumption Hierarchy for a CHA Call Graph Construction Algorithm Jason Sawin Mathematics and Computer Science University of Puget Sound Atanas Rountev Computer Science and Engineering The Ohio State University
More informationMobile Middleware Course. Mobile Platforms and Middleware. Sasu Tarkoma
Mobile Middleware Course Mobile Platforms and Middleware Sasu Tarkoma Role of Software and Algorithms Software has an increasingly important role in mobile devices Increase in device capabilities Interaction
More informationL.C.Smith. Privacy-Preserving Offloading of Mobile App to the Public Cloud
Privacy-Preserving Offloading of Mobile App to the Public Cloud Yue Duan, Mu Zhang, Heng Yin and Yuzhe Tang Department of EECS Syracuse University L.C.Smith College of Engineering 1 and Computer Science
More informationHow to secure your mobile application with RASP
How to secure your mobile application with RASP Webinar - 13 December 2016 Agenda 1. Mobile Application Security Risk categories Protection layers including RASP Dirk Denayer Enterprise & Application Security
More informationLab5. Wooseok Kim
Lab5 Wooseok Kim wkim3@albany.edu www.cs.albany.edu/~wooseok/201 Question Answer Points 1 A or B 8 2 A 8 3 D 8 4 20 5 for class 10 for main 5 points for output 5 D or E 8 6 B 8 7 1 15 8 D 8 9 C 8 10 B
More informationBreaking Ad-hoc Runtime Integrity Protection Mechanisms in Android Financial Apps
Breaking Ad-hoc Runtime Integrity Protection Mechanisms in Android Financial Apps Taehun Kim Seoul National University th_kim@snu.ac.kr Jaeyeon Jung Samsung Electronics jyjung@gmail.com Hyeonmin Ha Seoul
More informationNifty stuff that you can still do with Android. Xavier 'xeu' Martin HES 2013 May 2th 2013
Nifty stuff that you can still do with Android Xavier 'xeu' Martin HES 2013 May 2th 2013 1 Thank You! This presentation is a compilation of original research done by the following people: Tim Strazzere
More informationApplications Mobiles et Internet des Objets Introduction a l architecture d Android
Applications Mobiles et Internet des Objets Introduction a l architecture d Android Thibault CHOLEZ - thibault.cholez@loria.fr TELECOM Nancy - Universite de Lorraine LORIA - INRIA Nancy Grand-Est From
More informationOptimizing Your Android Applications
Optimizing Your Android Applications Alexander Nelson November 27th, 2017 University of Arkansas - Department of Computer Science and Computer Engineering The Problem Reminder Immediacy and responsiveness
More informationInvestigating Java Type Analyses for the Receiver-Classes Testing Criterion
Investigating Java Type Analyses for the Receiver-Classes Testing Criterion Pierre-Luc Brunelle Computer Eng. Dept. École Polytechnique Montréal, PQ, Canada Ettore Merlo Computer Eng. Dept. École Polytechnique
More informationID: Sample Name: com.cleanmaster.mguard_ apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:32:59 Date: 27/02/2018 Version: 22.0.
ID: 48100 Sample Name: com.cleanmaster.mguard_2018-02-12.apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:32:59 Date: 27/02/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report
More informationAndroid Obfuscation and Deobfuscation. Group 11
Android Obfuscation and Deobfuscation Group 11 Password Diary App Overview App - Raj Obfuscation Cam and Jack Deobfuscation Adi and Shon Overview - Concept A password manager that lets you decide whether
More informationkguard++: Improving the Performance of kguard with Low-latency Code Inflation
kguard++: Improving the Performance of kguard with Low-latency Code Inflation Jordan P. Hendricks Brown University Abstract In this paper, we introduce low-latency code inflation for kguard, a GCC plugin
More informationAndroid PC Splash Brothers Design Specifications
Android PC Splash Brothers Design Specifications Contributors: Zach Bair Taronish Daruwalla Joshua Duong Anthony Nguyen 1. Technology background The Android x86 project has been in existence since 2011.
More informationChapter 2. Operating-System Structures
Chapter 2 Operating-System Structures 2.1 Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System
More informationReverse Engineering Malware Binary Obfuscation and Protection
Reverse Engineering Malware Binary Obfuscation and Protection Jarkko Turkulainen F-Secure Corporation Protecting the irreplaceable f-secure.com Binary Obfuscation and Protection What is covered in this
More informationOn-line Anomaly Detection of Deployed Software: A Statistical Machine Learning Approach
On-line Anomaly Detection of Deployed Software: A Statistical Machine Learning Approach George K. Baah, Alexander Gray, and Mary Jean Harrold College of Computing Georgia Institute of Technology Atlanta,
More informationA Quantitative Evaluation of the Contribution of Native Code to Java Workloads
A Quantitative Evaluation of the Contribution of Native Code to Java Workloads Walter Binder University of Lugano Switzerland walter.binder@unisi.ch Jarle Hulaas, Philippe Moret EPFL Switzerland {jarle.hulaas,philippe.moret}@epfl.ch
More informationUser scripting on Android using BladeDroid
User scripting on Android using BladeDroid Ravi Bhoraskar, Dominic Langenegger, Pingyang He, Raymond Cheng, Will Scott, and Michael D. Ernst University of Washington {bhora, pingyh, ryscheng,wrs,mernst@cs.washington.edu
More informationDelft-Java Link Translation Buffer
Delft-Java Link Translation Buffer John Glossner 1,2 and Stamatis Vassiliadis 2 1 Lucent / Bell Labs Advanced DSP Architecture and Compiler Research Allentown, Pa glossner@lucent.com 2 Delft University
More informationEvaluating a Demand Driven Technique for Call Graph Construction
Evaluating a Demand Driven Technique for Call Graph Construction Gagan Agrawal 1,JinqianLi 2, and Qi Su 2 1 Department of Computer and Information Sciences, Ohio State University Columbus, OH 43210 agrawal@cis.ohio-state.edu
More informationMaria Hybinette. Computer Science Department University of Georgia Athens, GA 30602, USA
Proceedings of the 2011 Winter Simulation Conference S. Jain, R. R. Creasey, J. Himmelspach, K. P. White, and M. Fu, eds. ON-THE-FLY PARALLELIZATION IN AGENT-BASED SIMULATION SYSTEMS Cole Sherer Computer
More informationMock Objects and the Mockito Testing Framework Carl Veazey CSCI Friday, March 23, 12
Mock Objects and the Mockito Testing Framework Carl Veazey CSCI 5828 Introduction Mock objects are a powerful testing pattern for verifying the behavior and interactions of systems. This presentation aims
More informationComputer Programming, I. Laboratory Manual. Final Exam Solution
Think Twice Code Once The Islamic University of Gaza Engineering Faculty Department of Computer Engineering Fall 2017 ECOM 2005 Khaleel I. Shaheen Computer Programming, I Laboratory Manual Final Exam Solution
More informationID: Sample Name: YNtbLvNHuo Cookbook: defaultandroidfilecookbook.jbs Time: 14:44:34 Date: 12/01/2018 Version:
ID: 42511 Sample Name: YNtbLvNHuo Cookbook: defaultandroidfilecookbook.jbs Time: 14:44:34 Date: 12/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More informationID: Sample Name: com.cleanmaster.mguard_ apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:17:05 Date: 27/02/2018 Version: 22.0.
ID: 48093 Sample Name: com.cleanmaster.mguard_2018-02-12.apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:17:05 Date: 27/02/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report
More informationModern Buffer Overflow Prevention Techniques: How they work and why they don t
Modern Buffer Overflow Prevention Techniques: How they work and why they don t Russ Osborn CS182 JT 4/13/2006 1 In the past 10 years, computer viruses have been a growing problem. In 1995, there were approximately
More informationOptimized Compilation of Around Advice for Aspect Oriented Programs
Journal of Universal Computer Science, vol. 13, no. 6 (2007), 753-766 submitted: 19/1/07, accepted: 22/3/07, appeared: 28/6/07 J.UCS Optimized Compilation of Around Advice for Aspect Oriented Programs
More informationAutomatic Test Generation for Mobile GUI Applications
1 Automatic Test Generation for Mobile GUI Applications Henri Heiskanen Tommi Takala Department of Software Systems Tampere University of Technology, Finland first.lastname@tut.fi 2 Contents 1. About Model-Based
More informationIBM Education Assistance for z/os V2R1
IBM Education Assistance for z/os V2R1 Item: Launch PL/I Element/Component: BCP Batch Runtime Material is current as of June 2013 Agenda Trademarks Presentation Objectives Overview Usage & Invocation Interactions
More informationDesign and Implementation of a Random Access File System for NVRAM
This article has been accepted and published on J-STAGE in advance of copyediting. Content is final as presented. IEICE Electronics Express, Vol.* No.*,*-* Design and Implementation of a Random Access
More informationInheritance, Polymorphism and the Object Memory Model
Inheritance, Polymorphism and the Object Memory Model 1 how objects are stored in memory at runtime? compiler - operations such as access to a member of an object are compiled runtime - implementation
More informationDesign issues for objectoriented. languages. Objects-only "pure" language vs mixed. Are subclasses subtypes of the superclass?
Encapsulation Encapsulation grouping of subprograms and the data they manipulate Information hiding abstract data types type definition is hidden from the user variables of the type can be declared variables
More informationApplications. Cloud. See voting example (DC Internet voting pilot) Select * from userinfo WHERE id = %%% (variable)
Software Security Requirements General Methodologies Hardware Firmware Software Protocols Procedure s Applications OS Cloud Attack Trees is one of the inside requirement 1. Attacks 2. Evaluation 3. Mitigation
More informationIntroduction to Android
Introduction to Android Ambient intelligence Teodoro Montanaro Politecnico di Torino, 2016/2017 Disclaimer This is only a fast introduction: It is not complete (only scrapes the surface) Only superficial
More information