LibKit: Detecting Third-Party Libraries in iOS Apps (ESEC/FSE 2023 - Research Papers)

Sun 3 - Sat 9 December 2023 San Francisco, California, United States

Who

Daniel Dominguez Alvarez, Alejandro de la Cruz, Alessandra Gorla, Juan Caballero

Track

ESEC/FSE 2023 Research Papers

Time Zone

The program is currently displayed in (GMT-08:00) Pacific Time (US & Canada).

Use conference time zone: (GMT-08:00) Pacific Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Thu 7 Dec 2023 11:15 - 11:30 at Golden Gate C3 - Program Analysis III Chair(s): Marsha Chechik

Abstract

We present LibKit, the first approach and tool for detecting the name and version of third-party libraries (TPLs) present in iOS apps. LibKit automatically builds fingerprints for 86K library versions available through the CocoaPods dependency manager and matches them on the decrypted app executables to identify the TPLs (name and version) an iOS app uses. LibKit supports apps written in Swift and Objective-C, detects statically and dynamically linked libraries, and addresses challenges such as partially included libraries and different compiler versions and configurations producing variants of the same library version. On a ground truth of 95 open-source apps LibKit identifies libraries with a precision of 91.1% and a recall of 83.9%. Moreover, the library identification and library version identification results positively compare with the best-performing Android tools. LibKit also significantly outperforms the state-of-the- art CRiOS tool for identifying TPL boundaries. When applied on 1,500 apps from the iTunes Store, it detects 47,015 library versions, identifying popular apps that contain old library versions

Daniel Dominguez Alvarez

University of Verona and IMDEA Software Institute

Spain

Alejandro de la Cruz

IMDEA Software Institute

Alessandra Gorla

IMDEA Software Institute

Spain

Juan Caballero

IMDEA Software Institute

Media

Time Zone

The program is currently displayed in (GMT-08:00) Pacific Time (US & Canada).

Use conference time zone: (GMT-08:00) Pacific Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Thu 7 Dec
Displayed time zone: Pacific Time (US & Canada) change

11:00 - 12:30	Program Analysis IIIDemonstrations / Research Papers / Industry Papers at Golden Gate C3 Chair(s): Marsha Chechik University of Toronto

11:00 15m Talk		Practical Inference of Nullability Types Research Papers Nima Karimipour University of California, Riverside, Justin Pham University of California, Riverside, Lazaro Clapp Uber Technologies Inc, Manu Sridharan University of California at Riverside Media Attached
11:15 15m Talk		LibKit: Detecting Third-Party Libraries in iOS Apps Research Papers Daniel Dominguez Alvarez University of Verona and IMDEA Software Institute, Alejandro de la Cruz IMDEA Software Institute, Alessandra Gorla IMDEA Software Institute, Juan Caballero IMDEA Software Institute Media Attached
11:30 15m Talk		Compositional Taint Analysis for Enforcing Security Policies at Scale Industry Papers Subarno Banerjee Amazon Web Services, Siwei Cui Texas A & M University, Michael Emmi Amazon Web Services, Antonio Filieri Amazon Web Services, Liana Hadarean Amazon Web Services, Peixuan Li Amazon Web Services, Linghui Luo Amazon Web Services, Goran Piskachev Amazon Web Services, Nico Rosner Amazon Web Services, Aritra Sengupta Amazon Web Services, Omer Tripp Amazon, Jingbo Wang University of Southern California DOI Media Attached
11:45 15m Talk		FunProbe: Probing Functions from Binary Code through Probabilistic Analysis Research Papers Soomin Kim KAIST, Hyungseok Kim The Affiliated Institute of ETRI, Sang Kil Cha KAIST, South Korea Media Attached
12:00 15m Talk		BigDataflow: A Distributed Interprocedural Dataflow Analysis Framework Research Papers Zewen Sun Nanjing University, Duanchen Xu Nanjing University, Yiyu Zhang Nanjing University, Yun Qi Nanjing University, Yueyang Wang Nanjing University, Zhiqiang Zuo Nanjing University, Zhaokang Wang Nanjing University, Yue Li Nanjing University, Xuandong Li Nanjing University, Qingda Lu Alibaba Group, Wenwen Peng Alibaba Group, Shengjian (Daniel) Guo Baidu Security Media Attached
12:15 7m Talk		CONAN: Statically Detecting Connectivity Issues in Android Applications Demonstrations Alejandro Mazuera-Rozo Universita della Svizzera italiana, Lugano, Switzerland and Universidad de los Andes, Colombia, Camilo Escobar-Velásquez Universidad de los Andes, Juan Espitia-Acero Universidad de los Andes, Colombia, Mario Linares-Vásquez Universidad de los Andes, Gabriele Bavota Software Institute, USI Università della Svizzera italiana Media Attached