Recent years have seen the development of a multitude of tools for the security analysis of Android applications. A major deficit of current fully automated security analyses, however, is their inability to drive execution to interesting parts, such as where code is dynamically loaded or certain data is decrypted. In fact, security-critical or downright offensive code may not be reached at all by such analyses when dynamically checked conditions are not met by the analysis environment. To tackle this unsolved problem, we propose a tool combining static call path analysis with byte code instrumentation and a heuristic partial symbolic execution, which aims at executing interesting calls paths.
It can systematically locate potentially security-critical code sections and instrument applications such that execution of these sections can be observed in a dynamic analysis. Among other use cases, this can be leveraged to force applications into revealing dynamically loaded code, a simple yet effective way to circumvent detection by security analysis software such as the Google Play Store’s Bouncer. We illustrate the functionality of our tool by means of a simple logic bomb example and a real-life security vulnerability which is present in hunderd of apps and can still be actively exploited at this time.
Continue Reading
Climate condition affects users' action and tweet content. We discover that temperature and humidity affects users' action more than the general weather category such as sunny or rainy. In detail,…
Cloud Computing has attracted much attention recently with all its benefits in providing data availability anytime, anywhere, on any device. The end of this decade is marked by a paradigm…
We present a novel method, Foveated Manifold Sensing, for the adaptive and efficient sensing of the visual world. The method is based on algorithms that learn manifolds of increasing but…
Research in the field of WSD has been conducted in computational linguistics as a specific task for many years. Language and context features have been shown to be very helpful…
In recent years, the data growth rate has been observed growing at a staggering rate. Considering data search as a primitive operation and to optimize this process on large volume…
The paper takes the multi-modal data massive minority area as the research object, and uses emotion computing, voice recognition, geographic information representation, video content recognition, intelligent technology and robot, 3D…
This paper presents an open recommender system to ease the entering barriers due to lack of sufficient background knowledge for small or new service providers. The proposed Open Preference and…
Cloud computing has become very popular in recent years. Various SaaS, PaaS and IaaS systems for collaborative software development have been proposed. We also have proposed a PaaS system that…
In this study, a 1-D piezoelectric touchscreen that can provide the capability of touch position and sliding movement detection is proposed. To overcome the output voltage decay issue due to…