[prev in list] [next in list] [prev in thread] [next in thread]
List: soot-list
Subject: Re: [Soot-list] [Android][FlowDroid] Using FlowDroid to analyze data passed from Dalvik to Native Co
From: Sumaya Abdullah A Almanee <salmanee () uci ! edu>
Date: 2019-03-14 4:55:22
Message-ID: CAMXHG+VBArHFw206G+cG0N+N-i0HLGS1k6_7RT2J6hamAzj5yw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thank you so much for your detailed response Steven!
So if I understand correctly I can register all *native* methods as sinks
(since I'm mainly interested in analyzing the sources of the arguments
passed to native code) then FlowDroid will collect these registered sinks
and return the corresponding sources. correct?
Can you also elaborate a bit on what you mean by registering a taint
abstraction? Are you referring to something similar to this
<https://github.com/secure-software-engineering/FlowDroid/blob/master/soot-infoflow-android/SourcesAndSinks.txt>
Thanks again for your help! I really appreciate it!
On Wed, Mar 13, 2019 at 6:03 AM Arzt, Steven <steven.arzt@sit.fraunhofer.de>
wrote:
> Hi Sumaya,
>
>
>
> FYlowDroid processes all taints that are passed to native methods to an
> INativeCallHandler implementation. If you want to apply any sort of
> reasoning about the native code, such as integrating a native code analysis
> framework into FlowDroid, that is indeed the interface you need to
> implement. In that interface, FlowDroid calls the getTaintedValues method
> with the current statement that invokes the native method, the current
> taint abstractions, and the parameters that are passed to the native
> method. Note that the sources are not immediately available here. However,
> you can always register a taint abstraction as a result (a leak) through
> the InfoflowManager. In the end, FlowDroid collects all the registered
> results (which are essentials taint abstractions at statements) and
> identifies the corresponding sources.
>
>
>
> Best regards,
>
> Steven
>
>
>
> *From:* Soot-list <soot-list-bounces@cs.mcgill.ca> *On Behalf Of *Sumaya
> Abdullah A Almanee
> *Sent:* Wednesday, March 13, 2019 3:02 AM
> *To:* soot-list@cs.mcgill.ca
> *Subject:* [Soot-list] [Android][FlowDroid] Using FlowDroid to analyze
> data passed from Dalvik to Native Code
>
>
>
> Hi Everyone,
>
>
>
> I have recently started reading about and experimenting with FlowDroid. I
> was wondering if FlowDroid (or a combination of FlowDroid and other tools)
> can be used to track the sources of data passed to the native code (whether
> it is custom or existing native libraries).
>
> For example, in the following function of an Android app:
>
>
>
> *private native void* nativeNotifyError(*int* var1, *String* var2);
>
>
>
> I want to track the sources of the variables var1 and var2 to know what
> values are passed to the nativeNotifyError function.
>
> It seems that FlowDroid has a *Native Call Handling* component but I'm
> not quite sure if it serves this purpose?
>
>
>
> Thanks,
>
> Sumaya
>
[Attachment #5 (text/html)]
<div dir="ltr">Thank you so much for your detailed response Steven! <div><br><div>So \
if I understand correctly I can register all <b>native</b> methods as sinks (since \
I'm mainly interested in analyzing the sources of the arguments passed to native \
code) then FlowDroid will collect these registered sinks and return the corresponding \
sources. correct?</div><div>Can you also elaborate a bit on what you mean by \
registering a taint abstraction? Are you referring to something similar to <a \
href="https://github.com/secure-software-engineering/FlowDroid/blob/master/soot-infoflow-android/SourcesAndSinks.txt">this</a> \
</div><div><br><div>Thanks again for your help! I really appreciate \
it!</div></div></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Wed, Mar 13, 2019 at 6:03 AM Arzt, Steven <<a \
href="mailto:steven.arzt@sit.fraunhofer.de" \
target="_blank">steven.arzt@sit.fraunhofer.de</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div lang="DE"><div \
class="gmail-m_7043850345667890982gmail-m_7007394882624987771WordSection1"><p \
class="MsoNormal"><span \
style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Hi \
Sumaya,<u></u><u></u></span></p><p class="MsoNormal"><span \
style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> \
<u></u></span></p><p class="MsoNormal"><span lang="EN-US" \
style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">FYlowDroid \
processes all taints that are passed to native methods to an INativeCallHandler \
implementation. If you want to apply any sort of reasoning about the native code, \
such as integrating a native code analysis framework into FlowDroid, that is indeed \
the interface you need to implement. In that interface, FlowDroid calls the \
</span><span lang="EN-US" \
style="font-size:10pt;font-family:Consolas;color:black;background:rgb(212,212,212)">getTaintedValues</span><span \
lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> \
method with the current statement that invokes the native method, the current taint \
abstractions, and the parameters that are passed to the native method. Note that the \
sources are not immediately available here. However, you can always register a taint \
abstraction as a result (a leak) through the InfoflowManager. In the end, FlowDroid \
collects all the registered results (which are essentials taint abstractions at \
statements) and identifies the corresponding sources.<u></u><u></u></span></p><p \
class="MsoNormal"><span lang="EN-US" \
style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> \
<u></u></span></p><p class="MsoNormal"><span lang="EN-US" \
style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Best \
regards,<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US" \
style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> \
Steven<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US" \
style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> \
<u></u></span></p><p class="MsoNormal"><b><span lang="EN-US" \
style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></b><span \
lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif"> Soot-list <<a \
href="mailto:soot-list-bounces@cs.mcgill.ca" \
target="_blank">soot-list-bounces@cs.mcgill.ca</a>> <b>On Behalf Of </b>Sumaya \
Abdullah A Almanee<br><b>Sent:</b> Wednesday, March 13, 2019 3:02 AM<br><b>To:</b> <a \
href="mailto:soot-list@cs.mcgill.ca" \
target="_blank">soot-list@cs.mcgill.ca</a><br><b>Subject:</b> [Soot-list] \
[Android][FlowDroid] Using FlowDroid to analyze data passed from Dalvik to Native \
Code<u></u><u></u></span></p><p class="MsoNormal"><u></u> <u></u></p><div><div><p \
class="MsoNormal"><span style="font-family:Arial,sans-serif;color:black">Hi \
Everyone,</span><u></u><u></u></p><div><p class="MsoNormal"><u></u> \
<u></u></p></div><div><div><p class="MsoNormal"><span \
style="font-family:Arial,sans-serif;color:black">I have recently started reading \
about and experimenting with FlowDroid. I was wondering if FlowDroid (or a \
combination of FlowDroid and other tools) can be used to track the sources of data \
passed to the native code (whether it is custom or existing native \
libraries).</span><u></u><u></u></p></div><div><p class="MsoNormal"><span \
style="font-family:Arial,sans-serif;color:black">For example, in the following \
function of an Android app:</span><u></u><u></u></p></div><div><p \
class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><b><span \
style="font-family:"Courier New";color:rgb(116,27,71)">private native \
void</span></b><span style="font-family:"Courier New";color:black"> \
nativeNotifyError(</span><b><span style="font-family:"Courier \
New";color:rgb(116,27,71)">int</span></b><span style="font-family:"Courier \
New";color:black"> </span><span style="font-family:"Courier \
New";color:rgb(191,144,0)">var1</span><span style="font-family:"Courier \
New";color:black">, </span><b><span style="font-family:"Courier \
New";color:rgb(116,27,71)">String</span></b><span \
style="font-family:"Courier New";color:black"> </span><span \
style="font-family:"Courier New";color:rgb(191,144,0)">var2</span><span \
style="font-family:"Courier \
New";color:black">);</span><u></u><u></u></p></div><div><p \
class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><span \
style="font-family:Arial,sans-serif;color:black">I want to track the sources of the \
variables </span><span style="font-family:"Courier \
New";color:rgb(191,144,0)">var1 </span><span \
style="font-family:Arial,sans-serif;color:black">and </span><span \
style="font-family:"Courier New";color:rgb(191,144,0)">var2 </span><span \
style="font-family:Arial,sans-serif;color:black">to know what values are passed to \
the </span><span style="font-family:"Courier \
New";color:black">nativeNotifyError </span><span \
style="font-family:Arial,sans-serif;color:black">function.</span><u></u><u></u></p></div></div><div><p \
class="MsoNormal"><span style="font-family:Arial,sans-serif;color:black">It seems \
that FlowDroid has a <b>Native Call Handling</b> component but I'm not quite \
sure if it serves this purpose?</span><u></u><u></u></p></div><div><p \
class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><span \
style="font-family:Arial,sans-serif;color:black">Thanks,</span><u></u><u></u></p></div><div><p \
class="MsoNormal"><span \
style="font-family:Arial,sans-serif;color:black">Sumaya</span><u></u><u></u></p></div></div></div></div></div></blockquote></div>
_______________________________________________
Soot-list mailing list
Soot-list@CS.McGill.CA
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic