Author:
Description:
In general, software is unreliable. Its behavior can deviate from users’ expectations because of bugs, vulnerabilities, or even malicious code. Manually vetting software is a challenging, tedious, and highly-costly task that does not scale. To alleviate excessive costs and analysts’ burdens, automated static analysis techniques have been proposed by both the research and practitioner communities making static analysis a central topic in software engineering. In the meantime, mobile apps have considerably grown in importance. Today, most humans carry software in their pockets, with the Android operating system leading the market. Millions of apps have been proposed to the public so far, targeting a wide range of activities such as games, health, banking, GPS, etc. Hence, Android apps collect and manipulate a considerable amount of sensitive information, which puts users’ security and privacy at risk. Consequently, it is paramount to ensure that apps distributed through public channels (e.g., the Google Play) are free from malicious code. Hence, the research and practitioner communities have put much effort into devising new automated techniques to vet Android apps against malicious activities over the last decade. Analyzing Android apps is, however, challenging. On the one hand, the Android framework proposes constructs that can be used to evade dynamic analysis by triggering the malicious code only under certain circumstances, e.g., if the device is not an emulator and is currently connected to power. Hence, dynamic analyses can -easily- be fooled by malicious developers by making some code fragments difficult to reach. On the other hand, static analyses are challenged by Android-specific constructs that limit the coverage of off-the-shell static analyzers. The research community has already addressed some of these constructs, including inter-component communication or lifecycle methods. However, other constructs, such as implicit calls (i.e., when the Android framework asynchronously triggers a method in the ...
Publisher:
Unilu - University of Luxembourg
Contributors:
Year of Publication:
2023-01-09
Document Type:
doctoral thesis ; http://purl.org/coar/resource_type/c_db06 ; info:eu-repo/semantics/doctoralThesis ; [Doctoral and postdoctoral thesis]
Language:
en
Subjects:
Static Analysis ; Android Security ; Software Engineering ; Software Security ; Program Analysis ; Engineering ; computing & technology ; Computer science ; Ingénierie ; informatique & technologie ; Sciences informatiques
DDC:
004 Data processing & computer science (computed) ; 000 Computer science, information & general works (computed)
Rights:
open access ; http://purl.org/coar/access_right/c_abf2 ; info:eu-repo/semantics/openAccess
Relations:
FNR14596679
-
Dissecting
Android
Applications
Using
Static
Analysis,
2020
(01/03/2020-31/10/2023)
-
Jordan
Samhi
;
https://orbilu.uni.lu/handle/10993/54372
;
info:hdl:10993/54372
;
https://orbilu.uni.lu/bitstream/10993/54372/1/thesis.pdf
FNR14596679
-
Dissecting
Android
Applications
Using
Static
Analysis,
2020
(01/03/2020-31/10/2023)
-
Jordan
Samhi
;
https://orbilu.uni.lu/handle/10993/54372
;
info:hdl:10993/54372
;
https://orbilu.uni.lu/bitstream/10993/54372/1/thesis.pdf
URL:
Content Provider:
University of Luxembourg: ORBilu - Open Repository and Bibliography
- URL: https://orbilu.uni.lu/
- Research Organization Registry (ROR): University of Luxembourg
- Continent: Europe
- Country: lu
- Latitude / Longitude: 49.623500 / 6.112200 (Google Maps | OpenStreetMap)
- Number of documents: 56,788
- Open Access: 22,893 (41%)
- Type: Academic publications
- System: DSpace XOAI
- Content provider indexed in BASE since:
- BASE URL: https://www.base-search.net/Search/Results?q=coll:ftunivluxembourg
My Lists:
My Tags:
Notes: