• Stars
    star
    143
  • Rank 257,007 (Top 6 %)
  • Language
    Java
  • Created over 11 years ago
  • Updated almost 8 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

SuSi - our tool to automatically discover sources and sinks in the Android framework

SuSi

SuSi - our tool to automatically discover and categorize sources and sinks in the Android framework

Running SuSi

In order to run SuSi, you need two different types on input files: First, a JAR file containing a full implementation of the Android OS that you want to analyze. Second, a set of hand-annotated input files to use as ground truth for the machine learning algorithm.

The fully-implemented Android JAR files must be extracted from an emulator or a real phone. The platform JAR files shipped with Google's Android SDK are not suitable for SuSi since they only contain method stubs, but not actual implementations. In these stubbed files, every method simply throws a NotImplementedException without carrying out any actual behavior. For some versions of the Android OS, there are pre-generated JAR files available on Github. If you want to run SuSi on another version, you need to generate the respective JAR file on your own.

For the hand-annotated ground truth, our own permissionMethodWithLabel.pscout file is a good starting point. You can either use it as-is to reproduce the results from our paper, or extend it to meet your own needs.

Finally, start the machine learner:

java -cp lib/weka.jar:soot-trunk.jar:soot-infoflow.jar:soot-infoflow-android.jar:SuSi.jar de.ecspride.sourcesinkfinder.SourceSinkFinder android.jar permissionMethodWithLabel.pscout out.pscout 

More Repositories

1

FlowDroid

FlowDroid Static Data Flow Tracker
Java
1,053
star
2

phasar

A LLVM-based static analysis framework.
C++
933
star
3

DroidBench

A micro-benchmark suite to assess the stability of taint-analysis tools for Android
Java
268
star
4

tamiflex

TamiFlex facilitates static analysis of programs that use reflection and custom class loaders
Java
42
star
5

PointerBench

A points-to and alias analysis benchmark suite
Java
35
star
6

COVA

COVA - A static analysis tool to compute path conditions
Python
32
star
7

TypeEvalPy

A Micro-benchmarking Framework for Python Type Inference Tools
Python
27
star
8

boomerang

Boomerang is a on-demand context and flow-sensitive pointer analysis for Java.
Java
23
star
9

swan

Security methods for WeAkNess detection
Java
19
star
10

sootdiff

SootDiff - Bytecode Comparison Across Different Java Compilers
Java
19
star
11

DroidForce

DroidForce Project Repository. See our ARES'2014 paper for the details on DroidForce.
Java
18
star
12

SootFX

A Static Code Feature Extraction Tool for Java and Android
Java
18
star
13

secucheck

Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to support multiple IDEs.
Java
16
star
14

authcheck

Analysis for access-control vulnerabilities in Java Spring Security applications.
JavaScript
14
star
15

SPLlift

Java
14
star
16

Jimple-Interpreter

Soot based Jimple interpreter
Java
14
star
17

HeaderGen

HeaderGen annotates Jupyter notebooks using static analysis. Improves PyCG's call graph analysis by supporting external libraries and flow-sensitivity.
Jupyter Notebook
13
star
18

SPDS-experiments

Java
11
star
19

secucheck-core

Taint Analysis on top of Soot.
Java
10
star
20

ideal

IDE/AL - Alias-Aware Framework for Interprocedural Dataflow Analysis
Java
10
star
21

android-instrumentation-tutorial

Logos
10
star
22

denial-of-app-attack

Denial-Of-App Attack
Java
8
star
23

cheetah

Eclipse plugin for a JIT taint analysis
Java
8
star
24

opcua-scanner

An opcua client scanning for servers in a network
Java
8
star
25

rose

Research Tool for Online Social Environments
JavaScript
7
star
26

upcy

UpCy automatically finds compatible updates for Maven dependencies.
Java
7
star
27

achilles-benchmark-depscanners

Achilles - Benchmark for assessing OSS-Vulnerability Scanners 59
Java
7
star
28

PathExpression

An implementation of Tarjan's PathExpression algorithm
Java
4
star
29

SparseBoomerang

Sparse Demand-Driven Pointer Analysis
Java
4
star
30

jadx-taintdoc

Jadx extended to ease documentation of taint flows
Java
4
star
31

neck

C++
3
star
32

spring-petclinic-kotlin

Vulnerable version of the Spring PetClinic application in Kotlin
Kotlin
2
star
33

cards

Component-based Assumptions and Restrictions for Dataflow Specifications
Java
1
star
34

FlowStar

Common base project for taint analyses such as FlowDroid et al.
1
star
35

modguard

Java
1
star
36

soot-infoflow-testgenerator

Test case generator for FlowDroid
1
star
37

tamiflex.benchmarks

Automatically exported from code.google.com/p/tamiflex.benchmarks
Diff
1
star
38

TS4J

A fluent interface for defining and computing typestate analyses
Java
1
star
39

crimestop

1
star
40

visuflow

VisuFlow - An Eclipse plugin that helps static code developers in writing static analyses on top of Soot.
Java
1
star
41

ivy

JavaScript
1
star
42

CogniCrypt-IntelliJ

Static Code Analysis for Crypto-API misuse detection. IDE Plugin for IntelliJ and Android Studio
Java
1
star
43

SparseIDE

Sparse IDE/IFDS solver and client implementation
1
star
44

paper-idesolverxx

Supplementary website for the paper "Scaling Interprocedural Static Data-Flow Analysis to Large C/C++ Applications"
HTML
1
star