Better Performance Through Thread-local Emulation

ABSTRACT Mobile platforms are shifting away from managed code and toward native code. For example, the most recent versions of Android compile Dalvik bytecodes to native code at installtime, and apps frequently use third-party native libraries. The trend toward native code on mobile platforms calls us to develop new ways of building dynamic taint-tracking tools, such as TaintDroid, that achieve good performance. In this paper, we argue that the key to good performance is to track only when necessary, e.g., when an app handles sensitive data. We argue that thread-local emulation is a feature that captures this goal. In this paper, we discuss the motivation for thread-local emulation, the software and hardware techniques that may be used to implement it, results from preliminary work, and the many challenges that remain

Using Byte Code to Find Idiosyncratic Android Camera Apps

The growing popularity of Android devices has made them an increasing target for malicious apps. Of course, a malicious app is most effective when a user is not aware of its intent. Therefore, they often take the form of ostensibly benign, helpful, and, for that matter, free applications. Our goal is to discover how common this is among free camera applications. Camera applications are a good test case because they ought to be very simple. This paper uses static analysis on the Dalvik byte code of camera applications to search for certain characteristics or identify applications that demonstrate behavior that is not expected by the user

Optimizing Java Code for Mobile Computing: The Android Example

Atualmente os dispositivos móveis são utilizados em todo o mundo, e o número de utilizadores cresce diariamente. Apesar da evolução das funcionalidades dos dispositivos móveis e do seu poder de processamento, a portabilidade e consumo de energia ainda são uma preocupação. Os utilizadores pretendem que os seus dispositivos móveis sejam capazes de tirar o máximo de vantagens dos recursos mas sem perda da portabilidade. Para isso, é de extrema importância a otimização do software executado nestes dispositivos. O Android é um sistema operativo móvel utilizado por um diverso leque de fabricantes, e as aplicações nativas são desenvolvidas utilizando a linguagem de programação Java. As aplicações nativas utilizam melhor os recursos disponibilizados pelos dispositivos. Esta dissertação foca otimizações de código Java que podem ser usadas para melhorar o desempenho de aplicações Java executadas em dispositivos Android. A proposta consiste no desenvolvimento de um protótipo de software que aplica automaticamente um conjunto de otimizações de código Java. Os eventuais ganhos de desempenho obtidos pela ferramenta desenvolvida serão posteriormente medidos e analisados.Currently mobile platforms are worldwide used and the number of users is growing daily. Although mobile devices are growing in functionalities and processing power, their portability and power consumption are still an issue. Users want their mobile devices able to take advantages of their capabilities but without losing portability. To do so it is of paramount importance the optimization of the software running on those devices. Android is a mobile operating system largely used by many manufactures, and the native applications are developed in Java programming language. Native applications use better Android devices resources. This dissertation focus on Java optimizations that can be used to improve performance of Java applications running in Android platforms. The proposal consists in developing a software prototype that can apply automatically a set of Java code optimizations. The eventual gains of performance obtained by the developed tool will be measured and analyzed

Practical Dynamic Information-Flow Tracking on Mobile Devices

<p>Today's consumer mobile platforms such as Android and iOS manage large ecosystems of untrusted third-party applications. It is common for an application to request one or more types of sensitive data. Unfortunately, users have no insight into how their data is used. Given the sensitivity of the data accessible by these applications, it is paramount that mobile operating systems prevent apps from leaking it.</p><p>This dissertation shows that it is possible to improve the soundness of dynamic information-flow tracking on a mobile device without sacrificing precision, performance, or transparency. We extend the state of the art in dynamic information-flow tracking on Android and address two major limitations: quantifying implicit flow leaks in Dalvik bytecode and tracking explicit flows in native code. Our goal is to deliver seamless end-to-end taint tracking across Dalvik bytecode and native code.</p><p>We propose SpanDex, a system that quantifies implicit flow leaks in Dalvik bytecode for apps handling password data. SpanDex computes a bound of revealed tainted data by recording the control-flow dependencies and for each password character, keeps track of the possible set of values that have been inferred. We also propose TaintTrap, a taint tracking system for native code in third party apps. We explore native taint tracking performance bottlenecks and hardware acceleration techniques to improve instrumentation performance.</p>Dissertatio

ShareJIT: JIT Code Cache Sharing across Processes and Its Practical Implementation

Just-in-time (JIT) compilation coupled with code caching are widely used to improve performance in dynamic programming language implementations. These code caches, along with the associated profiling data for the hot code, however, consume significant amounts of memory. Furthermore, they incur extra JIT compilation time for their creation. On Android, the current standard JIT compiler and its code caches are not shared among processes---that is, the runtime system maintains a private code cache, and its associated data, for each runtime process. However, applications running on the same platform tend to share multiple libraries in common. Sharing cached code across multiple applications and multiple processes can lead to a reduction in memory use. It can directly reduce compile time. It can also reduce the cumulative amount of time spent interpreting code. All three of these effects can improve actual runtime performance. In this paper, we describe ShareJIT, a global code cache for JITs that can share code across multiple applications and multiple processes. We implemented ShareJIT in the context of the Android Runtime (ART), a widely used, state-of-the-art system. To increase sharing, our implementation constrains the amount of context that the JIT compiler can use to optimize the code. This exposes a fundamental tradeoff: increased specialization to a single process' context decreases the extent to which the compiled code can be shared. In ShareJIT, we limit some optimization to increase shareability. To evaluate the ShareJIT, we tested 8 popular Android apps in a total of 30 experiments. ShareJIT improved overall performance by 9% on average, while decreasing memory consumption by 16% on average and JIT compilation time by 37% on average.Comment: OOPSLA 201

Applying Deep Learning Techniques to the Analysis of Android APKs

Malware targeting mobile devices is a pervasive problem in modern life and as such tools to detect and classify malware are of great value. This paper seeks to demonstrate the effectiveness of Deep Learning Techniques, specifically Convolutional Neural Networks, in detecting and classifying malware targeting the Android operating system. Unlike many current detection techniques, which require the use of relatively rigid features to aid in detection, deep neural networks are capable of automatically learning flexible features which may be more resilient to obfuscation. We present a parsing for extracting sequences of API calls which can be used to describe a hypothetical execution of a given application. We then show how to use this sequence of API calls to successfully classify Android malware using a Convolutional Neural Network

SymDroid: Symbolic Execution for Dalvik Bytecode

Apps on Google's Android mobile device platform are written in Java, but are compiled to a special bytecode language called Dalvik. In this paper, we introduce SymDroid, a symbolic executor that operates directly on Dalvik bytecode. SymDroid begins by first translating Dalvik into mu-Dalvik, a simpler language that has only 16 instructions, in contrast to Dalvik's more than 200 instructions. We present a formalism for SymDroid's symbolic executor, which can be described with a small number of operational semantics rules; this semantics may be of independent interest. In addition to modeling bytecode instructions, SymDroid also contains models of some key portions of the Android platform, including libraries and the platform's lifecycle control code. We evaluated SymDroid in two ways. First, we ran it on the Android Compatibility Test Suite, and found it passed all tests except ones that used library or system routines we have not yet implemented. On this test suite, SymDroid runs about twice as slow as the Dalvik VM, and about twice as fast as the Java VM. Second, we used SymDroid to discover the (path) conditions under which contacts may be accessed on an Android app, and found it was able to do so successfully. These results suggest that SymDroid, while still a prototype, is a promising first step in enabling direct, precise analysis of Android apps

Op2Vec: An Opcode Embedding Technique and Dataset Design for End-to-End Detection of Android Malware

Android is one of the leading operating systems for smart phones in terms of market share and usage. Unfortunately, it is also an appealing target for attackers to compromise its security through malicious applications. To tackle this issue, domain experts and researchers are trying different techniques to stop such attacks. All the attempts of securing Android platform are somewhat successful. However, existing detection techniques have severe shortcomings, including the cumbersome process of feature engineering. Designing representative features require expert domain knowledge. There is a need for minimizing human experts' intervention by circumventing handcrafted feature engineering. Deep learning could be exploited by extracting deep features automatically. Previous work has shown that operational codes (opcodes) of executables provide key information to be used with deep learning models for detection process of malicious applications. The only challenge is to feed opcodes information to deep learning models. Existing techniques use one-hot encoding to tackle the challenge. However, the one-hot encoding scheme has severe limitations. In this paper, we introduce; (1) a novel technique for opcodes embedding, which we name Op2Vec, (2) based on the learned Op2Vec we have developed a dataset for end-to-end detection of android malware. Introducing the end-to-end Android malware detection technique avoids expert-intensive handcrafted features extraction, and ensures automation. Some of the recent deep learning-based techniques showed significantly improved results when tested with the proposed approach and achieved an average detection accuracy of 97.47%, precision of 0.976 and F1 score of 0.979