Jyoti Prakash
PhD Candidate
University of Passau
Germany
Demand-driven Information Flow Analysis of WebView in Android Hybrid Apps
WebView encapusulates information flows from Java to JavaScript and vice-versa. In this project, we develop a demand-driven information flow analysis for Android hybrid apps.- Tool: IwanDroid
Unifying pointer analysis for static analysis of multilingual applications
Can we combine different program analyses, say, WALA+SVF? In this project, we developed an approach to combine existing analyses in analyzing multilingual applications?- Tool will be published soon.
Understanding fingerprinting in hybrid browsers
How vulnerable are Android webviews to fingerprinting? In this project, we developed a dynamic instrumentation for collecting attributed related to fingerprinting from Android WebViews. Our study revealed that the android WebViews are equally or more susceptible to fine-grained fingerprinting.- Tool: Charlie
Program Representation on Pointer Analysis
Can we compare program analyses relying on different intermediate representations? In this project, we developed metrics to compare program analyses by isolating the effects of their intermediate representations. Our study revealed that these parameters has little to no-effect on the precision of program analysis. Hence, it can be compared fairly.- Tool: PointEval
Security vulnerabilities in Android WebView
How vulnerable are Android Webviews? In this project, we developed a static analysis technique to collect the javascript passed from Android Webview. Our study revealed that these are often vulnerable. Further, we found patterns where the Android control flows are indirectly affected by external API calls happening in Javascript.- Tool: Please contact me for the tool
Points-to analysis using Push down systems
In this project, we developed an algorithm to express points-to analysis as push-down system reachability problem. This enabled analysis of recursive programs.- Tool: Points2Pds