TWC: Medium: Collaborative: Extending Smart-Phone Application Analysis

TWC：媒介：协作：扩展智能手机应用程序分析

• 批准号: 1228620
• 负责人: Somesh Jha
• 金额: $ 44.34万
• 依托单位: University of Wisconsin-Madison
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2018-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1228620&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Extending; Smart

This research is focused on the creation of new techniques and algorithms to support comprehensive analysis of Android applications. We have developed formally grounded techniques for extracting accurate models of smartphone applications from installation images. The recovery formalization is based on TyDe, a typed meta-representation of Dalvik bytecode (the code structure used by the Android smartphone operating system). In developing TyDe, we are formalizing the TyDe type inferencing, ill-formed bytecode structure management, and creating a generalized Dalvik-to-Java retargeting logic based on bytecode "instruction templates". TyDe and the models they represent are being used to perform deep analysis of application structure to infer potential application behaviors that may harm users, their data, or the cellular or Internet infrastructure. In particular, these analyses support whole program analysis, reflection, and smartphone specific data flow analysis. Such analyses provide a means for evaluating an applications adherence to best security practices or organizational requirements by inspecting permission structures, component interfaces, and source code and library origins for signals of malicious behavior. The analysis techniques are being evaluated on a large corpus of real-world applications extracted from real application markets. In the broadest view, this work is providing new avenues for researchers, industry, and consumers to assess potential dangers presented by applications retrieved from smartphone application markets, an advancing the state of the art in application program analysis.

这项研究的重点是创建新的技术和算法，以支持Android应用程序的全面分析。 我们已经开发出正式接地技术，从安装图像中提取智能手机应用程序的准确模型。 恢复形式化基于TyDe，这是Dalvik字节码（Android智能手机操作系统使用的代码结构）的类型化元表示。 在开发TyDe的过程中，我们正在形式化TyDe类型推理，病态字节码结构管理，并基于字节码“指令模板”创建广义Dalvik到Java重定向逻辑。TyDe及其代表的模型被用于对应用程序结构进行深入分析，以推断可能损害用户、数据或蜂窝或互联网基础设施的潜在应用程序行为。 特别是，这些分析支持整个程序分析，反射和智能手机特定的数据流分析。 这种分析提供了一种方法，通过检查许可结构、组件接口以及源代码和库来源来评估应用程序是否符合最佳安全实践或组织要求，以发现恶意行为的信号。 分析技术正在评估从真实的应用市场中提取的大量真实世界应用。 从最广泛的角度来看，这项工作为研究人员，行业和消费者提供了新的途径，以评估从智能手机应用程序市场检索的应用程序所带来的潜在危险，推动了应用程序分析的最新发展。