Towards a Principled Approach for Dynamic Analysis of Android’s Middleware. (arXiv:2110.05619v1 [cs.CR])

The Android middleware, in particular the so-called systemserver, is a
crucial and central component to Android’s security and robustness. To
understand whether the systemserver provides the demanded security properties,
it has to be thoroughly tested and analyzed. A dedicated line of research
focuses exclusively on this task. While static analysis builds on established
tools, dynamic testing approaches lack a common foundation, which prevents the
community from comparing, reproducing, or even re-using existing results from
related work. This raises questions about whether the underlying approach of
any proposed solution is the only possible or optimal one, if it can be re-used
as a building block for future analyses, or whether results generalize. In this
work, we argue that in order to steer away from incompatible custom toolchains
and towards having comparable analyses with reproducible results, a more
principled approach to dynamically analyzing the Android system is required. As
an important first step in this direction, we propose a unified dynamic
analysis platform that provides re-usable solutions for common challenges as
the building blocks for future analyses and allows to compare different
approaches under the same assumptions.