Sciweavers

POPL
2016
ACM

Combining static analysis with probabilistic models to enable market-scale Android inter-component analysis

8 years 7 months ago
Combining static analysis with probabilistic models to enable market-scale Android inter-component analysis
Static analysis has been successfully used in many areas, from verifying mission-critical software to malware detection. Unfortunately, static analysis often produces false positives, which require significant manual effort to resolve. In this paper, we show how to overlay a probabilistic model, trained using domain knowledge, on top of static analysis results, in order to triage static analysis results. We apply this idea to analyzing mobile applications. Android application components can communicate with each other, both within single applications and between different applications. Unfortunately, techniques to statically infer Inter-Component Communication (ICC) yield many potential inter-component and interapplication links, most of which are false positives. At large scales, scrutinizing all potential links is simply not feasible. We therefore overlay a probabilistic model of ICC on top of static analysis results. Since computing the inter-component links is a prerequisite to i...
Damien Octeau, Somesh Jha, Matthew Dering, Patrick
Added 09 Apr 2016
Updated 09 Apr 2016
Type Journal
Year 2016
Where POPL
Authors Damien Octeau, Somesh Jha, Matthew Dering, Patrick Drew McDaniel, Alexandre Bartel, Li Li 0029, Jacques Klein, Yves Le Traon
Comments (0)