DroidBench icon indicating copy to clipboard operation
DroidBench copied to clipboard

Published 20 hours ago verified publisher icon secure-software-engineering

Feat: Implement 2 cases for native and 6 cases for cross-lingual information flow

Open kordood opened this issue 3 years ago • 1 comments
trafficstars

System properties can be sources to trigger sensitive operations such as emulator detection (They are also defined in Difuzer).

I implemented one case obtaining system properties in native code.

Another case is to copy string region in native code. It may flow information implicitly supported by some JNI Functions.

Moreover, the android developer document recommends using these JNI Functions

kordood avatar Aug 31 '22 07:08 kordood

I appended six cases focusing on cross-lingual information flow in the InfoFlows directory

JavaToJava: Source and sink in java code. JavaToNative: Source in java code and sink in native code. NativeProxy: Source and sink in java code with implicit flow through native code. NativeToNative: Source and sink in native code. NativeToJava: Source in native code and sink in java code. JavaProxy: Source and sink in native code with implicit flow through java code.

kordood avatar Sep 16 '22 05:09 kordood