File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Article: NDroid: Toward tracking information flows across multiple android contexts

TitleNDroid: Toward tracking information flows across multiple android contexts
Authors
Xue, LeiQian, ChenxiongZhou, HaoLuo, XiapuZhou, YajinShao, YuruChan, Alvin T.S.
KeywordsJava native interface (JNI)
Android application analysis
taint analysis
Issue Date2019
Citation
IEEE Transactions on Information Forensics and Security, 2019, v. 14, n. 3, p. 814-828 How to Cite?
DOI: http://dx.doi.org/10.1109/TIFS.2018.2866347
AbstractFor performance and compatibility reasons, developers tend to use native code in their applications (or simply apps). This makes a bidirectional data flow through multiple contexts, i.e., the Java context and the native context, in Android apps. Unfortunately, this interaction brings serious challenges to existing dynamic analysis systems, which fail to capture the data flow across different contexts. In this paper, we first performed a large-scale study on apps using native code and reported some observations. Then, we identified several scenarios where data flow cannot be tracked by existing systems, leading to uncaught information leakage. Based on these insights, we designed and implemented NDroid, an efficient dynamic taint analysis system that could track the data flow between both Java context and native context. The evaluation of real apps demonstrated the effectiveness of NDroid in identifying information leakage with reasonable performance overhead.
Persistent Identifierhttp://hdl.handle.net/10722/303579
ISSN
1556-6013
2023 Impact Factor: 6.3
2023 SCImago Journal Rankings: 2.890
ISI Accession Number ID
WOS:000444795500010

 

DC FieldValueLanguage
dc.contributor.authorXue, Lei-
dc.contributor.authorQian, Chenxiong-
dc.contributor.authorZhou, Hao-
dc.contributor.authorLuo, Xiapu-
dc.contributor.authorZhou, Yajin-
dc.contributor.authorShao, Yuru-
dc.contributor.authorChan, Alvin T.S.-
dc.date.accessioned2021-09-15T08:25:36Z-
dc.date.available2021-09-15T08:25:36Z-
dc.date.issued2019-
dc.identifier.citationIEEE Transactions on Information Forensics and Security, 2019, v. 14, n. 3, p. 814-828-
dc.identifier.issn1556-6013-
dc.identifier.urihttp://hdl.handle.net/10722/303579-
dc.description.abstractFor performance and compatibility reasons, developers tend to use native code in their applications (or simply apps). This makes a bidirectional data flow through multiple contexts, i.e., the Java context and the native context, in Android apps. Unfortunately, this interaction brings serious challenges to existing dynamic analysis systems, which fail to capture the data flow across different contexts. In this paper, we first performed a large-scale study on apps using native code and reported some observations. Then, we identified several scenarios where data flow cannot be tracked by existing systems, leading to uncaught information leakage. Based on these insights, we designed and implemented NDroid, an efficient dynamic taint analysis system that could track the data flow between both Java context and native context. The evaluation of real apps demonstrated the effectiveness of NDroid in identifying information leakage with reasonable performance overhead.-
dc.languageeng-
dc.relation.ispartofIEEE Transactions on Information Forensics and Security-
dc.subjectJava native interface (JNI)-
dc.subjectAndroid application analysis-
dc.subjecttaint analysis-
dc.titleNDroid: Toward tracking information flows across multiple android contexts-
dc.typeArticle-
dc.description.naturelink_to_subscribed_fulltext-
dc.identifier.doi10.1109/TIFS.2018.2866347-
dc.identifier.scopuseid_2-s2.0-85052712721-
dc.identifier.volume14-
dc.identifier.issue3-
dc.identifier.spage814-
dc.identifier.epage828-
dc.identifier.isiWOS:000444795500010-

Export via OAI-PMH Interface in XML Formats

OR

Export to Other Non-XML Formats