题名

系統化量測Android軟體檢測覆蓋率之方法設計與實作

作者

林仲儀;邱敬翔;黃俊穎

关键词

Android ; 軟體檢測覆蓋率 ; 動態分析 ; 軟體測試 ; Android ; code coverage measurement ; dynamic analysis ; software testing

期刊名称

資訊安全通訊

卷期/出版年月

23卷1期(2017 / 01 / 01)

页次

17 - 40

内容语文

繁體中文
中文摘要

在這個研究裡,我們提出一個以系統化的方式量測Android軟體檢測覆蓋率的方法。測量軟體檢測覆蓋率是用來理解一個動態分析工具能力的基礎。過去研究人員通常使用動態插入指令來測量軟體檢測覆蓋率。然而,這種方法只有在可以本機端完全受控的環境中才適用,同時常常也需要搭配原始碼進行檢測。我們主要透過產生靜態Android軟體修補的方法來進行檢測覆蓋率的量測。經過我們所修補的軟體可以同時用來測量本機和遠端的軟體檢測覆蓋率工具。我們的測量結果顯示目前市面上現有的軟體檢測覆蓋率大多介於10%到50%,表示這些工具仍有很大的空間可以改善。這些結果可以提供詳細的資訊給研究人員和開發人員,使他們對相關技術的能力有更徹底的了解以並提供可能的改善方向。
英文摘要

In this study, we propose a systematic approach that measures the code coverage of Android dynamic analysis tools. Code coverage measurement is a fundamental step in understanding the capabilities of such tools. Previously, researchers often measured code coverage by using dynamic instrumentations. However, dynamic it is effective only in certain controlled environments and, therefore, are only applicable to local applications having source codes. Our approach resolves the aforementioned problems by generating statically patched Android packages for profiling dynamic analysis tools. The generated packages can be used to measure the code coverage rate of both local and remote tools. The measurement results reveal that the code coverage rate for the evaluated tools is between 10%-50%, indicating that these tools still require improvement. The results provide detailed information for researchers and developers to thoroughly understand and improve dynamic analysis techniques.
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. J. Freke, “smali: An assembler/disassembler for Android's dex format.” [Online].Available: https://github.com/JesusFreke/smali
  2. F-Droid.org, “F-Droid: Free and open source app repository.” [Online]. Available: https://f-droid.org/
  3. C. Tumbleson, “A tool for reverse engineering Android apk files.” [Online].Available: http://ibotpeaches.github.io/Apktool/
  4. V. Roubtsov, “EMMA: a free Java code coverage tool.” [Online]. Available: http://emma.sourceforge.net/
  5. A. Desnos and G. Gueguen, “Reverse engineering, malware and goodware analysis of android applications ... and more (ninja !).” [Online]. Available: https://github.com/androguard/androguard
  6. Android, “UI/Application exerciser Monkey.”[Online]. Available: http://developer.android.com/tools/help/monkey.html
  7. C. Florian, “Most vulnerable operating systems and applications in 2014,”February 2015. [Online]. Available: http://www.gfi.com/blog/most-vulnerableoperating-systems-and-applications-in-2014/
  8. Google, Inc., “Google settings (android): Protect against harmful apps.” [Online].Available: https://support.google.com/accounts/answer/2812853
  9. D. Slife and M. Chesney, “jCello.” [Online]. Available: http://jcello.sourceforge.net/
  10. International Secure Systems Lab (iSecLab), “Anubis: Malware analysis for unknown binaries.” [Online]. Available: http://anubis.iseclab.org/
  11. S. Chiba, “Javassist: Java bytecode engineering toolkit since 1999.” [Online]. Available: http://jboss-javassist.github.io/javassist/
  12. International Data Corporation, “Smartphone OS market share, Q2 2015.”[Online]. Available: http://www.idc.com/prodserv/smartphone-os-market-share.jsp
  13. P. Lantz and A. Desnos, “DroidBox: An android application sandbox for dynamic analysis.” [Online]. Available: https://code.google.com/p/droidbox/
  14. V. van der Veen and C. Rossow, “Tracedroid - dynamic Android app analysis.”[Online]. Available: http://tracedroid.few.vu.nl/
  15. VirusTotal, “VirusTotal - free online virus, malware and URL scanner.” [Online].Available: https://www.virustotal.com/
  16. Antunes, N.,Vieira, M.(2015).Assessing and comparing vulnerability detection tools for web services: Benchmarking approach and examples.IEEE Transactions on Services Computing,8(2),269-283.
  17. Bayer, U.,Kruegel, C.,Kirda, E.(2006).TTAnalyze: A tool for analyzing malware.Proceedings of the 15th European Institute for Computer Antivirus Research Annual Conference, ser. EICAR
  18. Blsing, T.,Batyuk, L.,Schmidt, A.-D.,Camtepe, S.,Albayrak, S.(2010).An android application sandbox system for suspicious software detection.Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE)
  19. Bruschi, D.,Martignoni, L.,Monga, M.(2006).Detecting selfmutating malware using control-flow graph matching.Proceedings of the 3rd International Conference on Detection of Intrusions and Malware & Vulnerability Assessment
  20. Burguera, I.,Zurutuza, U.,Nadjm-Tehrani, S.(2011).Crowdroid: Behavior-based malware detection system for Android.Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, ser. SPSM
  21. Chen, M.H.,Lyu, M. R.,Wong, W. E.(2001).Effect of code coverage on software reliability measurement.IEEE Transactions on Reliability,50(2),165-170.
  22. Enck, W.,Gilbert, P.,Chun, B.-G.,Cox, L. P.,Jung, J.,Mc-Daniel, P.,Sheth, A. N.(2010).TaintDroid: An information flow tracking system for realtime privacy monitoring on smartphones.Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, ser. OSDI'10,Berkeley, CA, USA:
  23. Enck, W.,Octeau, D.,McDaniel, P.,Chaudhuri, S.(2011).A study of android application security.Proceedings of the 20th USENIX Conference on Security
  24. Horvth, F.,Bognr, S.,Gergely, T.,Rcz, R.,Beszdes, A.,Marinkovic, V.(2014).Code coverage measurement framework for android devices.Acta Cybernetica,21,439-458.
  25. Huang, C.-Y.,Chiu, C.-H.,Lin, C.-H.,Tzeng, H.-W.(2015).Code coverage measurement for android dynamic analysis tools.Proceedings of IEEE International Conference on Mobile Services
  26. Huffman, D. A.(1952).A method for the construction of minimum-redundancy codes.Proceedings of the I.R.E,40,1098-1101.
  27. Lindorfer, M.,Neugschwandtner, M.,Weichselbaum, L.,Fratantonio, Y.,van der Veen, V.,Platzer, C.(2014).Andrubis - 1,000,000 Apps Later: A View on Current Android Malware Behaviors.Proceedings of the the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)
  28. Machiry, A.,Tahiliani, R.,Naik, M.(2013).Dynodroid: An input generation system for android apps.Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, ser. ESEC/FSE 2013,New York, NY, USA:
  29. Maggi, F.,Valdi, A.,Zanero, S.(2013).Andrototal: A flexible, scalable toolbox and service for testing mobile malware detectors.Proceedings of the 3rd Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM)
  30. Mahmood, R.,Esfahani, N.,Kacem, T.,Mirzaei, N.,Malek, S.,Stavrou, A.(2012).A whitebox approach for automated security testing of android applications on the cloud.Proceedings of the 7th International Workshop on Automation of Software Test, ser. AST '12,Piscataway, NJ, USA:
  31. Marek, L.,Zheng, Y.,Ansaloni, D.,Sarimbekov, A.,Binder, W.,Tma, P.,Qi, Z.(2012).Java bytecode instrumentation made easy: The DiSL framework for dynamic program analysis.Proceedings of the 10th Asian Symposium on Programming Languages and Systems
  32. Mei, L.,Cai, Y.,Jia, C.,Jiang, B.,Chan, W. K.,Zhang, Z.,Tse, T. H.(2015).A subsumption hierarchy of test case prioritization for composite services.IEEE Transactions on Services Computing,8(5),658-673.
  33. Reina, A.,Fattori, A.,Cavallaro, L.(2013).A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors.Proceedings of the 6th European Workshop on System Security (EUROSEC),Prague, Czech Republic:
  34. Ryder, B. G.(1979).Constructing the call graph of a program.IEEE Transactions on Software Engineering,SE-5(5),216-226.
  35. Seesing, A.,Orso, A.(2005).InsECTJ: a generic instrumentation framework for collecting dynamic information within Eclipse.Proceedings of the 2005 OOPSLA workshop on Eclipse technology eXchange
  36. Tam, K.,Khan, S. J.,Fattori, A.,Cavallaro, L.(2015).CopperDroid: Automatic reconstruction of Android malware behaviors.Proceedings of the Network and Distributed System Security Symposium
  37. van der Veen, V.(2013).VU University Amsterdam.
  38. Xie, L.,Zhang, X.,Seifert, J.-P.,Zhu, S.(2010).pBMDS: A behavior-based malware detection system for cellphone devices.Proceedings of the Third ACM Conference on Wireless Network Security, ser. WiSec '10,New York, NY, USA:
  39. Yan, L. K.,Yin, H.(2012).DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis.Proceedings of the 21st USENIX Security Symposium, ser. Security'12,Berkeley, CA, USA:
  40. Zhou, Y.,Wang, Z.,Zhou, W.,Jiang, X.(2012).Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets.Proceedings of the Network and Distributed System Security Symposium
print cancel