Skip to content
/ StaDynA Public
forked from terry2012/StaDynA

StaDynA: A tool to address the problem of dynamic code updates in the security analysis of Android applications

0 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

melbshark/StaDynA

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

stadyna_client_patch

stadyna_client_patch

 
 

stadyna_server/src

stadyna_server/src

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

Repository files navigation

#StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications

##Description StaDynA is a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection).

Our tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information.

This work has been done at the University of Trento.

##Publication The results of our research will be presented at the 5th ACM Conference on Data and Application Security and Privacy (ACM CODASPY 2015).

The paper can be found on my personal webpage.

Currently, please use the following bibtex reference to cite our paper:

@inproceedings{StaDynA_Zhauniarovich2015,
    author = {Zhauniarovich, Yury and Ahmad, Maqsood and Gadyatskaya, Olga and Crispo, Bruno and Massacci, Fabio},
    title = {{StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications}},
    booktitle = {Proceedings of the 5th ACM Conference on Data and Application Security and Privacy},
    series = {CODASPY '15},
    note = {to appear},
    year = {2015},
}

##Usage Our tool consists of two parts: a server and a client. The server side of StaDynA is a Python program that interacts with a static analysis tool. Currently, StaDynA uses AndroGuard as a static analyzer. The client side is the code run either on a real device or on an emulator.

The instructions how to build client side can be found in the corresponding folder.

To run the analysis of an Android application, after connecting a device running client side, execute the server side Python script:

python stadyna.py -i <inputApk> -o <resultFolder>

where inputApk is a path to the apk file to be analyzed, and resultFolder is the path where the results of the analysis will be stored.

##Dependencies

  1. networkx released under BSD license.
  2. AndroGuard released under Apache-2.0 license.

##License The tool is distributed under Apache-2.0 license. The citation of the paper is highly appreciated.

About

StaDynA: A tool to address the problem of dynamic code updates in the security analysis of Android applications

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 97.1%
  • C++ 1.8%
  • Java 1.1%