Abstract
Android provides native development kit through JNI for developing high-performance applications (or simply apps). Although recent years have witnessed a considerable increase in the number of apps employing native libraries, only a few systems can examine them. However, none of them scrutinizes the interactions through JNI in them. In this paper, we conduct a systematic study on tracking information flows through JNI in apps. More precisely, we first perform a large-scale examination on apps using JNI and report interesting observations. Then, we identify scenarios where information flows uncaught by existing systems can result in information leakage. Based on these insights, we propose and implement NDroid, an efficient dynamic taint analysis system for checking information flows through JNI. The evaluation through real apps shows NDroid can effectively identify information leaks through JNI with low performance overheads.
Original language | English |
---|---|
Title of host publication | Proceedings - 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014 |
Publisher | IEEE |
Pages | 180-191 |
Number of pages | 12 |
ISBN (Electronic) | 9781479922338 |
DOIs | |
Publication status | Published - 1 Jan 2014 |
Event | 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014 - Atlanta, United States Duration: 23 Jun 2014 → 26 Jun 2014 |
Conference
Conference | 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014 |
---|---|
Country/Territory | United States |
City | Atlanta |
Period | 23/06/14 → 26/06/14 |
ASJC Scopus subject areas
- Computer Networks and Communications
- Hardware and Architecture
- Software