Java code is easy to be decompiled, and third-party SO files are used frequently by developers to improve development efficiency. Therefore, more and more core functions of Android applications are implemented in the native layer. However, there is neither comprehensive security research work nor automated security analysis tools on Android native layer, especially for third-party SO files that are dynamically loaded within the applications. To solve this problem, SoProtector, a novel and effective system is proposed to defend against the privacy leaks, which mainly analyzes the data stream between two levels: application and Native layers. In addition, SoProtector includes a real-time monitor to detect malicious functions in binary code. Our evaluation using 3400 applications has demonstrated that SoProtector can detect more sources, sinks and smudges than most static analysis tools; And it detects and effectively blocks more than 82% of applications that dynamically load malicious third-party SO files with low performance overhead.
CITATION STYLE
Zhang, N., Xu, G., Meng, G., & Zheng, X. (2018). SoProtector: Securing native C/C++ libraries for mobile applications. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11336 LNCS, pp. 417–431). Springer Verlag. https://doi.org/10.1007/978-3-030-05057-3_32
Mendeley helps you to discover research relevant for your work.