Automatic generation of non-intrusive updates for third-party libraries in android applications
Third-Party libraries, which are ubiquitous in Android apps,have exposed great security threats to end users as they rarelyget timely updates from the app developers, leaving manysecurity vulnerabilities unpatched. This issue is due to thefact that manually updating libraries can be technically nont...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2019
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8140 https://ink.library.smu.edu.sg/context/sis_research/article/9143/viewcontent/Automatic_Generation_of_Non_intrusive_Updates_for_Third_Party_Libraries_in_Android_Applications.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9143 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-91432023-09-14T08:20:43Z Automatic generation of non-intrusive updates for third-party libraries in android applications DUAN, Yue GAO, Lian HU, Jie YIN, Heng Third-Party libraries, which are ubiquitous in Android apps,have exposed great security threats to end users as they rarelyget timely updates from the app developers, leaving manysecurity vulnerabilities unpatched. This issue is due to thefact that manually updating libraries can be technically nontrivialand time-consuming for app developers. In this paper,we propose a technique that performs automatic generationof non-intrusive updates for third-party libraries in Androidapps. Given an Android app with an outdated library and anewer version of the library, we automatically update the oldlibrary in a way that is guaranteed to be fully backward compatibleand imposes zero impact to the library’s interactionswith other components. To understand the potential impact ofcode changes, we propose a novel Value-sensitive DifferentialSlicing algorithm that leverages the diffing informationbetween two versions of a library. The new slicing algorithmgreatly reduces the over-conservativeness of the traditionalslicing while still preserving the soundness with respect toupdate generation. We have implemented a prototype calledLIBBANDAID. We further evaluated its efficacy on 9 popularlibraries with 173 security commits across 83 different versionsand 100 real-world open-source apps. The experimentalresults show that LIBBANDAID can achieve a high averagesuccessful updating rate of 80.6% for security vulnerabilitiesand an even higher rate of 94.07% when further combinedwith potentially patchable vulnerabilities. 2019-09-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8140 https://ink.library.smu.edu.sg/context/sis_research/article/9143/viewcontent/Automatic_Generation_of_Non_intrusive_Updates_for_Third_Party_Libraries_in_Android_Applications.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Information Security |
| spellingShingle |
Information Security DUAN, Yue GAO, Lian HU, Jie YIN, Heng Automatic generation of non-intrusive updates for third-party libraries in android applications |
| description |
Third-Party libraries, which are ubiquitous in Android apps,have exposed great security threats to end users as they rarelyget timely updates from the app developers, leaving manysecurity vulnerabilities unpatched. This issue is due to thefact that manually updating libraries can be technically nontrivialand time-consuming for app developers. In this paper,we propose a technique that performs automatic generationof non-intrusive updates for third-party libraries in Androidapps. Given an Android app with an outdated library and anewer version of the library, we automatically update the oldlibrary in a way that is guaranteed to be fully backward compatibleand imposes zero impact to the library’s interactionswith other components. To understand the potential impact ofcode changes, we propose a novel Value-sensitive DifferentialSlicing algorithm that leverages the diffing informationbetween two versions of a library. The new slicing algorithmgreatly reduces the over-conservativeness of the traditionalslicing while still preserving the soundness with respect toupdate generation. We have implemented a prototype calledLIBBANDAID. We further evaluated its efficacy on 9 popularlibraries with 173 security commits across 83 different versionsand 100 real-world open-source apps. The experimentalresults show that LIBBANDAID can achieve a high averagesuccessful updating rate of 80.6% for security vulnerabilitiesand an even higher rate of 94.07% when further combinedwith potentially patchable vulnerabilities. |
| format |
text |
| author |
DUAN, Yue GAO, Lian HU, Jie YIN, Heng |
| author_facet |
DUAN, Yue GAO, Lian HU, Jie YIN, Heng |
| author_sort |
DUAN, Yue |
| title |
Automatic generation of non-intrusive updates for third-party libraries in android applications |
| title_short |
Automatic generation of non-intrusive updates for third-party libraries in android applications |
| title_full |
Automatic generation of non-intrusive updates for third-party libraries in android applications |
| title_fullStr |
Automatic generation of non-intrusive updates for third-party libraries in android applications |
| title_full_unstemmed |
Automatic generation of non-intrusive updates for third-party libraries in android applications |
| title_sort |
automatic generation of non-intrusive updates for third-party libraries in android applications |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2019 |
| url |
https://ink.library.smu.edu.sg/sis_research/8140 https://ink.library.smu.edu.sg/context/sis_research/article/9143/viewcontent/Automatic_Generation_of_Non_intrusive_Updates_for_Third_Party_Libraries_in_Android_Applications.pdf |
| _version_ |
1779157179104755712 |