Composing static analyzers for bug and security vulnerability detection in multilingual android applications정적 분석기들의 결합을 통한 다양한 언어로 개발된 안드로이드 앱의 결함 및 보안 취약성 검출
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.advisor | Ryu, Sukyoung | - |
| dc.contributor.advisor | 류석영 | - |
| dc.contributor.author | 이성호 | - |
| dc.date.accessioned | 2022-04-21T19:34:25Z | - |
| dc.date.available | 2022-04-21T19:34:25Z | - |
| dc.date.issued | 2020 | - |
| dc.identifier.uri | http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=986306&flag=dissertation | en_US |
| dc.identifier.uri | http://hdl.handle.net/10203/295727 | - |
| dc.description | 학위논문(박사) - 한국과학기술원 : 전산학부, 2020.2,[v, 69 p. :] | - |
| dc.description.abstract | Mobile applications (apps) have long invaded the realm of desktop apps. With multiple mobile platforms, each base language is used to develop mobile apps for the specific mobile platform, and developers easily implement mobile apps via a combination of multiple languages for supporting multiple mobile platforms or reusing existing libraries of other languages. However, different languages have different semantics and features, and developing multilingual apps may be vulnerable to programmer errors. Moreover, interoperation semantics among languages are not easily examined by existing analysis tools, and multilingual apps may be vulnerable to various security attacks.In this thesis, we propose two static analyzer composition models for multilingual Android apps analysis: 1) tightly coupled composition and 2) loosely coupled composition. We adopt the tightly coupled analysis model for Android hybrid apps implemented in both Java and JavaScript. Based on the interoperation semantics we investigated, we design and implement a static analysis framework HybriDroid that composites two frontend analysis modules for each language, and bridges the modules using a shared backend analysis module. HybriDroid seamlessly analyzes the interoperation, and it detects bugs and information leaks cross language boundaries. We also propose Adlib, which augments HybriDroid with various analysis models to discover security vulnerabilities in the mobile advertising ecosystem. For an unconstrained composition of analyzers, we design the loosely coupled model in which a static analyzer utilizes the analysis results of another. As a proof of concept, we propose an analysis tool that composes two static analyzers for Java and C to construct call graphs and detect interoperation bugs in JNI programs. Our empirical evaluation shows that the composition approaches are useful to find genuine bugs and security vulnerabilities in real-world multilingual Android apps. We believe that this thesis would be the first step that broadens the scope of static analysis to multilingual programs. | - |
| dc.language | eng | - |
| dc.publisher | 한국과학기술원 | - |
| dc.subject | Static analysis▼aMultilingual program analysis▼aAndroid application analysis▼aHybrid application analysis▼aJNI program analysis | - |
| dc.subject | 정적분석▼a다중언어 프로그램 분석▼a안드로이드 어플리케이션 분석▼a하이브리드 어플리케이션 분석▼aJNI 프로그램 분석 | - |
| dc.title | Composing static analyzers for bug and security vulnerability detection in multilingual android applications | - |
| dc.title.alternative | 정적 분석기들의 결합을 통한 다양한 언어로 개발된 안드로이드 앱의 결함 및 보안 취약성 검출 | - |
| dc.type | Thesis(Ph.D) | - |
| dc.identifier.CNRN | 325007 | - |
| dc.description.department | 한국과학기술원 :전산학부, | - |
- Appears in Collection
- CS-Theses_Ph.D.(박사논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.