The assessment of information flows is an essential part of analyzing Android apps, and is frequently supported by static taint analysis. Its precision, however, can suffer from the analysis not being able to precisely determine what elements a pointer can (and can not) point to. Recent advances in static analysis suggest that incorporating dynamic heap snapshots, taken at one point at runtime, can significantly improve general static analysis. In this paper, we investigate to what extent this also holds for taint analysis, and how various design decisions, such as when and how many snapshots are collected during execution, and how exactly they are used, impact soundness and precision. We have extended FlowDroid to incorporate heap snapshot...
In the last decade, many static taint analysis tools based on IFDS have been proposed. Nearly all of...
Static and dynamic program analysis techniques are important research areas in software security. St...
Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smar...
Heapster and DroidMacroBench artifacts for the ICSE 2020 paper "Heaps'n Leaks: How Heap Snapshots Im...
The present paper proposes the first static analysis for Android applications which is both flow-sen...
Numerous static taint analysis techniques have recently been proposed for identifying information fl...
Smartphone users suffer from insufficient information on how commercial as well as malicious apps ha...
Today’s smartphones are a ubiquitous source of private and confidential data. At the same time, smar...
One approach to defending against malicious Android applications has been to analyze them to detect ...
Context: Static analysis exploits techniques that parse program source code or bytecode, often trave...
Malicious and unintentionally insecure Android applications can leak users ’ sen-sitive data. One ap...
Static analyses aspire to explore all possible executions in order to achieve soundness. Yet, in pra...
When performing program analysis, loops are one of the most important aspects that needs to be taken...
When performing program analysis, loops are one of the most important aspects that needs to be taken...
Due to the lack of established real-world benchmark suites for static taint analyses of Android appl...
In the last decade, many static taint analysis tools based on IFDS have been proposed. Nearly all of...
Static and dynamic program analysis techniques are important research areas in software security. St...
Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smar...
Heapster and DroidMacroBench artifacts for the ICSE 2020 paper "Heaps'n Leaks: How Heap Snapshots Im...
The present paper proposes the first static analysis for Android applications which is both flow-sen...
Numerous static taint analysis techniques have recently been proposed for identifying information fl...
Smartphone users suffer from insufficient information on how commercial as well as malicious apps ha...
Today’s smartphones are a ubiquitous source of private and confidential data. At the same time, smar...
One approach to defending against malicious Android applications has been to analyze them to detect ...
Context: Static analysis exploits techniques that parse program source code or bytecode, often trave...
Malicious and unintentionally insecure Android applications can leak users ’ sen-sitive data. One ap...
Static analyses aspire to explore all possible executions in order to achieve soundness. Yet, in pra...
When performing program analysis, loops are one of the most important aspects that needs to be taken...
When performing program analysis, loops are one of the most important aspects that needs to be taken...
Due to the lack of established real-world benchmark suites for static taint analyses of Android appl...
In the last decade, many static taint analysis tools based on IFDS have been proposed. Nearly all of...
Static and dynamic program analysis techniques are important research areas in software security. St...
Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smar...