2022-01-05 12:27:05 +01:00
%% This BibTeX bibliography file was created using BibDesk.
%% http://bibdesk.sourceforge.net/
%% Created for sartina at 2021-10-12 10:51:55 +0200
%% Saved with string encoding Unicode (UTF-8)
@inproceedings { genius:16ccs ,
abstract = {Because of rampant security breaches in IoT devices, searching vulnerabilities in
massive IoT ecosystems is more crucial than ever. Recent studies have demonstrated
that control-flow graph (CFG) based bug search techniques can be effective and accurate
in IoT devices across different architectures. However, these CFG-based bug search
approaches are far from being scalable to handle an enormous amount of IoT devices
in the wild, due to their expensive graph matching overhead. Inspired by rich experience
in image and video search, we propose a new bug search scheme which addresses the
scalability challenge in existing cross-platform bug search techniques and further
improves search accuracy. Unlike existing techniques that directly conduct searches
based upon raw features (CFGs) from the binary code, we convert the CFGs into high-level
numeric feature vectors. Compared with the CFG feature, high-level numeric feature
vectors are more robust to code variation across different architectures, and can
easily achieve realtime search by using state-of-the-art hashing techniques. We have
implemented a bug search engine, Genius, and compared it with state-of-art bug search
approaches. Experimental results show that Genius outperforms baseline approaches
for various query loads in terms of speed and accuracy. We also evaluated Genius on
a real-world dataset of 33,045 devices which was collected from public sources and
our system. The experiment showed that Genius can finish a search within 1 second
on average when performed over 8,126 firmware images of 420,558,702 functions. By
only looking at the top 50 candidates in the search result, we found 38 potentially
vulnerable firmware images across 5 vendors, and confirmed 23 of them by our manual
analysis. We also found that it took only 0.1 seconds on average to finish searching
for all 154 vulnerabilities in two latest commercial firmware images from D-LINK.
103 of them are potentially vulnerable in these images, and 16 of them were confirmed.},
address = {New York, NY, USA},
author = {Feng, Qian and Zhou, Rundong and Xu, Chengcheng and Cheng, Yao and Testa, Brian and Yin, Heng},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-12 10:51:27 +0200},
date-modified = {2021-10-12 10:51:55 +0200},
doi = {10.1145/2976749.2978370},
isbn = {9781450341394},
keywords = {graph encoding, machine learning, firmware security},
location = {Vienna, Austria},
numpages = {12},
pages = {480--491},
publisher = {Association for Computing Machinery},
series = {CCS '16},
title = {Scalable Graph-Based Bug Search for Firmware Images},
url = {https://doi.org/10.1145/2976749.2978370},
year = {2016},
Note = {Source code: \url{https://github.com/qian-feng/Gencoding}},
bdsk-url-1 = {https://doi.org/10.1145/2976749.2978370}}
@INPROCEEDINGS { cacompare17ICPC ,
author={Hu, Yikun and Zhang, Yuanyuan and Li, Juanru and Gu, Dawu},
2022-01-05 15:31:13 +01:00
booktitle={Proc. of the IEEE/ACM International Conference on Program Comprehension (ICPC)},
2022-01-05 12:27:05 +01:00
title={Binary Code Clone Detection across Architectures and Compiling Configurations},
year={2017},
volume={},
number={},
pages={88-98},
2022-01-05 15:31:13 +01:00
doi={10.1109/ICPC.2017.22}}
2022-01-05 12:27:05 +01:00
@inproceedings { bingo16fse ,
author = {Chandramohan, Mahinthan and Xue, Yinxing and Xu, Zhengzi and Liu, Yang and Cho, Chia Yuan and Tan, Hee Beng Kuan},
title = {BinGo: Cross-Architecture Cross-OS Binary Search},
year = {2016},
isbn = {9781450342186},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/2950290.2950350},
doi = {10.1145/2950290.2950350},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE)},
2022-01-05 12:27:05 +01:00
pages = {678– 689},
numpages = {12},
keywords = {Binary Code Searching, Vulnerability Matching},
location = {Seattle, WA, USA},
series = {FSE 2016}
}
@ARTICLE { bingoe19 ,
author={Xue, Yinxing and Xu, Zhengzi and Chandramohan, Mahinthan and Liu, Yang},
journal={IEEE Transactions on Software Engineering},
title={Accurate and Scalable Cross-Architecture Cross-OS Binary Code Search with Emulation},
year={2019},
volume={45},
number={11},
pages={1125-1149},
2022-01-05 15:31:13 +01:00
doi={10.1109/TSE.2018.2827379}}
2022-01-05 12:27:05 +01:00
@inproceedings { gemini17ccs ,
author = {Xiaojun Xu and
Chang Liu and
Qian Feng and
Heng Yin and
Le Song and
Dawn Song},
editor = {Bhavani M. Thuraisingham and
David Evans and
Tal Malkin and
Dongyan Xu},
title = {Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the {ACM} {SIGSAC} Conference on Computer and
2022-01-05 12:27:05 +01:00
Communications Security (CCS)},
pages = {363--376},
publisher = {{ACM}},
year = {2017},
url = {https://doi.org/10.1145/3133956.3134018},
doi = {10.1145/3133956.3134018},
timestamp = {Tue, 10 Nov 2020 19:59:50 +0100},
biburl = {https://dblp.org/rec/conf/ccs/XuLFYSS17.bib},
Note = {Source code: \url{https://github.com/xiaojunxu/dnn-binary-code-similarity}},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings { bindnn17securecomm ,
abstract = {Determining if two functions taken from different compiled binaries originate from the same function in the source code has many applications to malware reverse engineering. Namely, this process allows an analyst to filter large swaths of code, removing functions that have been previously observed or those that originate in shared or trusted libraries. However, this task is challenging due to the myriad factors that influence the translation between source code and assembly instructions---the instruction stream created by a compiler is heavily influenced by a number of factors including optimizations, target platforms, and runtime constraints. In this paper, we seek to advance methods for reliably testing the equivalence of functions found in different executables. By leveraging advances in deep learning and natural language processing, we design and evaluate a novel algorithm, BinDNN, that is resilient to variations in compiler, compiler optimization level, and architecture. We show that BinDNN is effective both in isolation or in conjunction with existing approaches. In the case of the latter, we boost performance by 109{\%} when combining BinDNN with BinDiff to compare functions across architectures. This result---an improvement of 32{\%} for BinDNN and 185{\%} for BinDiff---demonstrates the utility of employing multiple orthogonal approaches to function matching.},
address = {Cham},
author = {Lageman, Nathaniel and Kilmer, Eric D. and Walls, Robert J. and McDaniel, Patrick D.},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the International Conference on Security and Privacy in Communication Systems (SecureComm)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-12 10:45:53 +0200},
date-modified = {2021-10-12 10:46:16 +0200},
editor = {Deng, Robert and Weng, Jian and Ren, Kui and Yegneswaran, Vinod},
isbn = {978-3-319-59608-2},
pages = {517--537},
publisher = {Springer International Publishing},
title = {BinDNN: Resilient Function Matching Using Deep Learning},
year = {2017}}
@inproceedings { discovre16 ,
author = {Sebastian Eschweiler and Khaled Yakdan and Elmar Gerhards-Padilla},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the Annual Network and Distributed System Security Symposium (NDSS)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-12 10:40:16 +0200},
date-modified = {2021-10-12 10:40:59 +0200},
doi = {10.14722/ndss.2016.23185},
isbn = {1-891562-41-X},
pages = {1 -- 15},
publisher = {Internet Society},
title = {discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code},
year = {2016},
bdsk-url-1 = {https://doi.org/10.14722/ndss.2016.23185}}
@article { leedexofuzzy ,
author = {Lee, Shinho and Jung, Wookhyun and Kim, Sangwon and Lee, Jihyun and Kim, Jun-Seob},
date-added = {2021-10-12 10:27:56 +0200},
date-modified = {2021-10-12 10:28:38 +0200},
journal = {Virus Bulletin},
note = {Source code: \url{https://github.com/lee1029ng/Dexofuzzy}},
title = {Dexofuzzy: Android Malware Similarity Clustering Method using Opcode Sequence},
year = {2019}}
@inproceedings { droidegle15wisec ,
abstract = {Repackaged malware and phishing malware consist 86% [35] of all Android malware, and they significantly affect the Android ecosystem. Previous work use disassembled Dalvik bytecode and hashing approaches to detect repackaged malware, but these approaches are vulnerable to obfuscation attacks and they demand large computational resources on mobile devices. In this work, we propose a novel methodology which uses the layout resources within an app to detect apps which are "visually similar", a common characteristic in repackaged apps and phishing malware. To detect visually similar apps, we design and implement DroidEagle which consists of two sub-systems: RepoEagle and HostEagle. RepoEagle is to perform large scale detection on apps repositories (e.g., apps markets), and HostEagle is a lightweight mobile app which can help users to quickly detect visually similar Android app upon download. We demonstrate the high accuracy and efficiency of DroidEagle: Within 3 hours RepoEagle can detect 1298 visually similar apps from 99 626 apps in a repository. In less than one second, HostEagle can help an Android user to determine whether a downloaded mobile app is a repackaged apps or a phishing malware. This is the first work which provides both speed and scalability in discovering repackaged apps and phishing malware in Android system.},
address = {New York, NY, USA},
articleno = {9},
author = {Sun, Mingshen and Li, Mengmeng and Lui, John C. S.},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-12 10:25:13 +0200},
date-modified = {2021-10-12 10:25:24 +0200},
doi = {10.1145/2766498.2766508},
isbn = {9781450336239},
location = {New York, New York},
numpages = {12},
publisher = {Association for Computing Machinery},
series = {WiSec '15},
title = {DroidEagle: Seamless Detection of Visually Similar Android Apps},
url = {https://doi.org/10.1145/2766498.2766508},
year = {2015},
bdsk-url-1 = {https://doi.org/10.1145/2766498.2766508}}
@inproceedings { ieeespro2015-JunodRWM ,
author = {Pascal Junod and Julien Rinaldini and Johan Wehrli and Julie Michielin},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the {IEEE/ACM} International Workshop on Software Protection (SPRO)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-12 07:37:32 +0200},
date-modified = {2021-10-12 07:37:48 +0200},
doi = {10.1109/SPRO.2015.10},
editor = {Brecht Wyseur},
pages = {3--9},
publisher = {IEEE},
title = {Obfuscator-{LLVM} -- Software Protection for the Masses},
year = {2015},
bdsk-url-1 = {https://doi.org/10.1109/SPRO.2015.10}}
@article { stardroid16acm ,
abstract = {The security research community has invested significant effort in improving the security of Android applications over the past half decade. This effort has addressed a wide range of problems and resulted in the creation of many tools for application analysis. In this article, we perform the first systematization of Android security research that analyzes applications, characterizing the work published in more than 17 top venues since 2010. We categorize each paper by the types of problems they solve, highlight areas that have received the most attention, and note whether tools were ever publicly released for each effort. Of the released tools, we then evaluate a representative sample to determine how well application developers can apply the results of our community's efforts to improve their products. We find not only that significant work remains to be done in terms of research coverage but also that the tools suffer from significant issues ranging from lack of maintenance to the inability to produce functional output for applications with known vulnerabilities. We close by offering suggestions on how the community can more successfully move forward.},
address = {New York, NY, USA},
articleno = {55},
author = {Reaves, Bradley and Bowers, Jasmine and Gorski III, Sigmund Albert and Anise, Olabode and Bobhate, Rahul and Cho, Raymond and Das, Hiranava and Hussain, Sharique and Karachiwala, Hamza and Scaife, Nolen and Wright, Byron and Butler, Kevin and Enck, William and Traynor, Patrick},
date-added = {2021-10-11 23:41:02 +0200},
date-modified = {2021-10-11 23:41:08 +0200},
doi = {10.1145/2996358},
issn = {0360-0300},
issue_date = {December 2016},
journal = {ACM Comput. Surv.},
keywords = {program analysis, application security, Android},
month = oct,
number = {3},
numpages = {30},
publisher = {Association for Computing Machinery},
title = {*droid: Assessment and Evaluation of Android Application Analysis Tools},
volume = {49},
year = {2016},
bdsk-url-1 = {https://doi.org/10.1145/2996358}}
@inproceedings { repodroid18fse ,
abstract = {In recent years, researchers have developed a number of tools to conduct taint analysis of Android applications. While all the respective papers aim at providing a thorough empirical evaluation, comparability is hindered by varying or unclear evaluation targets. Sometimes, the apps used for evaluation are not precisely described. In other cases, authors use an established benchmark but cover it only partially. In yet other cases, the evaluations differ in terms of the data leaks searched for, or lack a ground truth to compare against. All those limitations make it impossible to truly compare the tools based on those published evaluations. We thus present ReproDroid, a framework allowing the accurate comparison of Android taint analysis tools. ReproDroid supports researchers in inferring the ground truth for data leaks in apps, in automatically applying tools to benchmarks, and in evaluating the obtained results. We use ReproDroid to comparatively evaluate on equal grounds the six prominent taint analysis tools Amandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results are largely positive although four tools violate some promises concerning features and accuracy. Finally, we contribute to the area of unbiased benchmarking with a new and improved version of the open test suite DroidBench.},
address = {New York, NY, USA},
author = {Pauck, Felix and Bodden, Eric and Wehrheim, Heike},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-11 23:37:12 +0200},
date-modified = {2021-10-11 23:37:32 +0200},
doi = {10.1145/3236024.3236029},
isbn = {9781450355735},
keywords = {Empirical Studies, Benchmarks, Reproducibility, Android Taint Analysis, Tools},
location = {Lake Buena Vista, FL, USA},
numpages = {11},
pages = {331--341},
publisher = {Association for Computing Machinery},
series = {ESEC/FSE 2018},
title = {Do Android Taint Analysis Tools Keep Their Promises?},
url = {https://doi.org/10.1145/3236024.3236029},
year = {2018},
bdsk-url-1 = {https://doi.org/10.1145/3236024.3236029}}
@misc { google:art ,
author = {Google},
date-added = {2021-10-11 21:04:42 +0200},
date-modified = {2021-10-11 21:06:37 +0200},
howpublished = {\url{https://source.android.com/devices/tech/dalvik/configure}},
title = {Configuring ART},
year = {2021}}
@misc { google:artprofiles ,
author = {Google},
date-added = {2021-10-11 21:00:46 +0200},
date-modified = {2021-10-11 21:01:15 +0200},
howpublished = {\url{https://android-developers.googleblog.com/2019/04/improving-app-performance-with-art.html}},
title = {Improving app performance with ART optimizing profiles in the cloud},
year = {2019}}
@misc { google:jackjill ,
author = {Google},
date-added = {2021-10-11 20:37:19 +0200},
date-modified = {2021-10-11 20:37:19 +0200},
howpublished = {\url{http://tools.android.com/tech-docs/jackandjill}},
title = {Experimental New Android Tool Chain - Jack and Jill},
year = {2017}}
@inproceedings { packware:ndss20 ,
author = {Hojjat Aghakhani and Fabio Gritti and Francesco Mecca and Martina Lindorfer and Stefano Ortolani and Davide Balzarotti and Giovanni Vigna and Christopher Kruegel},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the Network and Distributed System Security Symposium (NDSS)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-11 17:18:17 +0200},
date-modified = {2021-10-11 17:18:17 +0200},
title = {{When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features}},
year = {2020}}
@misc { allatori ,
author = {Allatori},
date-added = {2021-10-11 15:08:53 +0200},
date-modified = {2021-10-11 15:09:47 +0200},
howpublished = {\url{http://www.allatori.com}},
title = {Allatori Java Obfuscator},
year = {2021}}
@misc { dasho ,
author = {PreEmptive},
date-added = {2021-10-11 15:07:22 +0200},
date-modified = {2021-10-11 15:08:23 +0200},
howpublished = {\url{https://www.preemptive.com/products/dasho/}},
title = {DashO: Professional-grade Application Protection},
year = {2021}}
@misc { dexguard ,
author = {Guardsquare},
date-added = {2021-10-11 15:05:16 +0200},
date-modified = {2021-10-11 15:06:26 +0200},
howpublished = {\url{https://www.guardsquare.com/dexguard}},
title = {DexGuard: Full spectrum protection for Android apps},
year = {2021}}
2022-01-05 15:31:13 +01:00
2022-01-05 12:27:05 +01:00
@misc { lief:oat ,
author = {Romain Thomas},
date-added = {2021-10-11 14:40:41 +0200},
date-modified = {2021-10-11 14:41:33 +0200},
howpublished = {\url{https://lief-project.github.io/doc/latest/tutorials/10_android_formats.html}},
title = {LIEF Documentation: Android Formats},
year = {2021}}
@misc { google:ndk ,
author = {Google},
date-added = {2021-10-11 13:57:57 +0200},
date-modified = {2021-10-11 20:38:24 +0200},
howpublished = {\url{https://developer.android.com/ndk/guides}},
title = {Get started with the NDK},
year = {2021}}
@inproceedings { orchoser19compsac ,
author = {Peng, Yanru and Chen, Yuting and Shen, Beijun},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IEEE Annual Computer Software and Applications Conference (COMPSAC)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-11 12:06:47 +0200},
date-modified = {2021-10-11 12:07:15 +0200},
doi = {10.1109/COMPSAC.2019.00023},
pages = {97-106},
title = {An Adaptive Approach to Recommending Obfuscation Rules for Java Bytecode Obfuscators},
volume = {1},
year = {2019},
bdsk-url-1 = {https://doi.org/10.1109/COMPSAC.2019.00023}}
@inproceedings { OSSPolice17ccs ,
address = {New York, NY, USA},
author = {Duan, Ruian and Bijlani, Ashish and Xu, Meng and Kim, Taesoo and Lee, Wenke},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-11 10:31:00 +0200},
date-modified = {2021-10-11 10:31:16 +0200},
doi = {10.1145/3133956.3134048},
isbn = {9781450349468},
keywords = {license violation, code clone detection, application security},
location = {Dallas, Texas, USA},
numpages = {17},
pages = {2169--2185},
publisher = {Association for Computing Machinery},
series = {CCS '17},
title = {Identifying Open-Source License Violation and 1-Day Security Risk at Large Scale},
url = {https://doi.org/10.1145/3133956.3134048},
year = {2017},
bdsk-url-1 = {https://doi.org/10.1145/3133956.3134048}}
@inproceedings { pmls20wisec ,
address = {New York, NY, USA},
author = {Zhang, Zicheng and Diao, Wenrui and Hu, Chengyu and Guo, Shanqing and Zuo, Chaoshun and Li, Li},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-11 10:27:08 +0200},
date-modified = {2021-10-11 10:27:30 +0200},
doi = {10.1145/3395351.3399346},
isbn = {9781450380065},
keywords = {malware, Android apps, malicious third-party libraries},
location = {Linz, Austria},
numpages = {11},
pages = {144--154},
publisher = {Association for Computing Machinery},
series = {WiSec '20},
title = {{An Empirical Study of Potentially Malicious Third-Party Libraries in Android Apps}},
url = {https://doi.org/10.1145/3395351.3399346},
year = {2020},
bdsk-url-1 = {https://doi.org/10.1145/3395351.3399346}}
@inproceedings { saturn2019spro ,
address = {New York, NY, USA},
author = {Garba, Peter and Favaro, Matteo},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the ACM Workshop on Software Protection (SPRO)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-10 15:27:33 +0200},
date-modified = {2021-10-10 15:27:47 +0200},
doi = {10.1145/3338503.3357721},
isbn = {9781450368353},
keywords = {llvm, binary rewriting, obfuscation, deobfuscation, binary recompilation, code lifting, reverse engineering, static software analysis},
location = {London, United Kingdom},
numpages = {12},
pages = {27--38},
publisher = {Association for Computing Machinery},
series = {SPRO'19},
title = {SATURN - Software Deobfuscation Framework Based On LLVM},
url = {https://doi.org/10.1145/3338503.3357721},
year = {2019},
bdsk-url-1 = {https://doi.org/10.1145/3338503.3357721}}
@inproceedings { bintuner21pldi ,
address = {New York, NY, USA},
author = {Ren, Xiaolei and Ho, Michael and Ming, Jiang and Lei, Yu and Li, Li},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-10 15:07:09 +0200},
date-modified = {2021-10-10 15:07:22 +0200},
doi = {10.1145/3453483.3454035},
isbn = {9781450383912},
keywords = {Binary Code Difference, Compiler Optimization},
location = {Virtual, Canada},
numpages = {16},
pages = {142--157},
publisher = {Association for Computing Machinery},
series = {PLDI 2021},
title = {Unleashing the Hidden Power of Compiler Optimization on Binary Code Difference: An Empirical Study},
url = {https://doi.org/10.1145/3453483.3454035},
year = {2021},
bdsk-url-1 = {https://doi.org/10.1145/3453483.3454035}}
@inproceedings { binrec20eurosys ,
address = {New York, NY, USA},
articleno = {36},
author = {Altinay, Anil and Nash, Joseph and Kroes, Taddeus and Rajasekaran, Prabhu and Zhou, Dixin and Dabrowski, Adrian and Gens, David and Na, Yeoul and Volckaert, Stijn and Giuffrida, Cristiano and Bos, Herbert and Franz, Michael},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the European Conference on Computer Systems (EuroSys)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-10 14:36:38 +0200},
date-modified = {2021-10-10 14:36:48 +0200},
doi = {10.1145/3342195.3387550},
isbn = {9781450368827},
location = {Heraklion, Greece},
numpages = {16},
publisher = {Association for Computing Machinery},
series = {EuroSys '20},
title = {BinRec: Dynamic Binary Lifting and Recompilation},
url = {https://doi.org/10.1145/3342195.3387550},
year = {2020},
bdsk-url-1 = {https://doi.org/10.1145/3342195.3387550}}
@misc { app-bundles ,
author = {Google},
date-added = {2021-10-10 12:44:41 +0200},
date-modified = {2021-10-10 12:45:37 +0200},
howpublished = {\url{https://developer.android.com/guide/app-bundle}},
title = {{About Android App Bundles}},
year = 2021}
@inproceedings { libscout16ccs ,
address = {New York, NY, USA},
author = {Backes, Michael and Bugiel, Sven and Derr, Erik},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-10 12:15:23 +0200},
date-modified = {2021-10-10 12:15:34 +0200},
doi = {10.1145/2976749.2978333},
isbn = {9781450341394},
keywords = {android, third-party library detection},
location = {Vienna, Austria},
numpages = {12},
pages = {356--367},
publisher = {Association for Computing Machinery},
series = {CCS '16},
title = {Reliable Third-Party Library Detection in Android and Its Security Applications},
url = {https://doi.org/10.1145/2976749.2978333},
year = {2016},
bdsk-url-1 = {https://doi.org/10.1145/2976749.2978333}}
@inproceedings { centroid14icse ,
address = {New York, NY, USA},
author = {Chen, Kai and Liu, Peng and Zhang, Yingjun},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the International Conference on Software Engineering (ICSE)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-10 12:12:20 +0200},
date-modified = {2021-10-10 12:12:56 +0200},
doi = {10.1145/2568225.2568286},
isbn = {9781450327565},
keywords = {centroid, clone detection, Android, Software analysis},
location = {Hyderabad, India},
numpages = {12},
pages = {175--186},
publisher = {Association for Computing Machinery},
series = {ICSE 2014},
title = {Achieving Accuracy and Scalability Simultaneously in Detecting Application Clones on Android Markets},
url = {https://doi.org/10.1145/2568225.2568286},
year = {2014},
bdsk-url-1 = {https://doi.org/10.1145/2568225.2568286}}
@inproceedings { droidsim14ifip ,
abstract = {Recently smartphones and mobile devices have gained incredible popularity for their vibrant feature-rich applications (or apps). Because it is easy to repackage Android apps, software plagiarism has become a serious problem. In this paper, we present an accurate and robust system DroidSim to detect code reuse. DroidSim calculates similarity score only with component-based control flow graph (CB-CFG). CB-CFG is a graph of which nodes are Android APIs and edges represent control flow precedence order in each Android component. Our system can be applied to detect repackaged apps and malware variants. We evaluate DroidSim on 121 apps and 706 malware variants. The results show that our system has no false negative and a false positive of 0.83{\%} for repackaged apps, and a detection ratio of 96.60{\%} for malware variants. Besides, ADAM is used to obfuscate apps and the result reveals that ADAM has no influence on our system.},
address = {Berlin, Heidelberg},
author = {Sun, Xin and Zhongyang, Yibing and Xin, Zhi and Mao, Bing and Xie, Li},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IFIP International Conference on Systems Security and Privacy Protection (IFIP SEC)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-10 12:07:56 +0200},
date-modified = {2021-10-10 12:11:00 +0200},
editor = {Cuppens-Boulahia, Nora and Cuppens, Fr{\'e}d{\'e}ric and Jajodia, Sushil and Abou El Kalam, Anas and Sans, Thierry},
isbn = {978-3-642-55415-5},
pages = {142--155},
publisher = {Springer Berlin Heidelberg},
title = {Detecting Code Reuse in Android Applications Using Component-Based Control Flow Graph},
year = {2014}}
@inproceedings { elsim12hicss ,
author = {Desnos, Anthony},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the Hawaii International Conference on System Sciences (HICSS)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-10 12:04:36 +0200},
date-modified = {2021-10-10 12:05:48 +0200},
doi = {10.1109/HICSS.2012.114},
pages = {5394-5403},
title = {Android: Static Analysis Using Similarity Distance},
year = {2012},
bdsk-url-1 = {https://doi.org/10.1109/HICSS.2012.114}}
@inproceedings { andradar:dimva14 ,
author = {Lindorfer, Martina and Volanis, Stamatis and Sisto, Alessandro and Neugschwandtner, Matthias and Athanasopoulos, Elias and Maggi, Federico and Platzer, Christian and Zanero, Stefano and Ioannidis, Sotiris},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-10 12:04:06 +0200},
date-modified = {2021-10-10 12:04:06 +0200},
title = {{AndRadar: Fast Discovery of Android Applications in Alternative Markets}},
year = {2014}}
@inproceedings { libraries20ase ,
author = {Zhan, Xian and Fan, Lingling and Liu, Tianming and Chen, Sen and Li, Li and Wang, Haoyu and Xu, Yifei and Luo, Xiapu and Liu, Yang},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IEEE/ACM International Conference on Automated Software Engineering (ASE)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-10 11:56:03 +0200},
date-modified = {2021-10-10 11:56:16 +0200},
pages = {919-930},
title = {Automated Third-Party Library Detection for Android Applications: Are We There Yet?},
year = {2020}}
@inproceedings { codematch17fse ,
address = {New York, NY, USA},
author = {Glanz, Leonid and Amann, Sven and Eichberg, Michael and Reif, Michael and Hermann, Ben and Lerch, Johannes and Mezini, Mira},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the Joint Meeting on Foundations of Software Engineering (ESEC/FSE)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-10 11:43:39 +0200},
date-modified = {2021-10-10 12:31:42 +0200},
doi = {10.1145/3106237.3106305},
isbn = {9781450351058},
keywords = {obfuscation, library detection, code analysis, repackage detection},
location = {Paderborn, Germany},
numpages = {11},
pages = {638--648},
publisher = {Association for Computing Machinery},
series = {ESEC/FSE 2017},
title = {CodeMatch: Obfuscation Won't Conceal Your Repackaged App},
url = {https://doi.org/10.1145/3106237.3106305},
year = {2017},
bdsk-url-1 = {https://doi.org/10.1145/3106237.3106305}}
@misc { google:kotlin ,
author = {Google},
howpublished = {\url{https://developer.android.com/kotlin/first}},
title = {Android's Kotlin-first approach},
year = {2021}}
@misc { proguardvsv8 ,
author = {Guardsquare},
howpublished = {\url{hhttps://www.guardsquare.com/blog/proguard-and-r8}},
month = {7},
title = {ProGuard and R8: Comparing Optimizers},
year = {2018}}
@misc { proguardvsv8new ,
author = {Guardsquare},
howpublished = {\url{hhttps://www.guardsquare.com/blog/comparison-proguard-vs-r8-october-2019-edition}},
month = {10},
title = {Comparison of ProGuard vs. R8: October 2019 edition},
year = {2019}}
@misc { google:lvlapps ,
author = {Google},
howpublished = {\url{https://android-developers.googleblog.com/2010/09/securing-android-lvl-applications.html}},
title = {Securing Android LVL Applications},
year = {2010}}
@misc { google:r8default ,
author = {Google},
date-added = {2021-10-08 16:58:42 +0200},
date-modified = {2021-10-08 16:59:59 +0200},
howpublished = {\url{https://developer.android.com/studio/releases/gradle-plugin\#3-4-0}},
title = {Android Gradle plugin release notes: 3.4.0 (April 2019)},
year = {2021}}
2022-01-05 15:31:13 +01:00
@misc { google:gradle ,
author = {Google},
howpublished = {\url{https://developer.android.com/studio/build}},
title = {Configure your build},
year = {2021}}
2022-01-05 12:27:05 +01:00
@misc { google:android2.3 ,
author = {Google},
date-added = {2021-10-08 16:44:35 +0200},
date-modified = {2021-10-08 16:46:25 +0200},
howpublished = {\url{https://android-developers.googleblog.com/2010/12/android-23-platform-and-updated-sdk.html}},
month = {12},
title = {Android 2.3 Platform and Updated SDK Tools},
year = {2010}}
@inproceedings { citizendeveloper18sp ,
author = {Oltrogge, Marten and Derr, Erik and Stransky, Christian and Acar, Yasemin and Fahl, Sascha and Rossow, Christian and Pellegrino, Giancarlo and Bugiel, Sven and Backes, Michael},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IEEE Symposium on Security and Privacy (S\&P)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 15:43:16 +0200},
date-modified = {2021-10-08 15:43:38 +0200},
doi = {10.1109/SP.2018.00005},
pages = {634-647},
title = {The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators},
year = {2018},
bdsk-url-1 = {https://doi.org/10.1109/SP.2018.00005}}
@misc { statista:total ,
author = {Statista},
date-modified = {2021-10-08 16:00:47 +0200},
howpublished = {\url{https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/}},
month = {9},
title = {Number of available applications in the Google Play Store from December 2009 to July 2021},
urldate = {2021-10-08},
year = {2021}}
@misc { androidstats ,
author = {Statcounter},
howpublished = {\url{https://gs.statcounter.com/os-market-share}},
title = {Operating System Market Share Worldwide},
urldate = {2021-10-08},
year = {2021}}
@misc { statista:month ,
author = {Statista},
date-modified = {2021-10-08 16:00:42 +0200},
howpublished = {\url{https://www.statista.com/statistics/1020956/android-app-releases-worldwide/}},
month = {10},
title = {Average number of new Android app releases via Google Play per month from March 2019 to August 2021},
urldate = {2021-10-08},
year = {2021}}
@misc { aptoide ,
author = {Aptoide},
date-added = {2021-10-08 15:33:38 +0200},
date-modified = {2021-10-08 15:34:06 +0200},
howpublished = {\url{https://en.aptoide.com/company/about-us}},
title = {The game-changing alternative Android app store},
urldate = {2021-10-08},
year = {2021}}
@misc { ghidra ,
author = {NSA},
date-added = {2021-10-08 14:22:37 +0200},
date-modified = {2021-10-08 14:22:52 +0200},
howpublished = {\url{https://ghidra-sre.org}},
title = {Ghidra}}
@misc { objdump ,
date-added = {2021-10-08 14:21:26 +0200},
date-modified = {2021-10-08 14:22:20 +0200},
howpublished = {\url{https://linux.die.net/man/1/objdump}},
title = {arm-linux-gnueabi-objdump}}
@misc { binaryninja ,
date-added = {2021-10-08 14:20:31 +0200},
date-modified = {2021-10-08 14:20:43 +0200},
howpublished = {\url{https://binary.ninja}},
title = {BinaryNinja}}
@misc { idapro ,
author = {Hex-Rays},
date-added = {2021-10-08 14:19:46 +0200},
date-modified = {2021-10-08 14:20:21 +0200},
howpublished = {\url{https://hex-rays.com/ida-pro/}},
title = {IDA Pro}}
@misc { hopper ,
date-added = {2021-10-08 14:19:24 +0200},
date-modified = {2021-10-08 14:19:34 +0200},
howpublished = {\url{https://www.hopperapp.com}},
title = {Hopper}}
@misc { radare ,
date-added = {2021-10-08 14:18:51 +0200},
date-modified = {2021-10-08 14:19:13 +0200},
howpublished = {\url{https://rada.re/}},
title = {Radare2}}
@inproceedings { angr16sp ,
author = {Shoshitaishvili, Yan and Wang, Ruoyu and Salls, Christopher and Stephens, Nick and Polino, Mario and Dutcher, Andrew and Grosen, John and Feng, Siji and Hauser, Christophe and Kruegel, Christopher and Vigna, Giovanni},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IEEE Symposium on Security and Privacy (S\&P)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 14:17:52 +0200},
date-modified = {2021-10-08 14:18:13 +0200},
doi = {10.1109/SP.2016.17},
pages = {138-157},
title = {SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis},
year = {2016},
bdsk-url-1 = {https://doi.org/10.1109/SP.2016.17}}
@inproceedings { bap11cav ,
abstract = {BAP is a publicly available infrastructure for performing program verification and analysis tasks on binary (i.e., executable) code. In this paper, we describe BAP as well as lessons learned from previous incarnations of binary analysis platforms. BAP explicitly represents all side effects of instructions in an intermediate language (IL), making syntaxdirected analysis possible. We have used BAP to routinely generate and solve verification conditions that are hundreds of megabytes in size and encompass 100,000's of assembly instructions.},
address = {Berlin, Heidelberg},
author = {Brumley, David and Jager, Ivan and Avgerinos, Thanassis and Schwartz, Edward J.},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the International Conference on Computer Aided Verification (CAV)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 14:17:01 +0200},
date-modified = {2021-10-08 14:17:26 +0200},
isbn = {978-3-642-22110-1},
publisher = {Springer Berlin Heidelberg},
title = {BAP: A Binary Analysis Platform},
year = {2011}}
@inproceedings { nucleus:17sp ,
author = {Andriesse, Dennis and Slowinska, Asia and Bos, Herbert},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IEEE European Symposium on Security and Privacy (EuroS\&P)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 14:10:23 +0200},
date-modified = {2021-10-08 14:10:36 +0200},
doi = {10.1109/EuroSP.2017.11},
pages = {177-189},
title = {Compiler-Agnostic Function Detection in Binaries},
year = {2017},
bdsk-url-1 = {https://doi.org/10.1109/EuroSP.2017.11}}
@misc { wikipedia:applist ,
author = {Wikipedia},
date-added = {2021-10-08 13:57:21 +0200},
date-modified = {2021-10-08 13:57:49 +0200},
howpublished = {\url{https://en.wikipedia.org/wiki/List_of_free_and_open-source_Android_applications}},
title = {List of free and open-source Android applications},
urldate = {2021-06-07}}
@inproceedings { androzoo2020 ,
author = {Liu, Pei and Li, Li and Zhao, Yanjie and Sun, Xiaoyu and Grundy, John},
date-added = {2021-10-08 13:46:02 +0200},
date-modified = {2021-10-08 13:46:02 +0200},
journal = {\msr{}},
title = {AndroZooOpen: Collecting Large-Scale Open Source Android Apps for the Research Community},
year = {2020}}
@inproceedings { multimodal2019rajasegaran ,
address = {{San Francisco, CA, USA}},
annotation = {ZSCC: 0000002},
author = {Rajasegaran, Jathushan and Karunanayake, Naveen and Gunathillake, Ashanie and Seneviratne, Suranga and Jourjon, Guillaume},
booktitle = {The {{World Wide Web Conference}} on - {{WWW}} '19},
date-added = {2021-10-08 13:45:30 +0200},
date-modified = {2021-10-08 13:45:30 +0200},
doi = {10.1145/3308558.3313427},
isbn = {978-1-4503-6674-8},
pages = {3165--3171},
publisher = {{ACM Press}},
title = {A {{Multi}}-Modal {{Neural Embeddings Approach}} for {{Detecting Mobile Counterfeit Apps}}},
year = {2019},
bdsk-url-1 = {https://doi.org/10.1145/3308558.3313427}}
@misc { google-play-signing ,
author = {Google},
date-added = {2021-10-08 13:44:25 +0200},
date-modified = {2021-10-08 13:44:33 +0200},
howpublished = {\url{https://developer.android.com/studio/publish/app-signing}},
title = {{Sign your app}},
year = {2021}}
@misc { redex ,
author = {Facebook},
date-added = {2021-10-08 12:33:40 +0200},
date-modified = {2021-10-08 12:34:06 +0200},
howpublished = {\url{https://fbredex.com}},
title = {Redex: An Android Bytecode Optimizer}}
@misc { quarkslab:diffing3 ,
author = {Tom Czayka and Romain Thomas},
date-added = {2021-10-08 12:32:05 +0200},
date-modified = {2021-10-08 12:32:05 +0200},
howpublished = {\url{https://blog.quarkslab.com/android-application-diffing-analysis-of-modded-version.html}},
month = {5},
title = {Android Application Diffing: Analysis of Modded Version},
year = {2019}}
@misc { quarkslab:diffing2 ,
author = {Tom Czayka and Romain Thomas},
date-added = {2021-10-08 12:31:07 +0200},
date-modified = {2021-10-08 12:32:26 +0200},
howpublished = {\url{https://blog.quarkslab.com/android-application-diffing-cve-2019-10875-inspection.html}},
month = {5},
title = {Android Application Diffing: CVE-2019-10875 Inspection},
year = {2019}}
2022-01-05 15:31:13 +01:00
@article { lineage ,
author = {Irfan Ul Haq and Sergio Chica and Juan Caballero and Somesh Jha},
title = {{Malware Lineage in the Wild}},
journal = {Computers \& Security},
publisher = {Elsevier},
volume = {78},
year = {2018},
pages = {347--363},
issn = {0167-4048},
doi = {10.1016/j.cose.2018.07.012},
jcr = {2.862},
}
2022-01-05 12:27:05 +01:00
@misc { quarkslab:diffing ,
author = {Tom Czayka and Romain Thomas},
date-added = {2021-10-08 12:29:26 +0200},
date-modified = {2021-10-08 12:30:09 +0200},
howpublished = {\url{https://blog.quarkslab.com/android-application-diffing-engine-overview.html}},
month = {4},
title = {Android Application Diffing: Engine Overview},
year = {2019}}
@misc { r8optimizer ,
author = {Google},
date-added = {2021-10-08 12:22:49 +0200},
date-modified = {2021-10-08 12:23:39 +0200},
howpublished = {\url{https://developer.android.com/studio/build/shrink-code}},
title = {Shrink, obfuscate, and optimize your app},
urldate = {2021-10-08},
year = {2021}}
@misc { proguardgithub ,
author = {Guardsquare},
date-added = {2021-10-08 12:21:31 +0200},
date-modified = {2021-10-11 15:05:45 +0200},
howpublished = {\url{https://www.guardsquare.com/proguard}},
journal = {GitHub repository},
publisher = {GitHub},
title = {ProGuard: Java optimizer and obfuscator},
year = {2021}}
@misc { proguard ,
author = {Guardsquare},
date-added = {2021-10-08 12:19:18 +0200},
date-modified = {2021-10-11 15:05:53 +0200},
howpublished = {\url{https://github.com/Guardsquare/proguard}},
title = {ProGuard: Shrink your Java and Android code},
year = {2021}}
@inproceedings { antiproguard2017 ,
abstract = {A wide adoption of obfuscation techniques by Android application developers, and especially malware authors, introduces a high degree of complication into the process of reverse engineering, analysis, and security evaluation of third-party and potentially harmful apps.In this paper we present the early results of our research aiming to provide reliable means for automated deobfuscation of Android apps. According to the underlying approach, deobfuscation of a given app is performed by matching its code parts to the unobfuscated code stored in a database. For this purpose we apply well-known software similarity algorithms, such as SimHash and n-gram based ones. As a source of unobfuscated code can serve open source apps and libraries, as well as previously analyzed and manually deobfuscated code.Although the presented techniques are generic in their nature, our current prototype mainly targets Proguard, as one of the most widely used protection tools for Android performing primarily renaming obfuscation. The evaluation of the presented Anti-ProGuard tool witnesses its effectiveness for the considered task and supports the feasibility of the proposed approach.},
address = {New York, NY, USA},
author = {Baumann, Richard and Protsenko, Mykolai and M\"{u}ller, Tilo},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the Workshop on Security in Highly Connected IT Systems (SHCIS)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 12:17:33 +0200},
date-modified = {2021-10-08 12:17:49 +0200},
doi = {10.1145/3099012.3099020},
isbn = {9781450352710},
keywords = {Software Similarity, Android, Deobfuscation, Reverse Engineering},
location = {Neuch\^{a}tel, Switzerland},
numpages = {6},
pages = {7--12},
publisher = {Association for Computing Machinery},
series = {SHCIS '17},
title = {Anti-ProGuard: Towards Automated Deobfuscation of Android Apps},
url = {https://doi.org/10.1145/3099012.3099020},
year = {2017},
bdsk-url-1 = {https://doi.org/10.1145/3099012.3099020}}
@inproceedings { armdisassemblers20issta ,
abstract = {With the increasing popularity of embedded devices, ARM is becoming the dominant architecture for them. In the meanwhile, there is a pressing need to perform security assessments for these devices. Due to different types of peripherals, it is challenging to dynamically run the firmware of these devices in an emulated environment. Therefore, the static analysis is still commonly used. Existing work usually leverages off-the-shelf tools to disassemble stripped ARM binaries and (implicitly) assume that reliable disassembling binaries and function recognition are solved problems. However, whether this assumption really holds is unknown. In this paper, we conduct the first comprehensive study on ARM disassembly tools. Specifically, we build 1,896 ARM binaries (including 248 obfuscated ones) with different compilers, compiling options, and obfuscation methods. We then evaluate them using eight state-of-the-art ARM disassembly tools (including both commercial and noncommercial ones) on their capabilities to locate instructions and function boundaries. These two are fundamental ones, which are leveraged to build other primitives. Our work reveals some observations that have not been systematically summarized and/or confirmed. For instance, we find that the existence of both ARM and Thumb instruction sets, and the reuse of the BL instruction for both function calls and branches bring serious challenges to disassembly tools. Our evaluation sheds light on the limitations of state-of-the-art disassembly tools and points out potential directions for improvement. To engage the community, we release the data set, and the related scripts at https://github.com/valour01/arm_disasssembler_study.},
address = {New York, NY, USA},
author = {Jiang, Muhui and Zhou, Yajin and Luo, Xiapu and Wang, Ruoyu and Liu, Yang and Ren, Kui},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 12:09:48 +0200},
date-modified = {2021-10-08 12:10:02 +0200},
doi = {10.1145/3395363.3397377},
isbn = {9781450380089},
keywords = {ARM Architecture, Disassembly Tools, Empirical Study},
location = {Virtual Event, USA},
numpages = {14},
pages = {401--414},
publisher = {Association for Computing Machinery},
series = {ISSTA 2020},
title = {An Empirical Study on ARM Disassembly Tools},
url = {https://doi.org/10.1145/3395363.3397377},
year = {2020},
bdsk-url-1 = {https://doi.org/10.1145/3395363.3397377}}
@article { droidskynet21tdsc ,
author = {Zhang, Yue and Weng, Jian and Weng, Jiasi and Hou, Lin and Yang, Anjia and Li, Ming and Xiang, Yang and Deng, Robert H.},
date-added = {2021-10-08 11:49:41 +0200},
date-modified = {2021-10-08 11:49:51 +0200},
doi = {10.1109/TDSC.2019.2914202},
journal = {IEEE Transactions on Dependable and Secure Computing},
number = {2},
pages = {652-666},
title = {Looking Back! Using Early Versions of Android Apps as Attack Vectors},
volume = {18},
year = {2021},
bdsk-url-1 = {https://doi.org/10.1109/TDSC.2019.2914202}}
@inproceedings { bscout20usenix ,
author = {Jiarun Dai and Yuan Zhang and Zheyue Jiang and Yingtian Zhou and Junyan Chen and Xinyu Xing and Xiaohan Zhang and Xin Tan and Min Yang and Zhemin Yang},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the USENIX Security Symposium},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 11:46:24 +0200},
date-modified = {2021-10-08 11:46:39 +0200},
isbn = {978-1-939133-17-5},
month = aug,
pages = {1147--1164},
publisher = {{USENIX} Association},
title = {BScout: Direct Whole Patch Presence Test for Java Executables},
url = {https://www.usenix.org/conference/usenixsecurity20/presentation/dai},
year = {2020},
bdsk-url-1 = {https://www.usenix.org/conference/usenixsecurity20/presentation/dai}}
@inproceedings { kotlindetector21mobilesoft ,
address = {Los Alamitos, CA, USA},
author = {Fadi Mohsen and Loran Oosterhaven and Fatih Turkmen},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MobileSoft)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 11:44:23 +0200},
date-modified = {2021-10-08 11:45:02 +0200},
doi = {10.1109/MobileSoft52590.2021.00018},
keywords = {privacy;java;switches;tools;feature extraction;mobile applications;software reliability},
pages = {84-93},
publisher = {IEEE Computer Society},
title = {KotlinDetector: Towards Understanding the Implications of Using Kotlin in Android Applications},
url = {https://doi.ieeecomputersociety.org/10.1109/MobileSoft52590.2021.00018},
year = {2021},
bdsk-url-1 = {https://doi.ieeecomputersociety.org/10.1109/MobileSoft52590.2021.00018},
bdsk-url-2 = {https://doi.org/10.1109/MobileSoft52590.2021.00018}}
@inproceedings { decompilers21saner ,
author = {Mauthe, Noah and Karg{\'e}n, Ulf and Shahmehri, Nahid},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 11:42:38 +0200},
date-modified = {2021-10-08 11:42:48 +0200},
doi = {10.1109/SANER50967.2021.00044},
pages = {400-410},
title = {A Large-Scale Empirical Study of Android App Decompilation},
year = {2021},
bdsk-url-1 = {https://doi.org/10.1109/SANER50967.2021.00044}}
@article { awa21tdsc ,
author = {Ma, Haoyu and Li, Shijia and Gao, Debin and Wu, Daoyuan and Jia, Qiaowen and Jia, Chunfu},
date-added = {2021-10-08 11:40:54 +0200},
date-modified = {2021-10-08 11:41:03 +0200},
doi = {10.1109/TDSC.2021.3100877},
journal = {IEEE Transactions on Dependable and Secure Computing},
pages = {1-1},
title = {Active Warden Attack: On the (In)Effectiveness of Android App Repackage-Proofing},
year = {2021},
bdsk-url-1 = {https://doi.org/10.1109/TDSC.2021.3100877}}
@inproceedings { droidpro18trustcom ,
author = {Bao, Judong and He, Yongqiang and Wen, Weiping},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 11:24:02 +0200},
date-modified = {2021-10-08 11:24:30 +0200},
doi = {10.1109/TrustCom/BigDataSE.2018.00093},
pages = {624-632},
title = {DroidPro: An AOTC-Based Bytecode-Hiding Scheme for Packing the Android Applications},
year = {2018},
bdsk-url-1 = {https://doi.org/10.1109/TrustCom/BigDataSE.2018.00093}}
@inproceedings { obfdetection17mobilesoft ,
author = {Wang, Yan and Rountev, Atanas},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 11:21:57 +0200},
date-modified = {2021-10-08 11:22:16 +0200},
doi = {10.1109/MOBILESoft.2017.18},
pages = {154-164},
title = {Who Changed You? Obfuscator Identification for Android},
year = {2017},
bdsk-url-1 = {https://doi.org/10.1109/MOBILESoft.2017.18}}
@inproceedings { oblive19saner ,
author = {Pizzolotto, Davide and Fellin, Roberto and Ceccato, Mariano},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 11:20:52 +0200},
date-modified = {2021-10-08 11:21:03 +0200},
doi = {10.1109/SANER.2019.8667982},
pages = {629-633},
title = {OBLIVE: Seamless Code Obfuscation for Java Programs and Android Apps},
year = {2019},
bdsk-url-1 = {https://doi.org/10.1109/SANER.2019.8667982}}
@inproceedings { kotlinvsjava21 ,
author = {Hecht, Geoffrey and Bergel, Alexandre},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MobileSoft)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 11:18:29 +0200},
date-modified = {2021-10-08 11:19:40 +0200},
doi = {10.1109/MobileSoft52590.2021.00019},
pages = {94-98},
title = {Quantifying the adoption of Kotlin on Android stores: Insight from the bytecode},
year = {2021},
bdsk-url-1 = {https://doi.org/10.1109/MobileSoft52590.2021.00019}}
@inproceedings { libid19issta ,
address = {New York, NY, USA},
author = {Zhang, Jiexin and Beresford, Alastair R. and Kollmann, Stephan A.},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 11:16:25 +0200},
date-modified = {2021-10-08 11:16:39 +0200},
doi = {10.1145/3293882.3330563},
isbn = {9781450362245},
keywords = {ProGuard, Obfuscation, Android, Third-party library},
location = {Beijing, China},
numpages = {11},
pages = {55--65},
publisher = {Association for Computing Machinery},
series = {ISSTA 2019},
title = {LibID: Reliable Identification of Obfuscated Third-Party Android Libraries},
url = {https://doi.org/10.1145/3293882.3330563},
year = {2019},
bdsk-url-1 = {https://doi.org/10.1145/3293882.3330563}}
@inproceedings { orlis18libs ,
author = {Wang, Yan and Wu, Haowei and Zhang, Hailong and Rountev, Atanas},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 11:15:54 +0200},
date-modified = {2021-10-08 11:16:06 +0200},
pages = {13-23},
title = {Orlis: Obfuscation-Resilient Library Detection for Android},
year = {2018}}
@inproceedings { zungurappjitsu ,
author = {Zungur, Onur and Bianchi, Antonio and Stringhini, Gianluca and Egele, Manuel},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the IEEE European Symposium on Security and Privacy (EuroS\&P)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 11:12:44 +0200},
date-modified = {2021-10-08 11:13:08 +0200},
title = {APPJITSU: Investigating the Resiliency of Android Applications},
year = {2021}}
@inproceedings { haupert2018honey ,
author = {Haupert, Vincent and Maier, Dominik and Schneider, Nicolas and Kirsch, Julian and M{\"u}ller, Tilo},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 11:09:58 +0200},
date-modified = {2021-10-08 11:10:43 +0200},
organization = {Springer},
pages = {69--91},
title = {Honey, I Shrunk Your App Security: The State of Android App Hardening},
year = {2018}}
@article { libsurvey21tse ,
author = {Zhan, Xian and Liu, Tianming and Liu, Yepang and Liu, Yang and Li, Li and Wang, Haoyu and Luo, Xiapu},
date-added = {2021-10-08 11:05:47 +0200},
date-modified = {2021-10-08 11:05:56 +0200},
doi = {10.1109/TSE.2021.3115506},
journal = {IEEE Transactions on Software Engineering},
pages = {1-1},
title = {A Systematic Assessment on Android Third-party Library Detection Tools},
year = {2021},
bdsk-url-1 = {https://doi.org/10.1109/TSE.2021.3115506}}
@article { packergrind ,
author = {Xue, Lei and Zhou, Hao and Luo, Xiapu and Yu, Le and Wu, Dinghao and Zhou, Yajin and Ma, Xiaobo},
date-added = {2021-10-08 11:04:51 +0200},
date-modified = {2021-10-08 11:04:58 +0200},
doi = {10.1109/TSE.2020.2996433},
journal = {IEEE Transactions on Software Engineering},
pages = {1-1},
title = {PackerGrind: An Adaptive Unpacking System for Android Apps},
year = {2020},
bdsk-url-1 = {https://doi.org/10.1109/TSE.2020.2996433}}
@inproceedings { deguard16ccs ,
address = {New York, NY, USA},
author = {Bichsel, Benjamin and Raychev, Veselin and Tsankov, Petar and Vechev, Martin},
2022-01-05 15:31:13 +01:00
booktitle = {Proc. of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 11:03:26 +0200},
date-modified = {2021-10-08 11:03:38 +0200},
doi = {10.1145/2976749.2978422},
isbn = {9781450341394},
keywords = {program deobfuscation, malware inspection, reverse engineering},
location = {Vienna, Austria},
numpages = {13},
pages = {343--355},
publisher = {Association for Computing Machinery},
series = {CCS '16},
title = {Statistical Deobfuscation of Android Applications},
url = {https://doi.org/10.1145/2976749.2978422},
year = {2016},
bdsk-url-1 = {https://doi.org/10.1145/2976749.2978422}}
@inproceedings { Obfuscator-LLVM19icse ,
author = {Kan, Zeliang and Wang, Haoyu and Wu, Lei and Guo, Yao and Xu, Guoai},
2022-01-05 15:31:13 +01:00
booktitle = {Companion Proc. of the IEEE/ACM International Conference on Software Engineering (ICSE-Companion)},
2022-01-05 12:27:05 +01:00
date-added = {2021-10-08 11:00:09 +0200},
date-modified = {2021-10-08 11:00:44 +0200},
doi = {10.1109/ICSE-Companion.2019.00135},
pages = {322-323},
title = {Deobfuscating Android Native Binary Code},
year = {2019},
bdsk-url-1 = {https://doi.org/10.1109/ICSE-Companion.2019.00135}}
2022-01-05 15:31:13 +01:00
@article { obfuscapk2020aonzo ,