Along with the paper Together Strong: Cooperative Android App Analysis we developed CoDiDroid, a cooperative (and distributed) Android app analysis tool framework.
With CoDiDroid the burden, (i) to collect expert knowledge to run all tools in the network and (ii) to provide sufficient resources to execute these tools successfully, is shifted from the users to the experts setting up CoDiDroid.
CoDiDroid represents an instance of a network of taint-analysis tools build by setting up multiple AQL-WebServices. The figure below gives a brief overview of this instance:
The analysis tools available in the community can be found in the center of the figure. The frontend 1. , which allows to access CoDiDroid, can be realized by any AQL (Android App Analysis Query Language) interface such as BREW, AQL-Online or an AQL-System. Two AQL-WebServices form the backend. Each is setup to execute different analysis tools. On the one hand, WebService 2. is configured to run DroidRA, FlowDroid, HornDroid, IC3 and NOAH. On the other hand, WebService 3. holds only one tool in its configuration, namely PIM.
Whenever a query is issued by the frontend the most suitable tool or tool combination is executed by one or both backends. Once a partial or the complete answer to the query or parts of it are computed the frontend receives these answers. The communication between the different systems is realized through a REST API.
While answering the following exemplary query different tools are triggered:
MATCH [ Flows IN App(’A.apk’ | ’DEOBFUSCATE’) ?, CONNECT [ Flows IN App(’B.apk’ | ’UNCOVER’) ?, Flows IN App(’B.apk’ | ’UNCOVER’) FEATURING ’NATIVE’ ? ], IntentSources IN App(’A.apk’ | ’DEOBFUSCATE’) ?, IntentSinks IN App(’A.apk’ | ’DEOBFUSCATE’) ?, IntentSources IN App(’B.apk’ | ’UNCOVER’) ?, IntentSinks IN App(’B.apk’ | ’UNCOVER’) ? ]
MATCH operator is bound to PIM which deals with the computation of the final answer by combining all information gathered by the questions inside its scope
[...]. The preprocessor keyword
'DEOBFUSCATE' leads to the execution of DroidRA in order to resolve reflective statements in app
A.apk. The keyword
'UNCOVER' as well as the feature
'NATIVE' is related to NOAH. NOAH helps uncovering flows in native code. All questions asking for flows are answered by FlowDroid by default. Information about IntentSources and -Sinks are computed by IC3.
The complete example as well as its results are explained in the associated paper (see Publications).
Evaluation Results & New Benchmark Cases
The evaluation result computed by CoDiDroid for the associated paper (Together Strong: Cooperative Android App Analysis) can be downloaded here:
The novel benchmark cases (Star, Ring and the running example) are also available:
- Benchmark cases newBenchmarkCases.zip
- Together Strong: Cooperative Android App Analysis (Felix Pauck, Heike Wehrheim)
ESEC/FSE 2019 https://dl.acm.org/citation.cfm?id=3338915