Code Coverage Measurement for Android Dynamic Analysis Tools

2015 ◽  
Author(s):  
Chun-Ying Huang ◽  
Ching-Hsiang Chiu ◽  
Chih-Hung Lin ◽  
Han-Wei Tzeng
Keyword(s):  
Dynamic Analysis ◽  
Code Coverage ◽  
Analysis Tools ◽  
Coverage Measurement

scholarly journals Hypervisor-assisted dynamic malware analysis

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Roee S. Leon ◽  
Michael Kiperberg ◽  
Anat Anatey Leon Zabag ◽  
Nezer Jacob Zaidenberg
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Cyber Security ◽  
Malware Analysis ◽  
Analysis Tools ◽  
Significant Performance

AbstractMalware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

scholarly journals Fine-grained Code Coverage Measurement in Automated Black-box Android Testing

2020 ◽  
Vol 29 (4) ◽  
pp. 1-35
Author(s):  
Aleksandr Pilgun ◽  
Olga Gadyatskaya ◽  
Yury Zhauniarovich ◽  
Stanislav Dashevskyi ◽  
Artsiom Kushniarou ◽  
...  
Keyword(s):  
Black Box ◽  
Code Coverage ◽  
Fine Grained ◽  
Coverage Measurement

Evaluation of Dynamic Analysis Tools for Software Security

2018 ◽  
Vol 9 (3) ◽  
pp. 34-59 ◽  
Author(s):  
Michael Lescisin ◽  
Qusay H. Mahmoud
Keyword(s):  
Dynamic Analysis ◽  
Software Security ◽  
Safety Issue ◽  
Memory Safety ◽  
Safety Issues ◽  
Security Issues ◽  
Analysis Tools ◽  
Significant Difference ◽  
Secure Software ◽  
Input Validation

This article discusses the development of secure software by means of dynamic analysis tools. A secure software-based system should have security checks and balances integrated throughout its entire development lifecycle, including its deployment phase. Therefore, this article covers both using software security tools for testing code in development as well as monitoring code in deployment to ensure that it is operating securely. The security issues discussed in this article will be split into two categories – memory safety issues and input validation issues. Memory safety issues concern problems of unauthorized memory access such as buffer overflows, stack overflows, use-after-free, double-free, memory leaks, etc. Although not strictly a memory safety issue, concurrency issues, such as data races, will be considered as memory safety issues in this article. Input validation issues concern problems where untrusted input is directly passed to handlers which are designed to handle both data and commands. Examples of this include path traversal, SQL injection, command injection, JavaScript/HTML injection, etc. As a result of this significant difference between these two types of security vulnerabilities, two sets of tools are evaluated with one set focusing on memory safety issues and the other on input validation issues. This article explores the benefits and limitations of current software dynamic analysis tools by evaluating them against both the authors test cases as well as the OWASP Benchmark for Security Automation and proposes solutions for implementing secure software applications.

scholarly journals Design and implementation of a tracer driver: Easy and efficient dynamic analyses of constraint logic programs

2008 ◽  
Vol 8 (5-6) ◽  
pp. 581-609
Author(s):  
LUDOVIC LANGEVINE ◽  
MIREILLE DUCASSÉ
Keyword(s):  
Dynamic Analysis ◽  
Low Cost ◽  
Logic Programs ◽  
Design And Implementation ◽  
On Demand ◽  
Front End ◽  
Analysis Tools ◽  
Dynamic Analyses ◽  
Constraint Logic Programs ◽  
High Level

AbstractTracers provide users with useful information about program executions. In this article, we propose a “tracer driver”. From a single tracer, it provides a powerful front-end enabling multiple dynamic analysis tools to be easily implemented, while limiting the overhead of the trace generation. The relevant execution events are specified by flexible event patterns and a large variety of trace data can be given either systematically or “on demand”. The proposed tracer driver has been designed in the context of constraint logic programming (CLP); experiments have been made within GNU-Prolog. Execution views provided by existing tools have been easily emulated with a negligible overhead. Experimental measures show that the flexibility and power of the described architecture lead to good performance. The tracer driver overhead is inversely proportional to the average time between two traced events. Whereas the principles of the tracer driver are independent of the traced programming language, it is best suited for high-level languages, such as CLP, where each traced execution event encompasses numerous low-level execution steps. Furthermore, CLP is especially hard to debug. The current environments do not provide all the useful dynamic analysis tools. They can significantly benefit from our tracer driver which enables dynamic analyses to be integrated at a very low cost.

scholarly journals Code Coverage Measurement Framework for Android Devices

2014 ◽  
Vol 21 (3) ◽  
pp. 439-458 ◽  
Author(s):  
Ferenc Horváth ◽  
Szabolcs Bognár ◽  
Tamás Gergely ◽  
Róbert Rácz ◽  
Árpád Beszédes ◽  
...  
Keyword(s):  
Code Coverage ◽  
Measurement Framework ◽  
Coverage Measurement

scholarly journals ADVANCED AND RAPID DEVELOPMENT OF DYNAMIC ANALYSIS TOOLS FOR JAVA

2010 ◽  
Vol 10 (1) ◽  
pp. 75-90
Author(s):  
Alex Villazón ◽  
Danilo Ansaloni ◽  
Philippe Moret
Keyword(s):  
Dynamic Analysis ◽  
Rapid Development ◽  
Analysis Tools

scholarly journals Content Analyzer for Information Leakage Detedction and Prevention in Android Smart Devices: A Conceptual Approach.

2020 ◽  
Vol 6 (1) ◽  
pp. 72-90
Author(s):  
T Okebule ◽  
◽  
O.A. Adeyemo ◽  
K.A. Olatunji ◽  
A.S Awe
Keyword(s):  
Dynamic Analysis ◽  
Information Leakage ◽  
Efficient Solutions ◽  
Smart Devices ◽  
Sensitive Information ◽  
Leakage Detection ◽  
Conceptual Approach ◽  
Code Coverage ◽  
Static And Dynamic Analysis ◽  
Application Developers

The advent of android operating system introduced tools to keep track of users’ information activities and prevent information leakage which bridged the trust between application developers and consumers. Literature shows that several phenomena had been developed to prevent malicious applications from stealing personal sensitive information from smart phones but there is still the need for efficient solutions. This study proposes a conceptual approach for the development of a contentAnalyzer for information leakage detection and prevention on android-based devices. The concept will help to minimize false positives that will in turn lead to increase in code coverage towards detecting the maximum number of data leaks. The proposed concept combines both static and dynamic analysis, and if implemented will improve checking through the codes in the file activities and vulnerabilities that could be a problem. Keywords: Android, ContentAnalyzer, Static Analysis, Dynamic Analysis, Information leakage, Information leakage detection, Information leakage Prevention.

Sign in / Sign up

Export Citation Format

Share Document