Coder Social home page Coder Social logo

cldroid's Introduction

CLDroid

CLDroid provides an end-to-end solution to statically detect cross-layer threats in Android apps (implemented based on Soot framework).

Given an Android app, CLDroid first identifies the data pools (e.g., shared preference files and databases) that may be injected by external apps through exported components. Second, CLDroid employs data identifier-based analysis to track the data flow of data items that traverse through the target data pool. Third, CLDroid learns app-specific data use semantics and universally assesses their security risks from the perspectives of two attack vectors (i.e., data loading and data consuming).

For more details, welcome to follow our paper:

Keke Lian, Lei Zhang, Guangliang Yang, Shuo Mao, Xinjie Wang, Yuan Zhang, and Min Yang. 2024. Component
Security Ten Years Later: An Empirical Study of Cross-Layer Threats in Real-World Mobile Applications. Proc.
ACM Softw. Eng. 1, FSE, Article 4 (July 2024)

cldroid's People

Contributors

liankee avatar

Stargazers

RacerZ avatar Zifan Xie avatar avatar avatar avatar

Watchers

avatar

cldroid's Issues

运行报错

在我尝试运行该项目的过程中,反复遇到以下异常信息:
java.lang.RuntimeException: This operation requires resolving level BODIES but com.google.android.gms.auth.api.signin.RevocationBoundService is at resolving level SIGNATURES
If you are extending Soot, try to add the following call before calling soot.Main.main(..):
Scene.v().addBasicClass(com.google.android.gms.auth.api.signin.RevocationBoundService,BODIES);
Otherwise, try whole-program mode (-w).
at soot.SootClass.checkLevelIgnoreResolving(SootClass.java:198)
at soot.SootClass.checkLevel(SootClass.java:180)
at soot.SootMethod.retrieveActiveBody(SootMethod.java:391)
at analyze.Main.getGetIntentInvokeUnit(Main.java:226)
at analyze.Main.doAnalyze(Main.java:158)
at analyze.Main.access$400(Main.java:25)
at analyze.Main$1.work(Main.java:128)
at util.DirTraversal.traverse(DirTraversal.java:20)
at analyze.Main.main(Main.java:131)

RE: Research Paper

Keke Lian, Lei Zhang, Guangliang Yang, Shuo Mao, Xinjie Wang, Yuan Zhang, and Min Yang. 2024. Component Security Ten Years Later: An Empirical Study of Cross-Layer Threats in Real-World Mobile Applications. Proc. ACM Softw. Eng. 1, FSE, Article 4 (July 2024)

Is this paper publicly available?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.