How useful are existing monitoring languages for securing Android apps?

Eric | January 28, 2013

Android

… if you think that’s an interesting question then you might be interested in reading our latest publication. We have studied four existing languages for code instrumentation. The main selection criterion was that there was at least a somewhat stable implementation available. Also we ruled out tools such as TaintDroid which do not provide a language frontend.

Specifically, we investigated JavaMOP, Tracematches, DFlow Pointcuts and PQL. As we found out, all have their little problems, and no such language is ideally suited for the task.

Related Posts

  1. Instrumenting Android Apps with Soot
  2. A monitoring solution to the data races in the JDK
  3. New TR: Static Analysis Techniques for Evaluating Runtime Monitoring Properties Ahead-of-Time
  4. VMIL 2009 – The 3rd workshop on Virtual Machines and Intermediate Languages
Categories
Research
Comments rss
Comments rss
Trackback
Trackback

« »