You are cordially invited to the following CHOOSE talk:
Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
Speaker: Steven Arzt
Please register here: https://goo.gl/forms/lYnMhC5u0QPeoFpu2
When: Tuesday Nov 15 @ 17h00-18h00
The talk will be followed by a light aperitif.
Where: University of Bern, Engehaldenstrasse 8, 3012 Bern, Room 001
Android malware is getting more and more sophisticated. So-called "sleeper"
applications only trigger their malicious behavior after a certain time has passed or
event has happened, effectively evading many dynamic analysis techniques. Other techniques
include integrity checks as well as detectors for emulators, rooted devices, and hooks. If
any such sign is detected, the malware refrains from its actual malicious behavior. For
countering static analyses, these apps apply code encryption, packers, and code
obfuscators. Together, these features render most automated analyses ineffective, leaving
a manual analysis as the only viable option — a very difficult and time-consuming
To alleviate the problem, we propose CodeInspect, a new integrated reverse-engineering
environment extending the Eclipse IDE and targeting sophisticated state-of-the-art malware
apps for Android. CodeInspect not only features an interactive debugger that can work on
the bytecode level, but also various static and dynamic analyses that support the human
analyst. One can display data flows inside the app, check which permissions are used where
in the code, what strings are computed or decrypted at runtime, which code is dynamically
loaded and more. Reverse engineers can even add new Java source classes or projects into
the application, which can then be called from the original app’s code. This is especially
useful when implementing decryption methods which can be directly tested in place.
Steven Arzt's core research topics are static and dynamic analysis of Java programs as
well as applications on the Android mobile platform.
He is one of the current maintainers of the Soot open-source program analysis framework.
Soot is an ideal basis for developing static analyses for Android and Java application as
well as for instrumenting these apps for runtime monitoring. Furthermore, he is the
maintainer of the FlowDroid static data flow tracker which is used in various research
projects around the world.
This event is free for all SI-CHOOSE members. Non members are encouraged to join:
Prof. Dr. O. Nierstrasz -- oscar(a)inf.unibe.ch
Software Composition Group -- http://scg.unibe.ch
University of Bern -- Tel +41 31 631 4618