2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), Journal Year: 2024, Volume and Issue: unknown, P. 255 - 266
Published: March 12, 2024
Language: Английский
ACM Computing Surveys, Journal Year: 2025, Volume and Issue: unknown
Published: Feb. 26, 2025
Mobile software engineering has been a hot research topic for decades. Our fellow researchers have proposed various approaches (with over 7,000 publications Android alone) in this field that essentially contributed to the great success of current mobile ecosystem. Existing efforts mainly focus on popular platforms, namely and iOS. OpenHarmony, newly open-sourced platform, rarely considered, although it is one requiring most attention as OpenHarmony expected occupy one-third market China (if not world). To fill gap, we present community roadmap encouraging our contribute promising OpenHarmony. Specifically, start by presenting tertiary study engineering, attempting understand what problems targeted how they resolved. We then summarize existing (limited) achievements subsequently highlight gap between Android/iOS This eventually helps forming conducting
Language: Английский
Citations
0
IEEE Access, Journal Year: 2022, Volume and Issue: 10, P. 126370 - 126393
Published: Jan. 1, 2022
The extended Berkeley Packet Filter (eBPF) is a lightweight and fast 64-bit RISC-like virtual machine (VM) inside the Linux kernel. eBPF has emerged as most promising de facto standard of executing untrusted, user-defined specialized code at run-time kernel with strong performance, portability, flexibility, safety guarantees. Due to these key benefits availability rich ecosystem compilers tools within kernel, received widespread adoption by both industry academia for wide range application domains. important include enhancing performance monitoring providing variety new security mechanisms, data collection screening applications. In this review, we investigate landscape existing use-cases trends aim provide clear roadmap researchers developers. We first introduce necessary background knowledge before delving into its Although, potential are vast, restrict our focus on four domains related networking, security, storage, sandboxing. Then each domain, analyze summarize solution techniques along their working principles in an effort insightful discussion that will enable practitioners easily adopt designs. Finally, delineate several exciting research avenues fully exploit revolutionary technology.
Language: Английский
Citations
10
2022 IEEE Symposium on Security and Privacy (SP), Journal Year: 2024, Volume and Issue: unknown, P. 2310 - 2387
Published: May 19, 2024
Language: Английский
Citations
1
IEEE Access, Journal Year: 2024, Volume and Issue: 12, P. 6569 - 6589
Published: Jan. 1, 2024
With the widespread use of mobile devices, Android has become most popular operating system, and new applications are uploaded to market every day. However, because ease modifying repackaging binaries, can easily be modified imitated by other developers released in third-party markets. Therefore, determining original is a challenging problem known as authorship attribution. This study explored distinctive features identify their authors. Software generally leave footprint that describes writing styles on applications. this footprint, which extracted from either source code or binary code, help authors software Because obtaining wild impractical, especially when dealing with malware, researchers prefer focus binaries proposes an approach identifies deriving wide range different parts applications, such smali files, libraries, manifest metadata information. Moreover, configuration, dex resource-based, string-related inherited studies attribution fused proposed feature set. The approachwas evaluated benign malware datasets compared those studies. results show increased accuracy showing 82.5% 95.6% datasets, respectively. demonstrate positive effect
Language: Английский
Citations
1
Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Journal Year: 2022, Volume and Issue: unknown, P. 772 - 783
Published: Nov. 7, 2022
The Android system manages access to sensitive APIs by permission enforcement. An application (app) must declare proper permissions before invoking specific APIs. However, there is no official documentation providing the complete list of permission-protected and corresponding date. Researchers have spent significant efforts extracting such API protection mapping from framework, which leverages static code analysis determine if are required accessing an API. Nevertheless, none them has attempted analyze in native library (i.e., written C C++), essential component framework that handles communication with lower-level hardware, as cameras sensors. While can be utilized detect various security vulnerabilities apps, over-privilege, imprecise will lead false results detecting vulnerabilities. To fill this gap, we thereby propose construct involved libraries present a accurate specification protection. We develop prototype system, named NatiDroid, facilitate cross-language compare its performance two state-of-the-practice tools, termed Axplorer Arcade. evaluate NatiDroid on more than 11,000 including apps custom ROMs third-party Google Play. Our identify up 464 new API-permission mappings, contrast worst-case derived both Arcade, where approximately 71% at least one positive over-privilege. disclosed all potential detected stakeholders.
Language: Английский
Citations
6
Published: July 12, 2023
Failure diagnosis in practical systems is difficult, and the main obstacle that information a developer has access to limited. This usually not enough help developers fix or even locate related bug. Moreover, due vast difference between development production environments, it trivial reproduce failures from environment environment. When are caused by non-deterministic events such as race conditions unforeseen inputs, reproducing them more challenging.
Language: Английский
Citations
3
Published: April 15, 2024
Language: Английский
Citations
0
Published: Jan. 1, 2024
To effectively protect users' security, the field of Android malware detection is constantly evolving. Various technical means, such as static analysis and dynamic analysis, are employed to accurately efficiently detect identify malware. In previous chapters, we discussed these commonly used techniques in detail. However, technology advances, complexity increases, requiring constant updates improvements adapt evolving security threats. With growing popularity systems increasing number malware, it crucial continuously enhance our address changing Additionally, must also monitor development emerging technologies safeguard user privacy future. upcoming will delve into future trends explore implications challenges posed by this field. Our aim privacy. Some potential for include:
Language: Английский
Citations
0
Scientific Reports, Journal Year: 2024, Volume and Issue: 14(1)
Published: June 26, 2024
As IoT devices are being widely used, malicious code is increasingly appearing in Linux environments. Sophisticated malware employs various evasive techniques to deter analysis. The embedded trace microcell (ETM) supported by modern Arm CPUs a suitable hardware tracer for analyzing because it almost artifact-free and has negligible overhead. In this paper, we present an efficient method automatically find debugger-detection routines using the ETM tracer. proposed scheme reconstructs execution flow of compiled binary from data. addition, identifies patches routine comparing two traces (with without debugger). was implemented Ghidra plug-in program, which one most used disassemblers. To verify its effectiveness, 15 were investigated Arm-Linux environment determine whether they could be detected. We also confirmed that our implementation works successfully popular Mirai Linux. Experiments further conducted on 423 samples collected Internet, demonstrating well real samples.
Language: Английский
Citations
0
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), Journal Year: 2024, Volume and Issue: unknown, P. 255 - 266
Published: March 12, 2024
Language: Английский
Citations
0