actually used latest version

This commit is contained in:
Jakob 2022-01-05 15:31:13 +01:00
parent 32e2aeb90a
commit ded6df9dc7
2 changed files with 229 additions and 105 deletions

333
main.bib
View File

@ -35,7 +35,7 @@ for all 154 vulnerabilities in two latest commercial firmware images from D-LINK
103 of them are potentially vulnerable in these images, and 16 of them were confirmed.},
address = {New York, NY, USA},
author = {Feng, Qian and Zhou, Rundong and Xu, Chengcheng and Cheng, Yao and Testa, Brian and Yin, Heng},
booktitle = {Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
booktitle = {Proc. of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
date-added = {2021-10-12 10:51:27 +0200},
date-modified = {2021-10-12 10:51:55 +0200},
doi = {10.1145/2976749.2978370},
@ -55,13 +55,13 @@ for all 154 vulnerabilities in two latest commercial firmware images from D-LINK
@INPROCEEDINGS{cacompare17ICPC,
author={Hu, Yikun and Zhang, Yuanyuan and Li, Juanru and Gu, Dawu},
booktitle={Proceedings of the IEEE/ACM International Conference on Program Comprehension (ICPC)},
booktitle={Proc. of the IEEE/ACM International Conference on Program Comprehension (ICPC)},
title={Binary Code Clone Detection across Architectures and Compiling Configurations},
year={2017},
volume={},
number={},
pages={88-98},
doi={10.1109/ICPC.2017.22}}
doi={10.1109/ICPC.2017.22}}
@inproceedings{bingo16fse,
author = {Chandramohan, Mahinthan and Xue, Yinxing and Xu, Zhengzi and Liu, Yang and Cho, Chia Yuan and Tan, Hee Beng Kuan},
@ -72,7 +72,7 @@ publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/2950290.2950350},
doi = {10.1145/2950290.2950350},
booktitle = {Proceedings of the ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE)},
booktitle = {Proc. of the ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE)},
pages = {678689},
numpages = {12},
keywords = {Binary Code Searching, Vulnerability Matching},
@ -87,7 +87,7 @@ series = {FSE 2016}
volume={45},
number={11},
pages={1125-1149},
doi={10.1109/TSE.2018.2827379}}
doi={10.1109/TSE.2018.2827379}}
@inproceedings{gemini17ccs,
author = {Xiaojun Xu and
@ -101,7 +101,7 @@ series = {FSE 2016}
Tal Malkin and
Dongyan Xu},
title = {Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection},
booktitle = {Proceedings of the {ACM} {SIGSAC} Conference on Computer and
booktitle = {Proc. of the {ACM} {SIGSAC} Conference on Computer and
Communications Security (CCS)},
pages = {363--376},
publisher = {{ACM}},
@ -120,7 +120,7 @@ series = {FSE 2016}
abstract = {Determining if two functions taken from different compiled binaries originate from the same function in the source code has many applications to malware reverse engineering. Namely, this process allows an analyst to filter large swaths of code, removing functions that have been previously observed or those that originate in shared or trusted libraries. However, this task is challenging due to the myriad factors that influence the translation between source code and assembly instructions---the instruction stream created by a compiler is heavily influenced by a number of factors including optimizations, target platforms, and runtime constraints. In this paper, we seek to advance methods for reliably testing the equivalence of functions found in different executables. By leveraging advances in deep learning and natural language processing, we design and evaluate a novel algorithm, BinDNN, that is resilient to variations in compiler, compiler optimization level, and architecture. We show that BinDNN is effective both in isolation or in conjunction with existing approaches. In the case of the latter, we boost performance by 109{\%} when combining BinDNN with BinDiff to compare functions across architectures. This result---an improvement of 32{\%} for BinDNN and 185{\%} for BinDiff---demonstrates the utility of employing multiple orthogonal approaches to function matching.},
address = {Cham},
author = {Lageman, Nathaniel and Kilmer, Eric D. and Walls, Robert J. and McDaniel, Patrick D.},
booktitle = {Proceedings of the International Conference on Security and Privacy in Communication Systems (SecureComm)},
booktitle = {Proc. of the International Conference on Security and Privacy in Communication Systems (SecureComm)},
date-added = {2021-10-12 10:45:53 +0200},
date-modified = {2021-10-12 10:46:16 +0200},
editor = {Deng, Robert and Weng, Jian and Ren, Kui and Yegneswaran, Vinod},
@ -132,12 +132,11 @@ series = {FSE 2016}
@inproceedings{discovre16,
author = {Sebastian Eschweiler and Khaled Yakdan and Elmar Gerhards-Padilla},
booktitle = {Proceedings of the Annual Network and Distributed System Security Symposium (NDSS)},
booktitle = {Proc. of the Annual Network and Distributed System Security Symposium (NDSS)},
date-added = {2021-10-12 10:40:16 +0200},
date-modified = {2021-10-12 10:40:59 +0200},
doi = {10.14722/ndss.2016.23185},
isbn = {1-891562-41-X},
language = {en},
pages = {1 -- 15},
publisher = {Internet Society},
title = {discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code},
@ -158,7 +157,7 @@ series = {FSE 2016}
address = {New York, NY, USA},
articleno = {9},
author = {Sun, Mingshen and Li, Mengmeng and Lui, John C. S.},
booktitle = {Proceedings of the ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec)},
booktitle = {Proc. of the ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec)},
date-added = {2021-10-12 10:25:13 +0200},
date-modified = {2021-10-12 10:25:24 +0200},
doi = {10.1145/2766498.2766508},
@ -174,7 +173,7 @@ series = {FSE 2016}
@inproceedings{ieeespro2015-JunodRWM,
author = {Pascal Junod and Julien Rinaldini and Johan Wehrli and Julie Michielin},
booktitle = {Proceedings of the {IEEE/ACM} International Workshop on Software Protection (SPRO)},
booktitle = {Proc. of the {IEEE/ACM} International Workshop on Software Protection (SPRO)},
date-added = {2021-10-12 07:37:32 +0200},
date-modified = {2021-10-12 07:37:48 +0200},
doi = {10.1109/SPRO.2015.10},
@ -202,7 +201,6 @@ series = {FSE 2016}
numpages = {30},
publisher = {Association for Computing Machinery},
title = {*droid: Assessment and Evaluation of Android Application Analysis Tools},
url = {https://doi.org/10.1145/2996358},
volume = {49},
year = {2016},
bdsk-url-1 = {https://doi.org/10.1145/2996358}}
@ -211,7 +209,7 @@ series = {FSE 2016}
abstract = {In recent years, researchers have developed a number of tools to conduct taint analysis of Android applications. While all the respective papers aim at providing a thorough empirical evaluation, comparability is hindered by varying or unclear evaluation targets. Sometimes, the apps used for evaluation are not precisely described. In other cases, authors use an established benchmark but cover it only partially. In yet other cases, the evaluations differ in terms of the data leaks searched for, or lack a ground truth to compare against. All those limitations make it impossible to truly compare the tools based on those published evaluations. We thus present ReproDroid, a framework allowing the accurate comparison of Android taint analysis tools. ReproDroid supports researchers in inferring the ground truth for data leaks in apps, in automatically applying tools to benchmarks, and in evaluating the obtained results. We use ReproDroid to comparatively evaluate on equal grounds the six prominent taint analysis tools Amandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results are largely positive although four tools violate some promises concerning features and accuracy. Finally, we contribute to the area of unbiased benchmarking with a new and improved version of the open test suite DroidBench.},
address = {New York, NY, USA},
author = {Pauck, Felix and Bodden, Eric and Wehrheim, Heike},
booktitle = {Proceedings of the ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)},
booktitle = {Proc. of the ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)},
date-added = {2021-10-11 23:37:12 +0200},
date-modified = {2021-10-11 23:37:32 +0200},
doi = {10.1145/3236024.3236029},
@ -253,7 +251,7 @@ series = {FSE 2016}
@inproceedings{packware:ndss20,
author = {Hojjat Aghakhani and Fabio Gritti and Francesco Mecca and Martina Lindorfer and Stefano Ortolani and Davide Balzarotti and Giovanni Vigna and Christopher Kruegel},
booktitle = {Proceedings of the Network and Distributed System Security Symposium (NDSS)},
booktitle = {Proc. of the Network and Distributed System Security Symposium (NDSS)},
date-added = {2021-10-11 17:18:17 +0200},
date-modified = {2021-10-11 17:18:17 +0200},
title = {{When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features}},
@ -283,6 +281,7 @@ series = {FSE 2016}
title = {DexGuard: Full spectrum protection for Android apps},
year = {2021}}
@misc{lief:oat,
author = {Romain Thomas},
date-added = {2021-10-11 14:40:41 +0200},
@ -301,7 +300,7 @@ series = {FSE 2016}
@inproceedings{orchoser19compsac,
author = {Peng, Yanru and Chen, Yuting and Shen, Beijun},
booktitle = {Proceedings of the IEEE Annual Computer Software and Applications Conference (COMPSAC)},
booktitle = {Proc. of the IEEE Annual Computer Software and Applications Conference (COMPSAC)},
date-added = {2021-10-11 12:06:47 +0200},
date-modified = {2021-10-11 12:07:15 +0200},
doi = {10.1109/COMPSAC.2019.00023},
@ -314,7 +313,7 @@ series = {FSE 2016}
@inproceedings{OSSPolice17ccs,
address = {New York, NY, USA},
author = {Duan, Ruian and Bijlani, Ashish and Xu, Meng and Kim, Taesoo and Lee, Wenke},
booktitle = {Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
booktitle = {Proc. of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
date-added = {2021-10-11 10:31:00 +0200},
date-modified = {2021-10-11 10:31:16 +0200},
doi = {10.1145/3133956.3134048},
@ -333,7 +332,7 @@ series = {FSE 2016}
@inproceedings{pmls20wisec,
address = {New York, NY, USA},
author = {Zhang, Zicheng and Diao, Wenrui and Hu, Chengyu and Guo, Shanqing and Zuo, Chaoshun and Li, Li},
booktitle = {Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)},
booktitle = {Proc. of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)},
date-added = {2021-10-11 10:27:08 +0200},
date-modified = {2021-10-11 10:27:30 +0200},
doi = {10.1145/3395351.3399346},
@ -352,7 +351,7 @@ series = {FSE 2016}
@inproceedings{saturn2019spro,
address = {New York, NY, USA},
author = {Garba, Peter and Favaro, Matteo},
booktitle = {Proceedings of the ACM Workshop on Software Protection (SPRO)},
booktitle = {Proc. of the ACM Workshop on Software Protection (SPRO)},
date-added = {2021-10-10 15:27:33 +0200},
date-modified = {2021-10-10 15:27:47 +0200},
doi = {10.1145/3338503.3357721},
@ -371,7 +370,7 @@ series = {FSE 2016}
@inproceedings{bintuner21pldi,
address = {New York, NY, USA},
author = {Ren, Xiaolei and Ho, Michael and Ming, Jiang and Lei, Yu and Li, Li},
booktitle = {Proceedings of the ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI)},
booktitle = {Proc. of the ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI)},
date-added = {2021-10-10 15:07:09 +0200},
date-modified = {2021-10-10 15:07:22 +0200},
doi = {10.1145/3453483.3454035},
@ -391,7 +390,7 @@ series = {FSE 2016}
address = {New York, NY, USA},
articleno = {36},
author = {Altinay, Anil and Nash, Joseph and Kroes, Taddeus and Rajasekaran, Prabhu and Zhou, Dixin and Dabrowski, Adrian and Gens, David and Na, Yeoul and Volckaert, Stijn and Giuffrida, Cristiano and Bos, Herbert and Franz, Michael},
booktitle = {Proceedings of the European Conference on Computer Systems (EuroSys)},
booktitle = {Proc. of the European Conference on Computer Systems (EuroSys)},
date-added = {2021-10-10 14:36:38 +0200},
date-modified = {2021-10-10 14:36:48 +0200},
doi = {10.1145/3342195.3387550},
@ -416,7 +415,7 @@ series = {FSE 2016}
@inproceedings{libscout16ccs,
address = {New York, NY, USA},
author = {Backes, Michael and Bugiel, Sven and Derr, Erik},
booktitle = {Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
booktitle = {Proc. of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
date-added = {2021-10-10 12:15:23 +0200},
date-modified = {2021-10-10 12:15:34 +0200},
doi = {10.1145/2976749.2978333},
@ -435,7 +434,7 @@ series = {FSE 2016}
@inproceedings{centroid14icse,
address = {New York, NY, USA},
author = {Chen, Kai and Liu, Peng and Zhang, Yingjun},
booktitle = {Proceedings of the International Conference on Software Engineering (ICSE)},
booktitle = {Proc. of the International Conference on Software Engineering (ICSE)},
date-added = {2021-10-10 12:12:20 +0200},
date-modified = {2021-10-10 12:12:56 +0200},
doi = {10.1145/2568225.2568286},
@ -455,7 +454,7 @@ series = {FSE 2016}
abstract = {Recently smartphones and mobile devices have gained incredible popularity for their vibrant feature-rich applications (or apps). Because it is easy to repackage Android apps, software plagiarism has become a serious problem. In this paper, we present an accurate and robust system DroidSim to detect code reuse. DroidSim calculates similarity score only with component-based control flow graph (CB-CFG). CB-CFG is a graph of which nodes are Android APIs and edges represent control flow precedence order in each Android component. Our system can be applied to detect repackaged apps and malware variants. We evaluate DroidSim on 121 apps and 706 malware variants. The results show that our system has no false negative and a false positive of 0.83{\%} for repackaged apps, and a detection ratio of 96.60{\%} for malware variants. Besides, ADAM is used to obfuscate apps and the result reveals that ADAM has no influence on our system.},
address = {Berlin, Heidelberg},
author = {Sun, Xin and Zhongyang, Yibing and Xin, Zhi and Mao, Bing and Xie, Li},
booktitle = {Proceedings of the IFIP International Conference on Systems Security and Privacy Protection (IFIP SEC)},
booktitle = {Proc. of the IFIP International Conference on Systems Security and Privacy Protection (IFIP SEC)},
date-added = {2021-10-10 12:07:56 +0200},
date-modified = {2021-10-10 12:11:00 +0200},
editor = {Cuppens-Boulahia, Nora and Cuppens, Fr{\'e}d{\'e}ric and Jajodia, Sushil and Abou El Kalam, Anas and Sans, Thierry},
@ -467,7 +466,7 @@ series = {FSE 2016}
@inproceedings{elsim12hicss,
author = {Desnos, Anthony},
booktitle = {Proceedings of the Hawaii International Conference on System Sciences (HICSS)},
booktitle = {Proc. of the Hawaii International Conference on System Sciences (HICSS)},
date-added = {2021-10-10 12:04:36 +0200},
date-modified = {2021-10-10 12:05:48 +0200},
doi = {10.1109/HICSS.2012.114},
@ -478,7 +477,7 @@ series = {FSE 2016}
@inproceedings{andradar:dimva14,
author = {Lindorfer, Martina and Volanis, Stamatis and Sisto, Alessandro and Neugschwandtner, Matthias and Athanasopoulos, Elias and Maggi, Federico and Platzer, Christian and Zanero, Stefano and Ioannidis, Sotiris},
booktitle = {Proceedings of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
booktitle = {Proc. of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
date-added = {2021-10-10 12:04:06 +0200},
date-modified = {2021-10-10 12:04:06 +0200},
title = {{AndRadar: Fast Discovery of Android Applications in Alternative Markets}},
@ -486,7 +485,7 @@ series = {FSE 2016}
@inproceedings{libraries20ase,
author = {Zhan, Xian and Fan, Lingling and Liu, Tianming and Chen, Sen and Li, Li and Wang, Haoyu and Xu, Yifei and Luo, Xiapu and Liu, Yang},
booktitle = {Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (ASE)},
booktitle = {Proc. of the IEEE/ACM International Conference on Automated Software Engineering (ASE)},
date-added = {2021-10-10 11:56:03 +0200},
date-modified = {2021-10-10 11:56:16 +0200},
pages = {919-930},
@ -496,7 +495,7 @@ series = {FSE 2016}
@inproceedings{codematch17fse,
address = {New York, NY, USA},
author = {Glanz, Leonid and Amann, Sven and Eichberg, Michael and Reif, Michael and Hermann, Ben and Lerch, Johannes and Mezini, Mira},
booktitle = {Proceedings of the Joint Meeting on Foundations of Software Engineering (ESEC/FSE)},
booktitle = {Proc. of the Joint Meeting on Foundations of Software Engineering (ESEC/FSE)},
date-added = {2021-10-10 11:43:39 +0200},
date-modified = {2021-10-10 12:31:42 +0200},
doi = {10.1145/3106237.3106305},
@ -546,6 +545,13 @@ series = {FSE 2016}
title = {Android Gradle plugin release notes: 3.4.0 (April 2019)},
year = {2021}}
@misc{google:gradle,
author = {Google},
howpublished = {\url{https://developer.android.com/studio/build}},
title = {Configure your build},
year = {2021}}
@misc{google:android2.3,
author = {Google},
date-added = {2021-10-08 16:44:35 +0200},
@ -557,7 +563,7 @@ series = {FSE 2016}
@inproceedings{citizendeveloper18sp,
author = {Oltrogge, Marten and Derr, Erik and Stransky, Christian and Acar, Yasemin and Fahl, Sascha and Rossow, Christian and Pellegrino, Giancarlo and Bugiel, Sven and Backes, Michael},
booktitle = {Proceedings of the IEEE Symposium on Security and Privacy (S\&P)},
booktitle = {Proc. of the IEEE Symposium on Security and Privacy (S\&P)},
date-added = {2021-10-08 15:43:16 +0200},
date-modified = {2021-10-08 15:43:38 +0200},
doi = {10.1109/SP.2018.00005},
@ -640,7 +646,7 @@ series = {FSE 2016}
@inproceedings{angr16sp,
author = {Shoshitaishvili, Yan and Wang, Ruoyu and Salls, Christopher and Stephens, Nick and Polino, Mario and Dutcher, Andrew and Grosen, John and Feng, Siji and Hauser, Christophe and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the IEEE Symposium on Security and Privacy (S\&P)},
booktitle = {Proc. of the IEEE Symposium on Security and Privacy (S\&P)},
date-added = {2021-10-08 14:17:52 +0200},
date-modified = {2021-10-08 14:18:13 +0200},
doi = {10.1109/SP.2016.17},
@ -653,7 +659,7 @@ series = {FSE 2016}
abstract = {BAP is a publicly available infrastructure for performing program verification and analysis tasks on binary (i.e., executable) code. In this paper, we describe BAP as well as lessons learned from previous incarnations of binary analysis platforms. BAP explicitly represents all side effects of instructions in an intermediate language (IL), making syntaxdirected analysis possible. We have used BAP to routinely generate and solve verification conditions that are hundreds of megabytes in size and encompass 100,000's of assembly instructions.},
address = {Berlin, Heidelberg},
author = {Brumley, David and Jager, Ivan and Avgerinos, Thanassis and Schwartz, Edward J.},
booktitle = {Proceedings of the International Conference on Computer Aided Verification (CAV)},
booktitle = {Proc. of the International Conference on Computer Aided Verification (CAV)},
date-added = {2021-10-08 14:17:01 +0200},
date-modified = {2021-10-08 14:17:26 +0200},
isbn = {978-3-642-22110-1},
@ -663,7 +669,7 @@ series = {FSE 2016}
@inproceedings{nucleus:17sp,
author = {Andriesse, Dennis and Slowinska, Asia and Bos, Herbert},
booktitle = {Proceedings of the IEEE European Symposium on Security and Privacy (EuroS\&P)},
booktitle = {Proc. of the IEEE European Symposium on Security and Privacy (EuroS\&P)},
date-added = {2021-10-08 14:10:23 +0200},
date-modified = {2021-10-08 14:10:36 +0200},
doi = {10.1109/EuroSP.2017.11},
@ -697,7 +703,6 @@ series = {FSE 2016}
date-modified = {2021-10-08 13:45:30 +0200},
doi = {10.1145/3308558.3313427},
isbn = {978-1-4503-6674-8},
language = {en},
pages = {3165--3171},
publisher = {{ACM Press}},
title = {A {{Multi}}-Modal {{Neural Embeddings Approach}} for {{Detecting Mobile Counterfeit Apps}}},
@ -712,14 +717,6 @@ series = {FSE 2016}
title = {{Sign your app}},
year = {2021}}
@inproceedings{panoptispy18pets,
author = {{Authors blinded for review}},
booktitle = {Blinded for review},
date-added = {2021-10-08 13:26:00 +0200},
date-modified = {2021-10-08 13:28:49 +0200},
title = {{Title blinded for review}},
year = {2018}}
@misc{redex,
author = {Facebook},
date-added = {2021-10-08 12:33:40 +0200},
@ -745,6 +742,19 @@ series = {FSE 2016}
title = {Android Application Diffing: CVE-2019-10875 Inspection},
year = {2019}}
@article{lineage,
author = {Irfan Ul Haq and Sergio Chica and Juan Caballero and Somesh Jha},
title = {{Malware Lineage in the Wild}},
journal = {Computers \& Security},
publisher = {Elsevier},
volume = {78},
year = {2018},
pages = {347--363},
issn = {0167-4048},
doi = {10.1016/j.cose.2018.07.012},
jcr = {2.862},
}
@misc{quarkslab:diffing,
author = {Tom Czayka and Romain Thomas},
date-added = {2021-10-08 12:29:26 +0200},
@ -785,7 +795,7 @@ series = {FSE 2016}
abstract = {A wide adoption of obfuscation techniques by Android application developers, and especially malware authors, introduces a high degree of complication into the process of reverse engineering, analysis, and security evaluation of third-party and potentially harmful apps.In this paper we present the early results of our research aiming to provide reliable means for automated deobfuscation of Android apps. According to the underlying approach, deobfuscation of a given app is performed by matching its code parts to the unobfuscated code stored in a database. For this purpose we apply well-known software similarity algorithms, such as SimHash and n-gram based ones. As a source of unobfuscated code can serve open source apps and libraries, as well as previously analyzed and manually deobfuscated code.Although the presented techniques are generic in their nature, our current prototype mainly targets Proguard, as one of the most widely used protection tools for Android performing primarily renaming obfuscation. The evaluation of the presented Anti-ProGuard tool witnesses its effectiveness for the considered task and supports the feasibility of the proposed approach.},
address = {New York, NY, USA},
author = {Baumann, Richard and Protsenko, Mykolai and M\"{u}ller, Tilo},
booktitle = {Proceedings of the Workshop on Security in Highly Connected IT Systems (SHCIS)},
booktitle = {Proc. of the Workshop on Security in Highly Connected IT Systems (SHCIS)},
date-added = {2021-10-08 12:17:33 +0200},
date-modified = {2021-10-08 12:17:49 +0200},
doi = {10.1145/3099012.3099020},
@ -805,7 +815,7 @@ series = {FSE 2016}
abstract = {With the increasing popularity of embedded devices, ARM is becoming the dominant architecture for them. In the meanwhile, there is a pressing need to perform security assessments for these devices. Due to different types of peripherals, it is challenging to dynamically run the firmware of these devices in an emulated environment. Therefore, the static analysis is still commonly used. Existing work usually leverages off-the-shelf tools to disassemble stripped ARM binaries and (implicitly) assume that reliable disassembling binaries and function recognition are solved problems. However, whether this assumption really holds is unknown. In this paper, we conduct the first comprehensive study on ARM disassembly tools. Specifically, we build 1,896 ARM binaries (including 248 obfuscated ones) with different compilers, compiling options, and obfuscation methods. We then evaluate them using eight state-of-the-art ARM disassembly tools (including both commercial and noncommercial ones) on their capabilities to locate instructions and function boundaries. These two are fundamental ones, which are leveraged to build other primitives. Our work reveals some observations that have not been systematically summarized and/or confirmed. For instance, we find that the existence of both ARM and Thumb instruction sets, and the reuse of the BL instruction for both function calls and branches bring serious challenges to disassembly tools. Our evaluation sheds light on the limitations of state-of-the-art disassembly tools and points out potential directions for improvement. To engage the community, we release the data set, and the related scripts at https://github.com/valour01/arm_disasssembler_study.},
address = {New York, NY, USA},
author = {Jiang, Muhui and Zhou, Yajin and Luo, Xiapu and Wang, Ruoyu and Liu, Yang and Ren, Kui},
booktitle = {Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)},
booktitle = {Proc. of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)},
date-added = {2021-10-08 12:09:48 +0200},
date-modified = {2021-10-08 12:10:02 +0200},
doi = {10.1145/3395363.3397377},
@ -836,7 +846,7 @@ series = {FSE 2016}
@inproceedings{bscout20usenix,
author = {Jiarun Dai and Yuan Zhang and Zheyue Jiang and Yingtian Zhou and Junyan Chen and Xinyu Xing and Xiaohan Zhang and Xin Tan and Min Yang and Zhemin Yang},
booktitle = {Proceedings of the USENIX Security Symposium},
booktitle = {Proc. of the USENIX Security Symposium},
date-added = {2021-10-08 11:46:24 +0200},
date-modified = {2021-10-08 11:46:39 +0200},
isbn = {978-1-939133-17-5},
@ -851,7 +861,7 @@ series = {FSE 2016}
@inproceedings{kotlindetector21mobilesoft,
address = {Los Alamitos, CA, USA},
author = {Fadi Mohsen and Loran Oosterhaven and Fatih Turkmen},
booktitle = {Proceedings of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MobileSoft)},
booktitle = {Proc. of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MobileSoft)},
date-added = {2021-10-08 11:44:23 +0200},
date-modified = {2021-10-08 11:45:02 +0200},
doi = {10.1109/MobileSoft52590.2021.00018},
@ -866,7 +876,7 @@ series = {FSE 2016}
@inproceedings{decompilers21saner,
author = {Mauthe, Noah and Karg{\'e}n, Ulf and Shahmehri, Nahid},
booktitle = {Proceedings of the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)},
booktitle = {Proc. of the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)},
date-added = {2021-10-08 11:42:38 +0200},
date-modified = {2021-10-08 11:42:48 +0200},
doi = {10.1109/SANER50967.2021.00044},
@ -888,7 +898,7 @@ series = {FSE 2016}
@inproceedings{droidpro18trustcom,
author = {Bao, Judong and He, Yongqiang and Wen, Weiping},
booktitle = {Proceedings of the IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom)},
booktitle = {Proc. of the IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom)},
date-added = {2021-10-08 11:24:02 +0200},
date-modified = {2021-10-08 11:24:30 +0200},
doi = {10.1109/TrustCom/BigDataSE.2018.00093},
@ -899,7 +909,7 @@ series = {FSE 2016}
@inproceedings{obfdetection17mobilesoft,
author = {Wang, Yan and Rountev, Atanas},
booktitle = {Proceedings of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)},
booktitle = {Proc. of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)},
date-added = {2021-10-08 11:21:57 +0200},
date-modified = {2021-10-08 11:22:16 +0200},
doi = {10.1109/MOBILESoft.2017.18},
@ -910,7 +920,7 @@ series = {FSE 2016}
@inproceedings{oblive19saner,
author = {Pizzolotto, Davide and Fellin, Roberto and Ceccato, Mariano},
booktitle = {Proceedings of the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)},
booktitle = {Proc. of the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)},
date-added = {2021-10-08 11:20:52 +0200},
date-modified = {2021-10-08 11:21:03 +0200},
doi = {10.1109/SANER.2019.8667982},
@ -921,7 +931,7 @@ series = {FSE 2016}
@inproceedings{kotlinvsjava21,
author = {Hecht, Geoffrey and Bergel, Alexandre},
booktitle = {Proceedings of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MobileSoft)},
booktitle = {Proc. of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MobileSoft)},
date-added = {2021-10-08 11:18:29 +0200},
date-modified = {2021-10-08 11:19:40 +0200},
doi = {10.1109/MobileSoft52590.2021.00019},
@ -933,7 +943,7 @@ series = {FSE 2016}
@inproceedings{libid19issta,
address = {New York, NY, USA},
author = {Zhang, Jiexin and Beresford, Alastair R. and Kollmann, Stephan A.},
booktitle = {Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)},
booktitle = {Proc. of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)},
date-added = {2021-10-08 11:16:25 +0200},
date-modified = {2021-10-08 11:16:39 +0200},
doi = {10.1145/3293882.3330563},
@ -951,7 +961,7 @@ series = {FSE 2016}
@inproceedings{orlis18libs,
author = {Wang, Yan and Wu, Haowei and Zhang, Hailong and Rountev, Atanas},
booktitle = {Proceedings of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)},
booktitle = {Proc. of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)},
date-added = {2021-10-08 11:15:54 +0200},
date-modified = {2021-10-08 11:16:06 +0200},
pages = {13-23},
@ -960,7 +970,7 @@ series = {FSE 2016}
@inproceedings{zungurappjitsu,
author = {Zungur, Onur and Bianchi, Antonio and Stringhini, Gianluca and Egele, Manuel},
booktitle = {Proceedings of the IEEE European Symposium on Security and Privacy (EuroS\&P)},
booktitle = {Proc. of the IEEE European Symposium on Security and Privacy (EuroS\&P)},
date-added = {2021-10-08 11:12:44 +0200},
date-modified = {2021-10-08 11:13:08 +0200},
title = {APPJITSU: Investigating the Resiliency of Android Applications},
@ -968,7 +978,7 @@ series = {FSE 2016}
@inproceedings{haupert2018honey,
author = {Haupert, Vincent and Maier, Dominik and Schneider, Nicolas and Kirsch, Julian and M{\"u}ller, Tilo},
booktitle = {Proceedings of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment},
booktitle = {Proc. of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment},
date-added = {2021-10-08 11:09:58 +0200},
date-modified = {2021-10-08 11:10:43 +0200},
organization = {Springer},
@ -1001,7 +1011,7 @@ series = {FSE 2016}
@inproceedings{deguard16ccs,
address = {New York, NY, USA},
author = {Bichsel, Benjamin and Raychev, Veselin and Tsankov, Petar and Vechev, Martin},
booktitle = {Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
booktitle = {Proc. of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
date-added = {2021-10-08 11:03:26 +0200},
date-modified = {2021-10-08 11:03:38 +0200},
doi = {10.1145/2976749.2978422},
@ -1019,7 +1029,7 @@ series = {FSE 2016}
@inproceedings{Obfuscator-LLVM19icse,
author = {Kan, Zeliang and Wang, Haoyu and Wu, Lei and Guo, Yao and Xu, Guoai},
booktitle = {Companion Proceedings of the IEEE/ACM International Conference on Software Engineering (ICSE-Companion)},
booktitle = {Companion Proc. of the IEEE/ACM International Conference on Software Engineering (ICSE-Companion)},
date-added = {2021-10-08 11:00:09 +0200},
date-modified = {2021-10-08 11:00:44 +0200},
doi = {10.1109/ICSE-Companion.2019.00135},
@ -1028,7 +1038,7 @@ series = {FSE 2016}
year = {2019},
bdsk-url-1 = {https://doi.org/10.1109/ICSE-Companion.2019.00135}}
@article{AONZO2020100403,
@article{obfuscapk2020aonzo,
author = {Simone Aonzo and Gabriel Claudiu Georgiu and Luca Verderame and Alessio Merlo},
date-added = {2021-10-08 10:58:31 +0200},
date-modified = {2021-10-08 10:58:31 +0200},
@ -1037,8 +1047,8 @@ series = {FSE 2016}
journal = {SoftwareX},
keywords = {Android, Obfuscation, Program analysis},
pages = {100403},
title = {Obfuscapk: An open-source black-box obfuscation tool for Android apps},
url = {https://www.sciencedirect.com/science/article/pii/S2352711019302791},
title = {Obfuscapk: An Open-source Black-box Obfuscation tool for Android Apps},
Note = {Source code: \url{https://github.com/ClaudiuGeorgiu/Obfuscapk}},
volume = {11},
year = {2020},
bdsk-url-1 = {https://www.sciencedirect.com/science/article/pii/S2352711019302791},
@ -1047,7 +1057,7 @@ series = {FSE 2016}
@inproceedings{obf18acsac,
address = {New York, NY, USA},
author = {Wermke, Dominik and Huaman, Nicolas and Acar, Yasemin and Reaves, Bradley and Traynor, Patrick and Fahl, Sascha},
booktitle = {Proceedings of the Annual Computer Security Applications Conference (ACSAC)},
booktitle = {Proc. of the Annual Computer Security Applications Conference (ACSAC)},
date-added = {2021-10-08 10:57:32 +0200},
date-modified = {2021-10-08 10:57:42 +0200},
doi = {10.1145/3274694.3274726},
@ -1066,7 +1076,7 @@ series = {FSE 2016}
@inproceedings{obf18securecomm,
address = {Cham},
author = {Dong, Shuaike and Li, Menghao and Diao, Wenrui and Liu, Xiangyu and Liu, Jian and Li, Zhou and Xu, Fenghao and Chen, Kai and Wang, XiaoFeng and Zhang, Kehuan},
booktitle = {Proceedings of the International Conference on Security and Privacy in Communication Systems (SecureComm)},
booktitle = {Proc. of the International Conference on Security and Privacy in Communication Systems (SecureComm)},
date-added = {2021-10-08 10:55:53 +0200},
date-modified = {2021-10-08 10:56:23 +0200},
editor = {Beyah, Raheem and Chang, Bing and Li, Yingjiu and Zhu, Sencun},
@ -1078,7 +1088,7 @@ series = {FSE 2016}
@inproceedings{droidunpack18ndss,
author = {Duan, Yue and Zhang, Mu and Bhaskar, Abhishek and Yin, Heng and Pan, Xiaorui and Li, Tongxin and Wang, Xueqiang and Wang, Xiaofeng},
booktitle = {Proceedings of the Network and Distributed System Security Symposium (NDSS)},
booktitle = {Proc. of the Network and Distributed System Security Symposium (NDSS)},
date-added = {2021-10-08 10:50:30 +0200},
date-modified = {2021-10-08 10:50:56 +0200},
doi = {10.14722/ndss.2018.23303},
@ -1099,7 +1109,7 @@ editor="Giuffrida, Cristiano
and Bardin, S{\'e}bastien
and Blanc, Gregory",
title="BinARM: Scalable and Efficient Detection of Vulnerabilities in Firmware Images of Intelligent Electronic Devices",
booktitle = {Proceedings of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
booktitle = {Proc. of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
year="2018",
publisher="Springer International Publishing",
address="Cham",
@ -1109,18 +1119,18 @@ isbn="978-3-319-93411-2"
@INPROCEEDINGS{multimh15sp,
author={Pewny, Jannik and Garmany, Behrad and Gawlik, Robert and Rossow, Christian and Holz, Thorsten},
booktitle={Proceedings of the IEEE Symposium on Security and Privacy (S\&P)},
booktitle={Proc. of the IEEE Symposium on Security and Privacy (S\&P)},
title={Cross-Architecture Bug Search in Binary Executables},
year={2015},
volume={},
number={},
pages={709-724},
doi={10.1109/SP.2015.49}}
doi={10.1109/SP.2015.49}}
@inproceedings{appspear15raid,
address = {Cham},
author = {Yang, Wenbo and Zhang, Yuanyuan and Li, Juanru and Shu, Junliang and Li, Bodong and Hu, Wenjun and Gu, Dawu},
booktitle = {Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID)},
booktitle = {Proc. of the International Symposium on Recent Advances in Intrusion Detection (RAID)},
date-added = {2021-10-08 10:49:25 +0200},
date-modified = {2021-10-08 10:49:55 +0200},
editor = {Bos, Herbert and Monrose, Fabian and Blanc, Gregory},
@ -1139,7 +1149,7 @@ publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3238147.3238199},
doi = {10.1145/3238147.3238199},
booktitle = {Proceedings of the ACM/IEEE International Conference on Automated Software Engineering (ASE)},
booktitle = {Proc. of the ACM/IEEE International Conference on Automated Software Engineering (ASE)},
pages = {667678},
numpages = {12},
keywords = {Code Similarity Detection, DNN},
@ -1151,13 +1161,25 @@ series = {ASE 2018}
@inproceedings{binxray20issta,
author = {Xu, Yifei and Xu, Zhengzi and Chen, Bihuan and Song, Fu and Liu, Yang and Liu, Ting},
title = {Patch Based Vulnerability Matching for Binary Programs},
year = {2020}, isbn = {9781450380089}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3395363.3397361}, doi = {10.1145/3395363.3397361}, booktitle = {Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)}, pages = {376387}, numpages = {12}, keywords = {Vulnerability Matching, Security, Binary Analysis, Patch Presence Identification}, location = {Virtual Event, USA}, series = {ISSTA 2020},
Note = {Source code:} }
year = {2020},
isbn = {9781450380089},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3395363.3397361},
doi = {10.1145/3395363.3397361},
booktitle = {Proc. of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)},
pages = {376387},
numpages = {12},
keywords = {Vulnerability Matching, Security, Binary Analysis, Patch Presence Identification},
location = {Virtual Event, USA},
series = {ISSTA 2020},
Note = {Source code:}
}
@inproceedings{dexhunter15esorics,
address = {Cham},
author = {Zhang, Yueqian and Luo, Xiapu and Yin, Haoyang},
booktitle = {Proceedings of the European Symposium on Research in Computer Security (ESORICS)},
booktitle = {Proc. of the European Symposium on Research in Computer Security (ESORICS)},
date-added = {2021-10-08 10:48:21 +0200},
date-modified = {2021-10-08 10:48:49 +0200},
editor = {Pernul, G{\"u}nther and Y A Ryan, Peter and Weippl, Edgar},
@ -1176,7 +1198,7 @@ Note = {Source code:} }
Ricardo Bianchini and
Vivek Sarkar},
title = {FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware},
booktitle = {Proceedings of the International Conference on Architectural
booktitle = {Proc. of the International Conference on Architectural
Support for Programming Languages and Operating Systems (ASPLOS)},
pages = {392--404},
publisher = {{ACM}},
@ -1197,9 +1219,12 @@ Note = {Source code:} }
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3238147.3240480},
doi = {10.1145/3238147.3240480},
booktitle = {Proceedings of the ACM/IEEE International Conference on Automated Software Engineering (ASE)},
booktitle = {Proc. of the ACM/IEEE International Conference on Automated Software Engineering (ASE)},
pages = {896899},
numpages = {4}, keywords = {semantic learning, vulnerability search, cross-platform binary}, location = {Montpellier, France}, series = {ASE 2018},
numpages = {4},
keywords = {semantic learning, vulnerability search, cross-platform binary},
location = {Montpellier, France},
series = {ASE 2018},
Note = {Source code: \url{https://github.com/buptsseGJ/VulSeeker}}}
@incproceedings{rlz19bar,
@ -1208,14 +1233,14 @@ Note = {Source code:} }
Qiang Zeng},
title = {A Cross-Architecture Instruction Embedding Model for Natural LanguageProcessing-Inspired Binary Code Analysis},
year = {2019},
booktitle = {Proceedings of the Workshop on Binary Analysis Research (BAR)},
booktitle = {Proc. of the Workshop on Binary Analysis Research (BAR)},
Note = {Source code: \url{https://github.com/nlp-code-analysis/cross-arch-instr-model}}
}
@inproceedings{safe2019massarelli,
author = {Massarelli, Luca and Di Luna, Giuseppe Antonio and Petroni, Fabio and Querzoni, Leonardo and Baldoni, Roberto},
booktitle = {Proceedings of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
booktitle = {Proc. of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
date-modified = {2021-10-08 13:06:14 +0200},
Note = {Source code: \url{https://github.com/gadiluna/SAFE}},
title = {SAFE: Self-Attentive Function Embeddings for Binary Similarity},
@ -1224,7 +1249,7 @@ Note = {Source code:} }
@inproceedings{zuo2019neural,
title={Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs},
author={Zuo, Fei and Li, Xiaopeng and Young, Patrick and Luo,Lannan and Zeng,Qiang and Zhang, Zhexin},
booktitle={Proceedings of the Annual Network and Distributed Systems Security Symposium (NDSS)},
booktitle={Proc. of the Annual Network and Distributed Systems Security Symposium (NDSS)},
Note = {Artifacts: \url{https://nmt4binaries.github.io}},
year={2019} }
@ -1232,12 +1257,11 @@ year={2019} }
address = {{Barcelona Spain}},
annotation = {ZSCC: 0000047},
author = {David, Yaniv and Partush, Nimrod and Yahav, Eran},
booktitle = {Proceedings of the {{ACM SIGPLAN Conference}} on {{Programming Language Design}} and {{Implementation}} (PLDI)},
booktitle = {Proc. of the {{ACM SIGPLAN Conference}} on {{Programming Language Design}} and {{Implementation}} (PLDI)},
date-modified = {2021-10-11 11:13:44 +0200},
doi = {10.1145/3062341.3062387},
isbn = {978-1-4503-4988-8},
keywords = {status.citekeyOK},
language = {en},
month = jun,
pages = {79--94},
publisher = {{ACM}},
@ -1271,6 +1295,16 @@ year={2019} }
month = aug
}
@misc{apkid,
author = {{RedNaga Security}},
title = {Detecting Pirated and Malicious Android Apps with APKiD},
howpublished = {\url{https://rednaga.io/2016/07/31/detecting_pirated_and_malicious_android_apps_with_apkid/}},
year = {2016},
Note = {Source code: \url{https://github.com/rednaga/APKiD}},
month = jul
}
@misc{functionsimsearh,
author = {Thomas Dullien},
title = {Searching statically-linked vulnerable library functions in executable code},
@ -1283,7 +1317,7 @@ year={2019} }
abstract = {App updates and repackaging are recurrent in the Android ecosystem, filling markets with similar apps that must be identified and analysed to accelerate user adoption, improve development efforts, and prevent malware spreading. Despite the existence of several approaches to improve the scalability of detecting repackaged/cloned apps, researchers and practitioners are eventually faced with the need for a comprehensive pairwise comparison to understand and validate the similarities among apps. This paper describes the design of SimiDroid, a framework for multi-level comparison of Android apps. SimiDroid is built with the aim to support the understanding of similarities/changes among app versions and among repackaged apps. In particular, we demonstrate the need and usefulness of such a framework based on different case studies implementing different analysing scenarios for revealing various insights on how repackaged apps are built. We further show that the similarity comparison plugins implemented in SimiDroid yield more accurate results than the state-of-the-art.},
annotation = {ZSCC: 0000028},
author = {Li, Li and Bissyand{\'e}, Tegawend{\'e} F. and Klein, Jacques},
booktitle = {Proceedings of the IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom)},
booktitle = {Proc. of the IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom)},
date-modified = {2021-10-08 13:08:27 +0200},
doi = {10.1109/Trustcom/BigDataSE/ICESS.2017.230},
file = {/home/jakob/.zotero/storage/storage/RWL4KNSN/Li et al_2017_SimiDroid.pdf;/home/jakob/.zotero/storage/storage/ZCSNP9YX/8029433.html},
@ -1300,11 +1334,10 @@ year={2019} }
@inproceedings{astli2019feichtner,
address = {{Canterbury, CA, United Kingdom}},
author = {Feichtner, Johannes and Rabensteiner, Christof},
booktitle = {Proceedings of the {{International Conference}} on {{Availability}}, {{Reliability}} and {{Security}} (ARES)},
booktitle = {Proc. of the {{International Conference}} on {{Availability}}, {{Reliability}} and {{Security}} (ARES)},
date-modified = {2021-10-10 11:48:34 +0200},
doi = {10.1145/3339252.3339260},
isbn = {978-1-4503-7164-3},
language = {en},
pages = {1--10},
publisher = {{ACM Press}},
title = {{{Obfuscation}}-{{Resilient Code Recognition}} in {{Android Apps}}},
@ -1316,7 +1349,7 @@ year={2019} }
abstract = {Different Java compilers and compiler versions, e.g., javac or ecj, produce different bytecode from the same source code. This makes it hard to trace if the bytecode of an open-source library really matches the provided source code. Moreover, it prevents one from detecting which open-source libraries have been re-compiled and rebundled into a single jar, which is a common way to distribute an application. Such rebundling is problematic because it prevents one to check if the jar file contains open-source libraries with known vulnerabilities. To cope with these problems, we propose the tool SootDiff that uses Soot's intermediate representation Jimple, in combination with code clone detection techniques, to reduce dissimilarities introduced by different compilers, and to identify clones. Our results show that SootDiff successfully identifies clones in 102 of 144 cases, whereas bytecode comparison succeeds in 58 cases only.},
address = {New York, NY, USA},
author = {Dann, Andreas and Hermann, Ben and Bodden, Eric},
booktitle = {Proceedings of the ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP)},
booktitle = {Proc. of the ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP)},
date-modified = {2021-10-10 11:50:47 +0200},
doi = {10.1145/3315568.3329966},
isbn = {9781450367202},
@ -1337,7 +1370,7 @@ year={2019} }
author = {Zhauniarovich, Yury and Gadyatskaya, Olga and Crispo, Bruno},
date-modified = {2021-10-08 13:12:32 +0200},
file = {/home/jakob/.zotero/storage/storage/2KB82F7V/Zhauniarovich et al. - FSquaDRA Fast Detection of Repackaged Application.pdf},
journal = {Proceedings of the IFIP Annual Conference on Data and Applications Security and Privacy (DBSec)},
journal = {Proc. of the IFIP Annual Conference on Data and Applications Security and Privacy (DBSec)},
keywords = {hasCode},
pages = {16},
title = {{{FSquaDRA}}: {{Fast Detection}} of {{Repackaged Applications}}},
@ -1358,6 +1391,9 @@ year={2019} }
volume = {15},
year = {2020},
bdsk-url-1 = {https://doi.org/10.1109/TIFS.2019.2932228}}
@article{rebooting2018li,
abstract = {Repackaging is a serious threat to the Android ecosystem as it deprives app developers of their benefits, contributes to spreading malware on users' devices, and increases the workload of market maintainers. In the space of six years, the research around this specific issue has produced 57 approaches which do not readily scale to millions of apps or are only evaluated on private datasets without, in general, tool support available to the community. Through a systematic literature review of the subject, we argue that the research is slowing down, where many state-of-the-art approaches have reported high-performance rates on closed datasets, which are unfortunately difficult to replicate and to compare against. In this work, we propose to reboot the research in repackaged app detection by providing a literature review that summarises the challenges and current solutions for detecting repackaged apps and by providing a large dataset that supports replications of existing solutions and implications of new research directions. We hope that these contributions will re-activate the direction of detecting repackaged apps and spark innovative approaches going beyond the current state-of-the-art.},
@ -1393,7 +1429,7 @@ year={2019} }
@inproceedings{optimal2021pang,
author = {Pang, Chengbin and Yu, Ruotong and Xu, Dongpeng and Koskinen, Eric and Portokalidis, Georgios and Xu, Jun},
booktitle = {Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)},
booktitle = {Proc. of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)},
date-modified = {2021-10-08 13:10:03 +0200},
title = {Towards {{Optimal Use}} of {{Exception Handling Information}} for {{Function Detection}}},
year = {2021},
@ -1405,6 +1441,7 @@ year={2019} }
date-added = {2015-07-22 15:37:08 +0000},
date-modified = {2015-07-22 15:37:08 +0000},
title = {{Android: From Reversing To Decompilation}},
note = {Source code: \url{https://github.com/androguard/androguard}},
year = {2011}}
@misc{site:androguard,
@ -1415,7 +1452,7 @@ year={2019} }
@inproceedings{Crussell:2012:DNADroid,
author = {Jonathan Crussell and Clint Gibler and Hao Chen},
booktitle = {Proceedings of the European Symposium on Research in Computer Security (ESORICS)},
booktitle = {Proc. of the European Symposium on Research in Computer Security (ESORICS)},
date-added = {2015-07-22 16:42:48 +0000},
date-modified = {2021-10-08 13:05:34 +0200},
title = {{Attack of the Clones: Detecting Cloned Applications on Android Markets}},
@ -1423,7 +1460,7 @@ year={2019} }
@inproceedings{Crussell:2013:AnDarwin,
author = {Jonathan Crussell and Clint Gibler and Hao Chen},
booktitle = {Proceedings of the European Symposium on Research in Computer Security (ESORICS)},
booktitle = {Proc. of the European Symposium on Research in Computer Security (ESORICS)},
date-added = {2015-07-22 16:42:48 +0000},
date-modified = {2021-10-08 13:05:26 +0200},
title = {{AnDarwin: Scalable Semantics-Based Detection of Similar Android Applications}},
@ -1431,7 +1468,7 @@ year={2019} }
@inproceedings{Wang:2015:WuKong,
author = {Wang, Haoyu and Guo, Yao and Ma, Ziang and Chen, Xiangqun},
booktitle = {Proceedings of the International Symposium on Software Testing and Analysis (ISSTA)},
booktitle = {Proc. of the International Symposium on Software Testing and Analysis (ISSTA)},
date-added = {2015-10-25 14:33:09 +0000},
date-modified = {2021-10-08 13:10:28 +0200},
title = {{WuKong: A Scalable and Accurate Two-phase Approach to Android App Clone Detection}},
@ -1441,7 +1478,7 @@ year={2019} }
@inproceedings{Zhang:2014:ViewDroid,
author = {Zhang, Fangfang and Huang, Heqing and Zhu, Sencun and Wu, Dinghao and Liu, Peng},
booktitle = {Proceedings of the ACM Conference on Security and Privacy in Wireless \& Mobile Networks (WiSec)},
booktitle = {Proc. of the ACM Conference on Security and Privacy in Wireless \& Mobile Networks (WiSec)},
date-added = {2015-10-22 21:44:04 +0000},
date-modified = {2021-10-08 14:01:34 +0200},
title = {{ViewDroid: Towards Obfuscation-Resilient Mobile Application Repackaging Detection}},
@ -1451,7 +1488,7 @@ year={2019} }
@inproceedings{piggyapp,
author = {Zhou, Wu and Zhou, Yajin and Grace, Michael and Jiang, Xuxian and Zou, Shihong},
booktitle = {Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY)},
booktitle = {Proc. of the ACM Conference on Data and Application Security and Privacy (CODASPY)},
date-added = {2015-07-22 15:37:08 +0000},
date-modified = {2021-10-08 13:11:22 +0200},
title = {{Fast, Scalable Detection of "Piggybacked" Mobile Applications}},
@ -1461,7 +1498,7 @@ year={2019} }
@inproceedings{juxtapp,
author = {Steve Hanna and Ling Huang and Edward Wu and Saung Li and Charles Chen and Dawn Song},
booktitle = {Proceedings of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
booktitle = {Proc. of the Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
date-added = {2015-07-22 15:37:08 +0000},
date-modified = {2021-10-08 13:06:06 +0200},
title = {{Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications}},
@ -1470,7 +1507,7 @@ year={2019} }
@inproceedings{droidmoss,
acmid = {2133640},
author = {Zhou, Wu and Zhou, Yajin and Jiang, Xuxian and Ning, Peng},
booktitle = {Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY)},
booktitle = {Proc. of the ACM Conference on Data and Application Security and Privacy (CODASPY)},
date-added = {2015-07-22 16:42:48 +0000},
date-modified = {2021-10-08 13:11:16 +0200},
doi = {10.1145/2133601.2133640},
@ -1484,7 +1521,7 @@ year={2019} }
@inproceedings{taintart:ccs16,
author = {Sun, Mingshen and Wei, Tao and Lui, John C.S.},
booktitle = {Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
booktitle = {Proc. of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
title = {TaintART: A Practical Multi-Level Information-Flow Tracking System for Android RunTime},
year = {2016}}
@ -1512,26 +1549,26 @@ year={2019} }
@inproceedings{tiro:18usenix,
author = {Michelle Y. Wong and David Lie},
booktitle = {Proceedings of the USENIX Security Symposium},
booktitle = {Proc. of the USENIX Security Symposium},
title = {Tackling Runtime-based obfuscation in Android with {TIRO}},
year = {2018}}
@inproceedings{graux:hal-02877815,
author = {Graux, Pierre and Lalande, Jean-Fran{\c c}ois and Wilke, Pierre and Viet Triem Tong, Val{\'e}rie},
booktitle = {Proceedings of the Workshop on Software Attacks and Defenses (SAD)},
booktitle = {Proc. of the Workshop on Software Attacks and Defenses (SAD)},
title = {{Abusing Android Runtime for Application Obfuscation}},
year = {2020}}
@inproceedings{happer:21sp,
author = {Xue, Lei and Zhou, Hao and Luo, Xiapu and Zhou, Yajin and Shi, Yang and Gu, Guofei and Zhang, Fengwei and Au, Man Ho},
booktitle = {Proceedings of the IEEE Symposium on Security and Privacy (S\&P)},
booktitle = {Proc. of the IEEE Symposium on Security and Privacy (S\&P)},
title = {Happer: Unpacking Android Apps via a Hardware-Assisted Approach},
year = {2021}}
@inproceedings{parema:21issta,
address = {New York, NY, USA},
author = {Xue, Lei and Yan, Yuxiao and Yan, Luyi and Jiang, Muhui and Luo, Xiapu and Wu, Dinghao and Zhou, Yajin},
booktitle = {Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)},
booktitle = {Proc. of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)},
doi = {10.1145/3460319.3464839},
isbn = {9781450384599},
pages = {152--164},
@ -1543,7 +1580,7 @@ year={2019} }
@inproceedings{malton:21sec,
address = {Vancouver, BC},
author = {Lei Xue and Yajin Zhou and Ting Chen and Xiapu Luo and Guofei Gu},
booktitle = {Proceedings of the USENIX Security Symposium},
booktitle = {Proc. of the USENIX Security Symposium},
isbn = {978-1-931971-40-9},
pages = {289--306},
title = {Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for {ART}},
@ -1551,7 +1588,7 @@ year={2019} }
@inproceedings{dexlego18dsn,
author = {Ning, Zhenyu and Zhang, Fengwei},
booktitle = {Proceedings of the Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)},
booktitle = {Proc. of the Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)},
doi = {10.1109/DSN.2018.00075},
pages = {690-701},
title = {DexLego: Reassembleable Bytecode Extraction for Aiding Static Analysis},
@ -1561,7 +1598,7 @@ year={2019} }
@inproceedings{CompARTist17ccs,
address = {New York, NY, USA},
author = {Huang, Jie and Schranz, Oliver and Bugiel, Sven and Backes, Michael},
booktitle = {Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
booktitle = {Proc. of the ACM SIGSAC Conference on Computer and Communications Security (CCS)},
isbn = {9781450349468},
pages = {1037--1049},
publisher = {Association for Computing Machinery},
@ -1570,7 +1607,7 @@ year={2019} }
@inproceedings{artist16ares,
author = {Dresel, Lukas and Protsenko, Mykolai and M{\"u}ller, Tilo},
booktitle = {Proceedings of the International Conference on Availability, Reliability and Security (ARES)},
booktitle = {Proc. of the International Conference on Availability, Reliability and Security (ARES)},
doi = {10.1109/ARES.2016.80},
pages = {107-116},
title = {ARTIST: The Android Runtime Instrumentation Toolkit},
@ -1579,7 +1616,7 @@ year={2019} }
@inproceedings{artist17eurosp,
author = {Backes, Michael and Bugiel, Sven and Schranz, Oliver and Von Styp-Rekowsky, Philipp and Weisgerber, Sebastian},
booktitle = {Proceedings of the IEEE European Symposium on Security and Privacy (EuroS\&P)},
booktitle = {Proc. of the IEEE European Symposium on Security and Privacy (EuroS\&P)},
doi = {10.1109/EuroSP.2017.43},
pages = {481-495},
title = {ARTist: The Android Runtime Instrumentation and Security Toolkit},
@ -1588,7 +1625,7 @@ year={2019} }
@inproceedings{libupdates19eurosp,
author = {Huang, Jie and Borges, Nataniel and Bugiel, Sven and Backes, Michael},
booktitle = {Proceedings of the IEEE European Symposium on Security and Privacy (EuroS\&P)},
booktitle = {Proc. of the IEEE European Symposium on Security and Privacy (EuroS\&P)},
doi = {10.1109/EuroSP.2019.00012},
pages = {15-30},
title = {Up-To-Crash: Evaluating Third-Party Library Updatability on Android},
@ -1597,7 +1634,7 @@ year={2019} }
@inproceedings{preinstalled20sp,
author = {Gamba, Julien and Rashed, Mohammed and Razaghpanah, Abbas and Tapiador, Juan and Vallina-Rodriguez, Narseo},
booktitle = {Proceedings of the IEEE Symposium on Security and Privacy (S\&P)},
booktitle = {Proc. of the IEEE Symposium on Security and Privacy (S\&P)},
doi = {10.1109/SP40000.2020.00013},
pages = {1039-1055},
title = {An Analysis of Pre-installed Android Software},
@ -1606,7 +1643,7 @@ year={2019} }
@inproceedings{librarian21icse,
author = {Almanee, Sumaya and {\"U}nal, Arda and Payer, Mathias and Garcia, Joshua},
booktitle = {Proceedings of the IEEE/ACM International Conference on Software Engineering (ICSE)},
booktitle = {Proc. of the IEEE/ACM International Conference on Software Engineering (ICSE)},
doi = {10.1109/ICSE43902.2021.00122},
pages = {1347-1359},
title = {Too Quiet in the Library: An Empirical Study of Security Updates in Android Apps' Native Code},
@ -1616,7 +1653,7 @@ year={2019} }
@inproceedings{beyondplay18imc,
address = {New York, NY, USA},
author = {Wang, Haoyu and Liu, Zhe and Liang, Jingyue and Vallina-Rodriguez, Narseo and Guo, Yao and Li, Li and Tapiador, Juan and Cao, Jingcun and Xu, Guoai},
booktitle = {Proceedings of the Internet Measurement Conference (IMC)},
booktitle = {Proc. of the Internet Measurement Conference (IMC)},
doi = {10.1145/3278532.3278558},
isbn = {9781450356190},
numpages = {15},
@ -1631,7 +1668,7 @@ year={2019} }
author = {Yuta Ishii and Takuya Watanabe and Fumihiro Kanei and Yuta Takata and Eitaro Shioji and Mitsuaki Akiyama and Takeshi Yagi and Bo Sun and Tatsuya Mori},
bibsource = {dblp computer science bibliography, https://dblp.org},
biburl = {https://dblp.org/rec/conf/sigsoft/IshiiWKTSAYSM17.bib},
booktitle = {Proceedings of the {ACM} {SIGSOFT} International Workshop on App Market Analytics (WAMA@ESEC/SIGSOFT FSE)},
booktitle = {Proc. of the {ACM} {SIGSOFT} International Workshop on App Market Analytics (WAMA@ESEC/SIGSOFT FSE)},
doi = {10.1145/3121264.3121267},
pages = {12--18},
publisher = {{ACM}},
@ -1650,6 +1687,15 @@ year={2019} }
urldate = {2021-06-25},
bdsk-url-1 = {https://www.zynamics.com/bindiff.html}}
@misc{diaphora,
author = {Joxean Koret},
date = {2019},
date-modified = {2021-10-11 19:55:34 +0200},
howpublished = {\url{http://diaphora.re}},
note = {Source code: \url{https://github.com/joxeankoret/diaphora}},
title = {{Diaphora}},
urldate = {2021-11-30}
}
@article{dullien2005graph,
author = {Dullien, Thomas and Rolles, Rolf},
date-modified = {2021-10-11 22:33:15 +0200},
@ -1659,3 +1705,80 @@ year={2019} }
title = {Graph-based Comparison of Executable Objects},
volume = {5},
year = {2005}}
@INPROCEEDINGS{fotaapps2021,
author={Blázquez, Eduardo and Pastrana, Sergio and Feal, Álvaro and Gamba, Julien and Kotzias, Platon and Vallina-Rodriguez, Narseo and Tapiador, Juan},
booktitle={Proc. of the IEEE Symposium on Security and Privacy (S\&P)},
title={Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem},
year={2021},
volume={},
number={},
pages={1606-1622},
doi={10.1109/SP40001.2021.00095}}
@inproceedings{firmscope2021,
author = {Mohamed Elsabagh and Ryan Johnson and Angelos Stavrou and Chaoshun Zuo and Qingchuan Zhao and Zhiqiang Lin},
title = {{FIRMSCOPE}: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Pre-Installed Apps in Android Firmware},
booktitle = {Proc. of the {USENIX} Security Symposium},
year = {2020},
isbn = {978-1-939133-17-5},
pages = {2379--2396},
url = {https://www.usenix.org/conference/usenixsecurity20/presentation/elsabagh},
publisher = {{USENIX} Association},
month = aug,
}
@conference{stone:preinstalledbh,
author = {Maddie Stone},
booktitle = {Black Hat USA},
title = {{Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps}},
year = {2019}}
@inproceedings{DBLP:conf/esorics/ZhangAYD16,
author = {Xiao Zhang and
Yousra Aafer and
Kailiang Ying and
Wenliang Du},
title = {Hey, You, Get Off of My Image: Detecting Data Residue in Android Images},
booktitle = {Proc. of the European Symposium on Research in Computer Security (ESORICS)},
series = {Lecture Notes in Computer Science},
volume = {9878},
pages = {401--421},
publisher = {Springer},
year = {2016},
url = {https://doi.org/10.1007/978-3-319-45744-4\_20},
doi = {10.1007/978-3-319-45744-4\_20},
timestamp = {Tue, 14 May 2019 10:00:53 +0200},
biburl = {https://dblp.org/rec/conf/esorics/ZhangAYD16.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{xu:www19,
author = {Xu, Mengwei and Liu, Jiawei and Liu, Yuanqiang and Lin, Felix Xiaozhu and Liu, Yunxin and Liu, Xuanzhe},
title = {A First Look at Deep Learning Apps on Smartphones},
year = {2019},
isbn = {9781450366748},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3308558.3313591},
doi = {10.1145/3308558.3313591},
booktitle = {Proc. of the World Wide Web Conference (WWW)}
}
@misc{fdroiddata,
author = {{F-Droid}},
date = {2021},
howpublished = {\url{https://gitlab.com/fdroid/fdroiddata}},
title = {{F-Droid} Data Repository},
urldate = {2021-11-30},
bdsk-url-1 = {https://gitlab.com/fdroid/fdroiddata}}
@misc{fdroidserver,
author = {{F-Droid}},
date = {2021},
howpublished = {\url{https://gitlab.com/fdroid/fdroidserver/}},
title = {{F-Droid} Server Tools Repository},
urldate = {2021-11-30},
bdsk-url-1 = {https://gitlab.com/fdroid/fdroidserver/}}

View File

@ -29,6 +29,7 @@
\usepackage[normalem]{ulem}
\usepackage{xspace}
\usepackage{relsize}
\usepackage{cleveref} % for \Cref{sec:background} -> Section 2