Cheetah: Just-in-time taint analysis for android apps

Lisa Nguyen Quang Do; Karim Ali; Benjamin Livshits; Eric Bodden; Justin Smith; Emerson Murphy-Hill

doi:10.1109/ICSE-C.2017.20

Cheetah: Just-in-time taint analysis for android apps

Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, Emerson Murphy-Hill

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Current static-analysis tools are often long-running, which causes them to be sidelined into nightly build checks. As a result, developers rarely use such tools to detect bugs when writing code, because they disrupt their workflow. In this paper, we present Cheetah, a static taint analysis tool for Android apps that interleaves bug fixing and code development in the Eclipse integrated development environment. Cheetah is based on the novel concept of Just-in-Time static analysis that discovers and reports the most relevant results to the developer fast, and computes the more complex results incrementally later. Unlike traditional batch-style static-analysis tools, Cheetah causes minimal disruption to the developer's workflow. This video demo showcases the main features of Cheetah: https://www.youtube.com/watch?v=i-KQD-GTBdA.

Original language	English (US)
Title of host publication	Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	39-42
Number of pages	4
ISBN (Electronic)	9781538615898
DOIs	https://doi.org/10.1109/ICSE-C.2017.20
State	Published - Jun 30 2017
Event	39th IEEE/ACM International Conference on Software Engineering Companion, ICSE-C 2017 - Buenos Aires, Argentina Duration: May 20 2017 → May 28 2017

Publication series

Name	Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017

Conference

Conference	39th IEEE/ACM International Conference on Software Engineering Companion, ICSE-C 2017
Country/Territory	Argentina
City	Buenos Aires
Period	5/20/17 → 5/28/17

Keywords

Cheetah
Just-in-Time
Layered analysis
Static analysis

ASJC Scopus subject areas

Software
Safety, Risk, Reliability and Quality

Access to Document

10.1109/ICSE-C.2017.20

Cite this

Do, L. N. Q., Ali, K., Livshits, B., Bodden, E., Smith, J., & Murphy-Hill, E. (2017). Cheetah: Just-in-time taint analysis for android apps. In Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017 (pp. 39-42). Article 7965252 (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICSE-C.2017.20

Cheetah: Just-in-time taint analysis for android apps. / Do, Lisa Nguyen Quang; Ali, Karim; Livshits, Benjamin et al.
Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 39-42 7965252 (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Do, LNQ, Ali, K, Livshits, B, Bodden, E, Smith, J & Murphy-Hill, E 2017, Cheetah: Just-in-time taint analysis for android apps. in Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017., 7965252, Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017, Institute of Electrical and Electronics Engineers Inc., pp. 39-42, 39th IEEE/ACM International Conference on Software Engineering Companion, ICSE-C 2017, Buenos Aires, Argentina, 5/20/17. https://doi.org/10.1109/ICSE-C.2017.20

Do LNQ, Ali K, Livshits B, Bodden E, Smith J, Murphy-Hill E. Cheetah: Just-in-time taint analysis for android apps. In Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 39-42. 7965252. (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017). doi: 10.1109/ICSE-C.2017.20

Do, Lisa Nguyen Quang ; Ali, Karim ; Livshits, Benjamin et al. / Cheetah : Just-in-time taint analysis for android apps. Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 39-42 (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017).

@inproceedings{108e8bed89604f90a9304c240e1efd7e,

title = "Cheetah: Just-in-time taint analysis for android apps",

abstract = "Current static-analysis tools are often long-running, which causes them to be sidelined into nightly build checks. As a result, developers rarely use such tools to detect bugs when writing code, because they disrupt their workflow. In this paper, we present Cheetah, a static taint analysis tool for Android apps that interleaves bug fixing and code development in the Eclipse integrated development environment. Cheetah is based on the novel concept of Just-in-Time static analysis that discovers and reports the most relevant results to the developer fast, and computes the more complex results incrementally later. Unlike traditional batch-style static-analysis tools, Cheetah causes minimal disruption to the developer's workflow. This video demo showcases the main features of Cheetah: https://www.youtube.com/watch?v=i-KQD-GTBdA.",

keywords = "Cheetah, Just-in-Time, Layered analysis, Static analysis",

author = "Do, {Lisa Nguyen Quang} and Karim Ali and Benjamin Livshits and Eric Bodden and Justin Smith and Emerson Murphy-Hill",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 39th IEEE/ACM International Conference on Software Engineering Companion, ICSE-C 2017 ; Conference date: 20-05-2017 Through 28-05-2017",

year = "2017",

month = jun,

day = "30",

doi = "10.1109/ICSE-C.2017.20",

language = "English (US)",

series = "Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "39--42",

booktitle = "Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017",

}

TY - GEN

T1 - Cheetah

T2 - 39th IEEE/ACM International Conference on Software Engineering Companion, ICSE-C 2017

AU - Do, Lisa Nguyen Quang

AU - Ali, Karim

AU - Livshits, Benjamin

AU - Bodden, Eric

AU - Smith, Justin

AU - Murphy-Hill, Emerson

PY - 2017/6/30

Y1 - 2017/6/30

N2 - Current static-analysis tools are often long-running, which causes them to be sidelined into nightly build checks. As a result, developers rarely use such tools to detect bugs when writing code, because they disrupt their workflow. In this paper, we present Cheetah, a static taint analysis tool for Android apps that interleaves bug fixing and code development in the Eclipse integrated development environment. Cheetah is based on the novel concept of Just-in-Time static analysis that discovers and reports the most relevant results to the developer fast, and computes the more complex results incrementally later. Unlike traditional batch-style static-analysis tools, Cheetah causes minimal disruption to the developer's workflow. This video demo showcases the main features of Cheetah: https://www.youtube.com/watch?v=i-KQD-GTBdA.

AB - Current static-analysis tools are often long-running, which causes them to be sidelined into nightly build checks. As a result, developers rarely use such tools to detect bugs when writing code, because they disrupt their workflow. In this paper, we present Cheetah, a static taint analysis tool for Android apps that interleaves bug fixing and code development in the Eclipse integrated development environment. Cheetah is based on the novel concept of Just-in-Time static analysis that discovers and reports the most relevant results to the developer fast, and computes the more complex results incrementally later. Unlike traditional batch-style static-analysis tools, Cheetah causes minimal disruption to the developer's workflow. This video demo showcases the main features of Cheetah: https://www.youtube.com/watch?v=i-KQD-GTBdA.

KW - Cheetah

KW - Just-in-Time

KW - Layered analysis

KW - Static analysis

UR - http://www.scopus.com/inward/record.url?scp=85026785213&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85026785213&partnerID=8YFLogxK

U2 - 10.1109/ICSE-C.2017.20

DO - 10.1109/ICSE-C.2017.20

M3 - Conference contribution

AN - SCOPUS:85026785213

T3 - Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017

SP - 39

EP - 42

BT - Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 20 May 2017 through 28 May 2017

ER -

Cheetah: Just-in-time taint analysis for android apps

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this