EvoTaint: Incremental Static Taint Analysis of Evolving Android Apps

EvoTaint: Incremental Static Taint Analysis of Evolving Android Apps

연구 분야: Strategies

학회: ACM Transactions on Software Engineering and Methodology

In the last decade, Android applications have emerged as a primary interface in consumer technology. With approximately 2.5 billion mobile devices running Android globally, security threats to the Android ecosystem due to vulnerabilities in it become increasingly broadly consequential via user applications (i.e., Android apps). This necessitates efficient methods for defending them against those vulnerabilities. Taint analysis, a popular and fundamental security defense technique, assesses the flow of sensitive information within an app between sources (e.g., reading from user inputs) and sinks (e.g., writing to databases). However, traditional taint analysis is notably resource-intensive. Performing a comprehensive analysis on a single app given a complete list of potential sources and sinks can take hours, a situation exacerbated by the frequent updates typical in mobile app development. In this paper, we propose EvoTaint, an incremental taint analysis, tailored to fit and exploit the evolving nature of Android apps. It aims to substantially reduce the time cost of conventional static taint analysis against an evolved version of a given app by narrowing down the analysis scope from the entire app to only the parts that are changed or impacted by the changes in the evolved version. We have implemented EvoTaint as a practical, open-source tool and evaluated it on 100 Android apps each with 2, 3, or even 5 versions considered. Our results demonstrated a significant (51.8—68.9%) reduction in the time cost of static taint analysis of each of the 1—4 evolved versions on average, without compromising the accuracy of the analysis results (i.e., taint flow paths), compared to using the conventional approach treating each version as a separate/standalone app. Our further analysis aimed to clarify why and when EvoTaint performs favorably. It revealed that the time efficiency gains of incremental taint analysis are strongly correlated with the ratio of changed methods and the proportion of sources/sinks affected by these changes during app evolution.