Our Associate Professor Dr Daniel LUO and his PhD students Mr ZHOU Hao and Mr WU Shuohan received the ACM SIGSOFT Distinguished Paper Award with the paper titled “NCScope: Hardware-Assisted Analyzer for Native Code in Android Apps” at the 31st edition of ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). Other collaborators of this paper come from Pennsylvania State University, Zhejiang University, Tsinghua University, and Washington State University.
The paper proposes and develops a novel hardware-assisted analyzer for native code in apps. The research team leverages ETM, a hardware feature of ARM platform, and eBPF, a kernel component of Android system, to collect real execution traces and relevant memory data of target apps, and design new methods to scrutinise native code according to the collected data. To show the unique capability of NCScope, the team applies it to four applications that cannot be accomplished by existing tools, including systematic studies on self-protection and anti-analysis mechanisms implemented in native code of apps, analysis of memory corruption in native code, and identification of performance differences between functions in native code. The results uncover that only 26.8% of the analysed financial apps implement self-protection methods in native code, implying that the security of financial apps is far from expected. Meanwhile, 78.3% of the malicious apps under analysis have anti-analysis behaviours, suggesting that NCScope is very useful to malware analysis. Moreover, NCScope can effectively detect bugs in native code and identify performance differences.
ISSTA is the leading research symposium on software testing and analysis, bringing together academics, industrial researchers, and practitioners to exchange new ideas, problems, and experience on how to analyse and test software systems.