Heaps'n Leaks: How Heap Snapshots Improve Android Taint Analysis
Technical
The assessment of information flows is an essential part of analyzing Android apps, and is frequently supported by static taint analysis. Its precision, however, can suffer from the analysis not being able to precisely determine what elements a pointer can (and cannot) point to. Recent advances in static analysis suggest that incorporating dynamic heap snapshots, taken at one point at runtime, can significantly improve general static analysis. In this paper, we investigate to what extent this also holds for taint analysis, and how various design decisions, such as when and how many snapshots are collected during execution, and how exactly they are used, impact soundness and precision. We have extended FlowDroid to incorporate heap snapshots, yielding our prototype Heapster, and evaluated it on DroidMacroBench, a novel benchmark comprising real-world Android apps that we also make available as an artifact. The results show 1. the use of heap snapshots lowers analysis time while increasing precision; 2. a very good trade-off between precision and recall is achieved by a mixed mode in which the analysis falls back to static points-to relations for objects for which no dynamic data was recorded; and 3. while a single heap snapshot (ideally taken at the end of the execution) suffices to improve performance and precision, a better trade-off can be obtained by using multiple snapshots.
| Slides (HeapsNLeaks_New.pdf) | 3.36MiB |
| Preprint (ICSE20HeapDump.pdf) | 865KiB |
Sat 11 JulDisplayed time zone: (UTC) Coordinated Universal Time change
16:05 - 17:05 | A29-Code Analysis and VerificationTechnical Papers / New Ideas and Emerging Results at Goguryeo Chair(s): Elena Sherman Boise State University | ||
16:05 12mTalk | Heaps'n Leaks: How Heap Snapshots Improve Android Taint Analysis Technical Papers Manuel Benz University of Paderborn, Erik Krogh Kristensen GitHub, Linghui Luo Paderborn University, Germany, Nataniel Borges Jr. CISPA Helmholtz Center for Information Security, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Andreas Zeller CISPA Helmholtz Center for Information Security Media Attached File Attached | ||
16:17 12mTalk | Verifying Object ConstructionTechnical Technical Papers Martin Kellogg University of Washington, Seattle, Manli Ran University of California, Riverside, Manu Sridharan University of California Riverside, Martin Schäf Amazon Web Services, USA, Michael D. Ernst University of Washington, USA | ||
16:29 6mTalk | Predictive Constraint Solving and Analysis New Ideas and Emerging Results Alyas Almaawi The University of Texas at Austin, Nima Dini University of Texas at Austin, Cagdas Yelen The University of Texas at Austin, Milos Gligoric The University of Texas at Austin, Sasa Misailovic University of Illinois at Urbana-Champaign, Sarfraz Khurshid University of Texas at Austin, USA | ||
16:35 12mTalk | When APIs are Intentionally Bypassed: An Exploratory Study of API WorkaroundsTechnical Technical Papers Pre-print | ||
16:47 12mTalk | Demystify Official API Usage Directives with Crowdsourced API Misuse Scenarios, Erroneous Code Examples and PatchesTechnical Technical Papers Xiaoxue Ren Zhejiang University, Zhenchang Xing Australia National University, Jiamou Sun Australian National University, Xin Xia Monash University, JianLing Sun Zhejiang University | ||