[Choose-news] CHOOSE Talk Tuesday Nov 15 -- Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis

You are cordially invited to the following CHOOSE talk: Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis Speaker: Steven Arzt Please register here: https://goo.gl/forms/lYnMhC5u0QPeoFpu2 When: Tuesday Nov 15 @ 17h00-18h00 The talk will be followed by a light aperitif. Where: University of Bern, Engehaldenstrasse 8, 3012 Bern, Room 001 Abstract: Android malware is getting more and more sophisticated. So-called "sleeper" applications only trigger their malicious behavior after a certain time has passed or event has happened, effectively evading many dynamic analysis techniques. Other techniques include integrity checks as well as detectors for emulators, rooted devices, and hooks. If any such sign is detected, the malware refrains from its actual malicious behavior. For countering static analyses, these apps apply code encryption, packers, and code obfuscators. Together, these features render most automated analyses ineffective, leaving a manual analysis as the only viable option — a very difficult and time-consuming undertaking. To alleviate the problem, we propose CodeInspect, a new integrated reverse-engineering environment extending the Eclipse IDE and targeting sophisticated state-of-the-art malware apps for Android. CodeInspect not only features an interactive debugger that can work on the bytecode level, but also various static and dynamic analyses that support the human analyst. One can display data flows inside the app, check which permissions are used where in the code, what strings are computed or decrypted at runtime, which code is dynamically loaded and more. Reverse engineers can even add new Java source classes or projects into the application, which can then be called from the original app’s code. This is especially useful when implementing decryption methods which can be directly tested in place. Bio: Steven Arzt's core research topics are static and dynamic analysis of Java programs as well as applications on the Android mobile platform. He is one of the current maintainers of the Soot open-source program analysis framework. Soot is an ideal basis for developing static analyses for Android and Java application as well as for instrumenting these apps for runtime monitoring. Furthermore, he is the maintainer of the FlowDroid static data flow tracker which is used in various research projects around the world. This event is free for all SI-CHOOSE members. Non members are encouraged to join: http://www.s-i.ch/en/members/ Kind regards, Oscar Nierstrasz --- Prof. Dr. O. Nierstrasz -- oscar(a)inf.unibe.ch Software Composition Group -- http://scg.unibe.ch University of Bern -- Tel +41 31 631 4618