CCFinder: a multilinguistic token-based code clone detection system for large scale source code
IEEE Transactions on Software Engineering
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
Winnowing: local algorithms for document fingerprinting
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Common subgraph isomorphism detection by backtracking search
Software—Practice & Experience
Compilers: Principles, Techniques, and Tools (2nd Edition)
Compilers: Principles, Techniques, and Tools (2nd Edition)
DECKARD: Scalable and Accurate Tree-Based Detection of Code Clones
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Deducing similarities in Java sources from bytecodes
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
BinHunt: Automatically Finding Semantic Differences in Binary Programs
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Large-scale malware indexing using function-call graphs
Proceedings of the 16th ACM conference on Computer and communications security
Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Vision: automated security validation of mobile apps at app markets
MCS '11 Proceedings of the second international workshop on Mobile cloud computing and services
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
Taming information-stealing smartphone applications (on Android)
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
Cells: a virtual mobile smartphone architecture
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
A survey of mobile malware in the wild
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
L4Android: a generic operating system framework for secure smartphones
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
BitShred: feature hashing malware for scalable triage and semantic analysis
Proceedings of the 18th ACM conference on Computer and communications security
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the 18th ACM conference on Computer and communications security
Detecting repackaged smartphone applications in third-party android marketplaces
Proceedings of the second ACM conference on Data and Application Security and Privacy
RiskRanker: scalable and accurate zero-day android malware detection
Proceedings of the 10th international conference on Mobile systems, applications, and services
ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Dissecting Android Malware: Characterization and Evolution
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
AdSplit: separating smartphone advertising from applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
PScout: analyzing the Android permission specification
Proceedings of the 2012 ACM conference on Computer and communications security
CHEX: statically vetting Android apps for component hijacking vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
AdDroid: privilege separation for applications and advertisers in Android
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Juxtapp: a scalable system for detecting code reuse among android applications
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
WHYPER: towards automating risk assessment of mobile applications
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
Android has become the leading smartphone platform with hundreds of devices from various manufacturers available on the market today. All these phones closely resemble each other with similar hardware and software features. Manufacturers must therefore customize the official Android system to differentiate their devices. Unfortunately, such heavily customization by third-party manufacturers often leads to serious vulnerabilities that do not exist in the official Android system. In this paper, we propose a comparative approach to systematically audit software in third-party phones by comparing them side-by-side to the official system. Specifically, we first retrieve pre-loaded apps and libraries from the phone and build a matching base system from the Android open source project repository. We then compare corresponding apps and libraries for potential vulnerabilities. To facilitate this process, we have designed and implemented DexDiff, a system that can pinpoint fine structural differences between two Android binaries and also present the changes in their surrounding contexts. Our experiments show that DexDiff is efficient and scalable. For example, it spends less than two and half minutes to process two 16.5MB (in total) files. DexDiff is also able to reveal a new vulnerability and details of the invasive CIQ mobile intelligence software.