Non-Essential Communication in Mobile Applications

This paper studies communication patterns in mobile applications. Our analysis shows that 65% of the HTTP, socket, and RPC communication in top-popular Android applications from Google Play have no effect on the user-observable application functionality. We present a static analysis that is able to detect non-essential communication with 84%-90% precision and 63%-64% recall, depending on whether advertisement content is interpreted as essential or not. We use our technique to analyze the 500 top-popular Android applications from Google Play and determine that more than 80% of the connection statements in these applications are non-essential

Efficient and Effective Handling of Exceptions in Java Points-To Analysis

A joint points-to and exception analysis has been shown to yield benefits in both precision and performance. Treating exceptions as regular objects, however, incurs significant and rather unexpected overhead. We show that in a typical joint analysis most of the objects computed to flow in and out of a method are due to exceptional control-flow and not normal call-return control-flow. For instance, a context-insensitive analysis of the Antlr benchmark from the DaCapo suite computes 4-5 times more objects going in or out of a method due to exceptional control-flow than due to normal control-flow. As a consequence, the analysis spends a large amount of its time considering exceptions. We show that the problem can be addressed both e ectively and elegantly by coarsening the representation of exception objects. An interesting find is that, instead of recording each distinct exception object, we can collapse all exceptions of the same type, and use one representative object per type, to yield nearly identical precision (loss of less than 0.1%) but with a boost in performance of at least 50% for most analyses and benchmarks and large space savings (usually 40% or more)

Sound and Precise Malware Analysis for Android via Pushdown Reachability and Entry-Point Saturation

We present Anadroid, a static malware analysis framework for Android apps. Anadroid exploits two techniques to soundly raise precision: (1) it uses a pushdown system to precisely model dynamically dispatched interprocedural and exception-driven control-flow; (2) it uses Entry-Point Saturation (EPS) to soundly approximate all possible interleavings of asynchronous entry points in Android applications. (It also integrates static taint-flow analysis and least permissions analysis to expand the class of malicious behaviors which it can catch.) Anadroid provides rich user interface support for human analysts which must ultimately rule on the "maliciousness" of a behavior. To demonstrate the effectiveness of Anadroid's malware analysis, we had teams of analysts analyze a challenge suite of 52 Android applications released as part of the Auto- mated Program Analysis for Cybersecurity (APAC) DARPA program. The first team analyzed the apps using a ver- sion of Anadroid that uses traditional (finite-state-machine-based) control-flow-analysis found in existing malware analysis tools; the second team analyzed the apps using a version of Anadroid that uses our enhanced pushdown-based control-flow-analysis. We measured machine analysis time, human analyst time, and their accuracy in flagging malicious applications. With pushdown analysis, we found statistically significant (p < 0.05) decreases in time: from 85 minutes per app to 35 minutes per app in human plus machine analysis time; and statistically significant (p < 0.05) increases in accuracy with the pushdown-driven analyzer: from 71% correct identification to 95% correct identification.Comment: Appears in 3rd Annual ACM CCS workshop on Security and Privacy in SmartPhones and Mobile Devices (SPSM'13), Berlin, Germany, 201

Covert Communication in Mobile Applications

This paper studies communication patterns in mobile applications. Our analysis shows that 63% of the external communication made by top-popular free Android applications from Google Play has no effect on the user-observable application functionality. To detect such covert communication in an efficient manner, we propose a highly precise and scalable static analysis technique: it achieves 93% precision and 61% recall compared to the empirically determined “ground truth”, and runs in a matter of a few minutes. Furthermore, according to human evaluators, in 42 out of 47 cases, disabling connections deemed covert by our analysis leaves the delivered application experience either completely intact or with only insignificant interference. We conclude that our technique is effective for identifying and disabling covert communication. We then use it to investigate communication patterns in the 500 top-popular applications from Google Play.United States. Defense Advanced Research Projects Agency (Agreement FA8750-12-2-0110

Analyzing Uncaught Exceptions in Python program: Focusing on Digital Forensic software

학위논문(석사) -- 서울대학교대학원 : 공과대학 컴퓨터공학부, 2023. 2. 이광근.본 논문에서는 파이썬 프로그램 중 대검찰청의 디지털 포렌식 소프트웨어의 신뢰성을 높이기 위하여 해당 소프트웨어에서 처리되지 않은 예외를 사전에 검출하는 방안을 설계하고 성능을 측정한다. 대검찰청의 디지털 포렌식 소프트웨어는 파이썬으로 개발되고 있으며 파이썬 라이브러리 자체 내에서 발생할 수 있는 예외 상황과 포렌식 프로그램 자체의 예외 상황이 발생할 수 있는데 본 연구에서는 포렌식 프로그램 내의 오류에 집중한다. 기본적으로 집합 제약식 기반 분석 방법을 사용하여 expression과 statement으로 구분된 프로그램의 지점마다 발생할 수 있는 예외들의 집합을 구하기 위한 제약 조건을 정의하여 이들간 방정식의 해를 구한다. 이 과정에서 발생할 수 있는 허위 경보를 줄이기 위하여 Pyright의 타입 분석 결과를 결합하여 리스트나 딕셔너리 등 타입별로 발생할 수 없는 KeyError나 IndexError 등의 예외들을 제거하여 허 위 경보를 줄인다. 또한, 프로그램의 구성을 프로그램 지점들의 포함 관계에 따라 트리 형태로 나타내고 전위 순회를 하면서 중복되는 허위 경보를 제거한다. 개발한 정적 분석기를 대검에서 제공한 9 개의 벤치마크에서 수행시킨 결과 대검찰청에서 찾지 못한 KeyError, IndexError, ZeroDivisionError 등 3 가지 패턴에 속하는 예외 발생 지점 10여 개를 찾을 수 있었다. 또한, 9 개의 벤치마크에 대하여 평균 84%, 최대 89%의 허위 경보를 제거하였다. 이와 아울러 반복되는 허위 경보를 부모 자식 관계를 활용하여 더욱 허위 경보를 줄일 수 있는 여지도 발견하였다.This thesis designs a novel scheme for detecting uncaught exceptions from thedigital forensic software is under development in the supreme prosecutors office and measures its performance, aiming at enhancing the forensic softwares reliability. The target forensic software is being coded in Python, while exceptions can be raised from the built-in python library as well as from the faults embedded in the forensic program itself. Our analyzer design is built on the set constraint-based analysis scheme to detect the uncaught exception statically. This static analysis method begins with the identification of the sets of exceptions that can be raised at each observation point of the program, defines the set constraints between those sets, which finally solves the equations derived from the set constraint. To lower the false alarm rate, we also integrate the Pyright type checker, eliminating the false alarms such as KeyError and IndexError, which cannot be raised in the list and dictionary type simultaneously. Additionally, our analyzer reorganizes the given code based on the inclusion relationships between each program point into a tree form and traverses it in preorder to remove repeated false alarms. Our static analyzer has found more than ten spots in the nine benchmarks, while each case belongs to one of three patterns of KeyError, IndexError, and ZeroDivisionError. In addition, our scheme cuts down false alarms by up to 84% on average and 89% at maximum in the nine benchmarks. However, there is still room for improvement by removing the repeated exceptions in the program.제 1 장 서론 1 제 2 장 연구배경 6 2.1 디지털 포렌식 소프트웨어 6 2.1.1 디지털 증거 및 디지털 포렌식 6 2.1.2 분석 대상 소프트웨어 6 제 3 장 집합 제약식 기반 분석 8 3.1 처리되지 않은 예외 8 3.1.1 예외 처리가 되지 않은 경우 8 3.1.2 예외 처리를 포함하지만 정확히 처리하지 못한 경우 9 3.2 처리되지 않은 예외 분석 10 3.2.1 분석 대상 언어 10 3.2.2 집합 제약식 기반 분석 11 3.2.3 집합 제약식 생성 규칙 12 3.2.4 분석 결과 19 제 4 장 분석기 정확도 향상 21 4.1 파이썬 정적 타입 분석기(Pyright) 활용 방안 21 4.1.1 IndexError, KeyError 허위 경보 축소 21 4.1.2 NameError 허위 경보 축소 22 4.1.3 AttributeError 허위 경보 축소 22 4.2 반복된 불필요한 경보 압축 방안 22 4.3 외부 라이브러리 함수 호출 시 놓치는 예외 축소 24 제 5 장 실험 결과 25 제 6 장 논의 및 결론 29 6.1 처리되지 않은 예외 분석기의 타입 분석을 통한 분석 정확도 향상의 한계 29 6.2 추가 연구 29 6.3 결론 30 참고문헌 31 Abstract 33 부록 35 A 부록: 파이썬 IR의 요약된 문법 및 의미구조 35 A.1 요약된 문법 35 A.2 도메인 36 A.3 의미구조 38석

Context-Sensitive Control Flow Graph

Control Flow Graph (CFG) is known to be essential in compiler optimizations and quite useful in program comprehension. But visualizing and understanding CFG is hard because the CFG is often too large. The problem becomes harder if one were to understand inter-procedural CFG. Often the user wants to understand specific aspects of the CFG; hence, omitting parts of CFG irrelevant to the user\u27s current interest becomes a desirable approach in working with CFG. We formalize an approach of constructing and visualizing CFG that takes users\u27 interests into account. Users have to specify the program artifacts that are of interest to them, then we define the Context-Sensitive CFG that is relevant to the artifacts. The Context-Sensitive CFG is much smaller in size. The actual compression depends on the context and its spread in the given code. We show some results using the XINU operating system code as the test case. While the Context-Sensitive CFG captures only the relevant details, it could still be of substantial size and complexity. We propose query capability as a next step to help the user by extracting details related to a specific question. For example, the user can apply a query to check if there is an execution path in the CFG along which there is a missing memory deallocation and thus a possible memory leak. This thesis only implements queries that operate solely within the scope of a method (intra-procedural). We have built a proof-of-concept tool that allows the user to visualize Context-Sensitive CFG and make queries

Improving Quality of Software with Foreign Function Interfaces using Static Analysis

A Foreign Function Interface (FFI) is a mechanism that allows software written in one host programming language to directly use another foreign programming language by invoking function calls across language boundaries. Today\u27s software development often utilizes FFIs to reuse software components. Examples of such systems are the Java Development Kit (JDK), Android mobile OS, and Python packages in the Fedora LINUX operating systems. The use of FFIs, however, requires extreme care and can introduce undesired side effects that degrade software quality. In this thesis, we aim to improve several quality aspects of software composed of FFIs by applying static analysis. The thesis investigates several particular characteristics of FFIs and studies software bugs caused by the misuse of FFIs. We choose two FFIs, the Java Native Interface (JNI) and the Python/C interface, as the main subjects of this dissertation. To reduce software security vulnerabilities introduced by the JNI, we first propose definitions of new patterns of bugs caused by the improper exception handlings between Java and C. We then present the design and implement a bug finding system to uncover these bugs. To ensure software safety and reliability in multithreaded environment, we present a novel and efficient system that ensures atomicity in the JNI. Finally, to improve software performance and reliability, we design and develop a framework for finding errors in memory management in programs written with the Python/C interface. The framework is built by applying affine abstraction and affine analysis of reference-counts of Python objects. This dissertation offers a comprehensive study of FFIs and software composed of FFIs. The research findings make several contributions to the studies of static analysis and to the improvement of software quality

Exception handling in the development of fault-tolerant component-based systems

Orientador: Cecilia Mary Fischer RubiraTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Mecanismos de tratamento de exceções foram concebidos com o intuito de facilitar o gerenciamento da complexidade de sistemas de software tolerantes a falhas. Eles promovem uma separação textual explícita entre o código normal e o código que lida com situações anormais, afim de dar suporte a construção de programas que são mais concisos fáceis de evoluir e confáveis. Diversas linguagens de programação modernas e a maioria dos modelos de componentes implementam mecanismos de tratamento de exceções. Apesar de seus muitos benefícios, tratamento de exceções pode ser a fonte de diversas falhas de projeto se usado de maneira indisciplinada. Estudos recentes mostram que desenvolvedores de sistemas de grande escala baseados em infra-estruturas de componentes têm hábitos, no tocante ao uso de tratamento de exceções, que tornam suas aplicações vulneráveis a falhas e difíceis de se manter. Componentes de software criam novos desafios com os quais mecanismos de tratamento de exceções tradicionais não lidam, o que aumenta a probabilidade de que problemas ocorram. Alguns exemplos são indisponibilidade de código fonte e incompatibilidades arquiteturais. Neste trabalho propomos duas técnicas complementares centradas em tratamento de exceções para a construção de sistemas tolerantes a falhas baseados em componentes. Ambas têm ênfase na estrutura do sistema como um meio para se reduzir o impacto de mecanismos de tolerância a falhas em sua complexidade total e o número de falhas de projeto decorrentes dessa complexidade. A primeira é uma abordagem para o projeto arquitetural dos mecanismos de recuperação de erros de um sistema. Ela trata do problema de verificar se uma arquitetura de software satisfaz certas propriedades relativas ao fluxo de exceções entre componentes arquiteturais, por exemplo, se todas as exceções lançadas no nível arquitetural são tratadas. A abordagem proposta lança de diversas ferramentas existentes para automatizar ao máximo esse processo. A segunda consiste em aplicar programação orientada a aspectos (AOP) afim de melhorar a modularização de código de tratamento de exceções. Conduzimos um estudo aprofundado com o objetivo de melhorar o entendimento geral sobre o efeitos de AOP no código de tratamento de exceções e identificar as situações onde seu uso é vantajoso e onde não éAbstract: Exception handling mechanisms were conceived as a means to help managing the complexity of fault-tolerant software. They promote an explicit textual separation between normal code and the code that deals with abnormal situations, in order to support the construction of programs that are more concise, evolvable, and reliable. Several mainstream programming languages and most of the existing component models implement exception handling mechanisms. In spite of its many bene?ts, exception handling can be a source of many design faults if used in an ad hoc fashion. Recent studies show that developers of large-scale software systems based on component infrastructures have habits concerning the use of exception handling that make applications vulnerable to faults and hard to maintain. Software components introduce new challenges which are not addressed by traditional exception handling mechanisms and increase the chances of problems occurring. Examples include unavailability of source code and architectural mismatches. In this work, we propose two complementary techniques centered on exception handling for the construction of fault-tolerant component-based systems. Both of them emphasize system structure as a means to reduce the impactof fault tolerance mechanisms on the overall complexity of a software system and the number of design faults that stem from complexity. The ?rst one is an approach for the architectural design of a system?s error handling capabilities. It addresses the problem of verifying whether a software architecture satis?es certain properties of interest pertaining the ?ow of exceptions between architectural components, e.g., if all the exceptions signaled at the architectural level are eventually handled. The proposed approach is based on a set of existing tools that automate this process as much as possible. The second one consists in applying aspect-oriented programming (AOP) to better modularize exception handling code. We have conducted a through study aimed at improving our understanding of the efects of AOP on exception handling code and identifying the situations where its use is advantageous and the ones where it is notDoutoradoDoutor em Ciência da Computaçã

Exploiting Context in Dealing with Programming Errors and Exceptions in the IDE

Studies show that software developers spend about 19% of their development time in web surfing. While collecting necessary information using traditional web search, they face several practical challenges. First, it does not consider context (i.e., surroundings, circumstances) of the programming problems during search unless the developers do so in search query formulation, and forces the developers to frequently switch between their working environment (e.g., IDE) and the web browser. Second, technical details (e.g., stack trace) of an encountered exception often contain a lot of information, and they cannot be directly used as a search query given that the traditional search engines do not support long queries. Third, traditional search generally returns hundreds of search results, and the developers need to manually analyze the result pages one by one in order to extract a working solution. Both manual analysis of a page for content relevant to the encountered exception (and its context) and working an appropriate solution out are non-trivial tasks. Traditional code search engines share the same set of limitations of the web search ones, and they also do not help much in collecting the code examples that can be used for handling the encountered exceptions. In this thesis, we present a context-aware and IDE-based approach that helps one overcome those four challenges above. In our first study, we propose and evaluate a context-aware meta search engine for programming errors and exceptions. The meta search collects results for any encountered exception in the IDE from three popular search engines- Google, Bing and Yahoo and one programming Q & A site- StackOverflow, refines and ranks the results against the detailed context of the encountered exception, and then recommends them within the IDE. From this study, we not only explore the potential of the context-aware and meta search based approach but also realize the significance of appropriate search queries in searching for programming solutions. In the second study, we propose and evaluate an automated query recommendation approach that exploits the technical details of an encountered exception, and recommends a ranked list of search queries. We found the recommended queries quite promising and comparable to the queries suggested by experts. We also note that the support for the developers can be further complemented by post-search content analysis. In the third study, we propose and evaluate an IDE-based context-aware content recommendation approach that identifies and recommends sections of a web page that are relevant to the encountered exception in the IDE. The idea is to reduce the cognitive effort of the developers in searching for content of interest (i.e., relevance) in the page, and we found the approach quite effective through extensive experiments and a limited user study. In our fourth study, we propose and evaluate a context-aware code search engine that collects code examples from a number of code repositories of GitHub, and the examples contain high quality handlers for the exception of interest. We validate the performance of each of our proposed approaches against existing relevant literature and also through several mini user studies. Finally, in order to further validate the applicability of our approaches, we integrate them into an Eclipse plug in prototype--ExcClipse. We then conduct a task-oriented user study with six participants, and report the findings which are significantly promising