Combining static analysis with probabilistic models to enable market-scale android inter-component analysis

Damien Octeau, Somesh Jha, Matthew Dering, Patrick McDaniel, Alexandre Bartel, Li Li, Jacques Klein, Yves Le Traon

Research output: Chapter in Book/Report/Conference proceedingConference contribution

30 Scopus citations

Abstract

Static analysis has been successfully used in many areas, from verifying mission-critical software to malware detection. Unfortunately, static analysis often produces false positives, which require significant manual effort to resolve. In this paper, we show how to overlay a probabilistic model, trained using domain knowledge, on top of static analysis results, in order to triage static analysis results. We apply this idea to analyzing mobile applications. Android application components can communicate with each other, both within single applications and between different applications. Unfortunately, techniques to statically infer Inter-Component Communication (ICC) yield many potential inter-component and interapplication links, most of which are false positives. At large scales, scrutinizing all potential links is simply not feasible. We therefore overlay a probabilistic model of ICC on top of static analysis results. Since computing the inter-component links is a prerequisite to inter-component analysis, we introduce a formalism for inferring ICC links based on set constraints.We design an efficient algorithm for performing link resolution. We compute all potential links in a corpus of 11, 267 applications in 30 minutes and triage them using our probabilistic approach. We find that over 95.1% of all 636 million potential links are associated with probability values below 0.01 and are thus likely unfeasible links. Thus, it is possible to consider only a small subset of all links without significant loss of information. This work is the first significant step in making static inter-application analysis more tractable, even at large scales.

Original languageEnglish (US)
Title of host publicationPOPL 2016 - Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
EditorsRupak Majumdar, Rastislav Bodik
PublisherAssociation for Computing Machinery
Pages469-484
Number of pages16
ISBN (Electronic)9781450335492
DOIs
StatePublished - Jan 11 2016
Event43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2016 - St. Petersburg, United States
Duration: Jan 20 2016Jan 22 2016

Publication series

NameConference Record of the Annual ACM Symposium on Principles of Programming Languages
Volume20-22-January-2016
ISSN (Print)0730-8566

Other

Other43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2016
CountryUnited States
CitySt. Petersburg
Period1/20/161/22/16

All Science Journal Classification (ASJC) codes

  • Software

Fingerprint Dive into the research topics of 'Combining static analysis with probabilistic models to enable market-scale android inter-component analysis'. Together they form a unique fingerprint.

  • Cite this

    Octeau, D., Jha, S., Dering, M., McDaniel, P., Bartel, A., Li, L., Klein, J., & Traon, Y. L. (2016). Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. In R. Majumdar, & R. Bodik (Eds.), POPL 2016 - Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (pp. 469-484). (Conference Record of the Annual ACM Symposium on Principles of Programming Languages; Vol. 20-22-January-2016). Association for Computing Machinery. https://doi.org/10.1145/2837614.2837661