Skip to content

Home

Jump to bottom
Michael Gordon edited this page Mar 11, 2015 · 15 revisions

Overview

The DroidSafe project develops novel program analysis techniques to diagnose and remove malicious code from Android mobile applications. The DroidSafe project is developed by MIT's Center for Resilient Software and the Kestrel Institute. The core of our system is a static information-flow analysis that operates on either Java bytecode for an application or an application's APK. The DroidSafe team co-designed a semantic model of Android runtime behaviors and a static information-flow analysis to achieve acceptable precision, accuracy, and scalability for real-world Android applications.

The DroidSafe system includes:

  1. Comprehensive, accurate, and precise Android runtime semantics model. The model was seeded with the Java code from the Android Open Source Project's (AOSP) implementation of Android 4.4.1. The DroidSafe team then automatically and manually added semantics to this model to account for native code semantics and runtime code semantics not included in the AOSP Java code. The model includes a manually-verified core that accounts for over 98% of API calls in Android applications. The model provides a single language solution for Android static analysis.

  2. A comprehensive set of sensitive source method calls defined on the Android API version 4.4.1.

  3. A comprehensive set of sink method calls that can exfiltrate information beyond application boundaries defined on Android API version 4.4.1

  4. Scalable and precise global static analysis optimized for the information flow problem on Android. This includes a deeply object-sensitive global points-to analysis with a custom solver, and a global call-site sensitive, object-sensitive, field-sensitive, and flow-insensitive taint analysis.

  5. A plugin for the Eclipse IDE designed to help a trusted human analyst rapidly triage an unknown Android application. The plugin, called the DroidSafe Navigator, presents our information-flow analysis and points-to analysis results overlaid on the source code for an application. The DroidSafe Navigator also includes features to guide an analyst to sensitive portions of an application based on API usage and implementation idioms.

Next section: Getting Started

Table of Contents

Clone this wiki locally