Finder: Automatic ICC Data Reconstruction for Long-Term Runtime Semantics

Chia Wei Hsu, Sheng Ru Wei, Shiuhpyng Shieh

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

In Android, both system services and apps are composed of components, and the inter-component communication (ICC) is therefore vital for representing the system states of the past runtime. Conventional approaches focus on inspecting the program behaviors of apps in the laboratory environment, but not suitable for a long-Time period, system-wide activities. Analysts consider that ICC preserves much runtime semantics, so we propose Finder, an automatic ICC data reconstruction system to provide a long-Term and comprehensive view of the past runtime. We decouple the program analysis on ICC from runtime monitoring thereby decreasing the runtime overhead. Finder applies transpiling techniques to generate the data resolvers compatible with all off-The-shelf Android version. The generated data resolvers can reconstruct a high-level, system-wide runtime information, and therefore the result is useful for digital forensic, program analysis, and auditing.

Original languageEnglish
Title of host publicationDSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538657904
DOIs
StatePublished - 23 Jan 2019
Event2018 IEEE Conference on Dependable and Secure Computing, DSC 2018 - Kaohsiung, Taiwan
Duration: 10 Dec 201813 Dec 2018

Publication series

NameDSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing

Conference

Conference2018 IEEE Conference on Dependable and Secure Computing, DSC 2018
CountryTaiwan
CityKaohsiung
Period10/12/1813/12/18

Keywords

  • Android
  • Binder
  • Inter-Component Communication
  • Mobile
  • Transpiler

Fingerprint Dive into the research topics of 'Finder: Automatic ICC Data Reconstruction for Long-Term Runtime Semantics'. Together they form a unique fingerprint.

Cite this