From system F to typed assembly language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Type elaboration and subtype completion for Java bytecode
ACM Transactions on Programming Languages and Systems (TOPLAS)
Java Virtual Machine Specification
Java Virtual Machine Specification
Tractable Constraints in Finite Semilattices
SAS '96 Proceedings of the Third International Symposium on Static Analysis
Efficient Inference of Static Types for Java Bytecode
SAS '00 Proceedings of the 7th International Symposium on Static Analysis
Optimizing Java Bytecode Using the Soot Framework: Is It Feasible?
CC '00 Proceedings of the 9th International Conference on Compiler Construction
Decompiling Java Bytecode: Problems, Traps and Pitfalls
CC '02 Proceedings of the 11th International Conference on Compiler Construction
Decompiling Java using staged encapsulation
WCRE '01 Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE'01)
Programmer-friendly Decompiled Java
ICPC '06 Proceedings of the 14th IEEE International Conference on Program Comprehension
Krakatoa: decompilation in java (dose bytecode reveal source?)
COOTS'97 Proceedings of the 3rd conference on USENIX Conference on Object-Oriented Technologies (COOTS) - Volume 3
Verifying security properties using type-qualifier inference
Verifying security properties using type-qualifier inference
Efficient local type inference
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
A system for generating static analyzers for machine instructions
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Not So Great Expectations: Why Application Markets Haven't Failed Security
IEEE Security and Privacy
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Automated concolic testing of smartphone apps
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
SEC'13 Proceedings of the 22nd USENIX conference on Security
Static Reference Analysis for GUI Objects in Android Software
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
DIVILAR: diversifying intermediate language for anti-repackaging on android platform
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
The Android OS has emerged as the leading platform for SmartPhone applications. However, because Android applications are compiled from Java source into platform-specific Dalvik bytecode, existing program analysis tools cannot be used to evaluate their behavior. This paper develops and evaluates algorithms for retargeting Android applications received from markets to Java class files. The resulting Dare tool uses a new intermediate representation to enable fast and accurate retargeting. Dare further applies strong constraint solving to infer typing information and translates the 257 DVM opcodes using only 9 translation rules. It also handles cases where the input Dalvik bytecode is unverifiable. We evaluate Dare on 1,100 of the top applications found in the free section of the Android market and successfully retarget 99.99% of the 262,110 associated classes. Further, whereas existing tools can only fully retarget about half of these applications, Dare can recover over 99% of them. In this way, we open the door to users, developers and markets to use the vast array of program analysis tools to ensure the correct operation of Android applications.