TY - GEN
T1 - Finder
T2 - 2018 IEEE Conference on Dependable and Secure Computing, DSC 2018
AU - Hsu, Chia Wei
AU - Wei, Sheng Ru
AU - Shieh, Shiuhpyng
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2019/1/23
Y1 - 2019/1/23
N2 - In Android, both system services and apps are composed of components, and the inter-component communication (ICC) is therefore vital for representing the system states of the past runtime. Conventional approaches focus on inspecting the program behaviors of apps in the laboratory environment, but not suitable for a long-Time period, system-wide activities. Analysts consider that ICC preserves much runtime semantics, so we propose Finder, an automatic ICC data reconstruction system to provide a long-Term and comprehensive view of the past runtime. We decouple the program analysis on ICC from runtime monitoring thereby decreasing the runtime overhead. Finder applies transpiling techniques to generate the data resolvers compatible with all off-The-shelf Android version. The generated data resolvers can reconstruct a high-level, system-wide runtime information, and therefore the result is useful for digital forensic, program analysis, and auditing.
AB - In Android, both system services and apps are composed of components, and the inter-component communication (ICC) is therefore vital for representing the system states of the past runtime. Conventional approaches focus on inspecting the program behaviors of apps in the laboratory environment, but not suitable for a long-Time period, system-wide activities. Analysts consider that ICC preserves much runtime semantics, so we propose Finder, an automatic ICC data reconstruction system to provide a long-Term and comprehensive view of the past runtime. We decouple the program analysis on ICC from runtime monitoring thereby decreasing the runtime overhead. Finder applies transpiling techniques to generate the data resolvers compatible with all off-The-shelf Android version. The generated data resolvers can reconstruct a high-level, system-wide runtime information, and therefore the result is useful for digital forensic, program analysis, and auditing.
KW - Android
KW - Binder
KW - Inter-Component Communication
KW - Mobile
KW - Transpiler
UR - http://www.scopus.com/inward/record.url?scp=85062545156&partnerID=8YFLogxK
U2 - 10.1109/DESEC.2018.8625155
DO - 10.1109/DESEC.2018.8625155
M3 - Conference contribution
AN - SCOPUS:85062545156
T3 - DSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing
BT - DSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 10 December 2018 through 13 December 2018
ER -