research-article

Static Analysis of JNI Programs via Binary Decompilation

Authors:

Sukyoung RyuAuthors Info & Claims

IEEE Transactions on Software Engineering, Volume 49, Issue 5

Pages 3089 - 3105

https://doi.org/10.1109/TSE.2023.3241639

Published: 01 May 2023 Publication History

Abstract

JNI programs are widely used thanks to the combined benefits of C and Java programs. However, because understanding the interaction behaviors between two different programming languages is challenging, JNI program development is difficult to get right and vulnerable to security attacks. Thus, researchers have proposed static analysis of JNI program source code to detect bugs and security vulnerabilities in JNI programs. Unfortunately, such source code analysis is not applicable to compiled JNI programs that are not open-sourced or open-source JNI programs containing third-party binary libraries. While JN-SAF, the state-of-the-art analyzer for compiled JNI programs, can analyze binary code, it has several limitations due to its symbolic execution and summary-based bottom-up analysis. In this paper, we propose a novel approach to statically analyze compiled JNI programs without their source code using binary decompilation. Unlike JN-SAF that analyzes binaries directly, our approach decompiles binaries and analyzes JNI programs with the decompiled binaries using an existing JNI program analyzer for source code. To decompile binaries to compilable C source code with precise JNI-interoperation-related types, we improve an existing decompilation tool by leveraging the characteristics of JNI programs. Our evaluation shows that the approach is precise as almost the same as the state-of-the-art JNI program analyzer for source code, and more precise than JN-SAF.

References

[1]

F. Wei, X. Lin, X. Ou, T. Chen, and X. Zhang, “JN-SAF: Precise and efficient NDK/JNI-aware inter-language static analysis framework for security vetting of Android applications with native code,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., ACM, 2018, pp. 1137–1150. [Online]. Available: https://doi.org/10.1145/3243734.3243835

[2]

V. M. Afonso et al., “Going native: Using a large-scale analysis of Android apps to create a practical native-code sandboxing policy,” in Proc. 23rd Annu. Netw. Distrib. Syst. Secur. Symp., The Internet Society, 2016. [Online]. Available: https://doi.org/10.14722/ndss.2016.23384

[3]

Oracle, “Chapter 2: Design overview - Java exceptions,” 2020. [Online]. Available: https://docs.oracle.com/en/java/javase/14/docs/specs/jni/design.html#java-exceptions

[4]

D. M. Obenour, “Misuse of JNI by libguestfs Java bindings,” 2018. [Online]. Available: https://bugzilla.redhat.com/show_bug.cgi?id=1536762#c2

[5]

M. Grichi, M. Abidi, Y. Guéhéneuc, and F. Khomh, “State of practices of Java native interface,” in Proc. 29th Annu. Int. Conf. Comput. Sci. Softw. Eng., ACM, 2019, pp. 274–283. [Online]. Available: https://dl.acm.org/doi/10.5555/3370272.3370301

[6]

S. Almanee, A. Ünal, M. Payer, and J. Garcia, “Too quiet in the library: An empirical study of security updates in Android apps’ native code,” in Proc. IEEE 43rd Int. Conf. Softw. Eng., 2021, pp. 1347–1359. [Online]. Available: https://doi.org/10.1109/ICSE43902.2021.00122

[7]

G. Tan and G. Morrisett, “ILEA: Inter-language analysis across Java and C,” in Proc. 22nd Annu. ACM SIGPLAN Conf. Object-Oriented Program. Syst. Lang. Appl., 2007, pp. 39–56. [Online]. Available: https://doi.org/10.1145/1297027.1297031

[8]

S. Lee, H. Lee, and S. Ryu, “Broadening horizons of multilingual static analysis: Semantic summary extraction from C code for JNI program analysis,” in Proc. IEEE/ACM 35th Int. Conf. Automated Softw. Eng., 2020, pp. 127–137. [Online]. Available: https://doi.org/10.1145/3324884.3416558

[9]

S. Alam, Z. Qu, R. D. Riley, Y. Chen, and V. Rastogi, “DroidNative: Automating and optimizing detection of Android native code malware variants,” Comput. Secur., vol. 65, pp. 230–246, 2017. [Online]. Available: https://doi.org/10.1016/j.cose.2016.11.011

Digital Library

[10]

G. Fourtounis, L. Triantafyllou, and Y. Smaragdakis, “Identifying Java calls in native code via binary scanning,” in Proc. 29th ACM SIGSOFT Int. Symp. Softw. Testing Anal., 2020, pp. 388–400. [Online]. Available: https://doi.org/10.1145/3395363.3397368

[11]

Oracle, “Chapter 2: Design overview - compiling, loading and linking native methods,” 2020. [Online]. Available: https://docs.oracle.com/en/java/javase/14/docs/specs/jni/design.html#compiling-loading-and-linking-native-methods

[12]

Hex-Rays SA, “About IDA,” 2020. [Online]. Available: https://www.hex-rays.com/products/ida/

[13]

National Security Agency, “Ghidra.,” 2020. [Online]. Available: https://www.nsa.gov/ghidra/

[14]

S. Arzt et al., “FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps,” in Proc. 35th ACM SIGPLAN Conf. Program. Lang. Des. Implementation, ACM, 2014, pp. 259–269. [Online]. Available: https://doi.org/10.1145/2594291.2594299

Digital Library

[15]

Information Technology—Programming Languages— C, 4th ed. ISO/IEC Standard 9899:2018, International Organization for Standardization, Geneva, Switzerland, Jun. 2018, ch. 6.3.2.3, Art. no. [Online]. Available: https://www.iso.org/standard/74528.html

[16]

C. Calcagno and D. Distefano, “Infer: An automatic program verifier for memory safety of C programs,” in Proc. 3rd Int. Symp. NASA Formal Methods, Springer, 2011, pp. 459–465. [Online]. Available: https://dl.acm.org/doi/10.5555/1986308.1986345

[17]

ArgusLab, “NativeFlowBench,” 2019. [Online]. Available: https://github.com/arguslab/

[18]

F-Droid, “F-Droid - Free and open source Android app repository,” 2019. [Online]. Available: https://f-droid.org

[19]

IBM, “Best practices for using the Java native interface,” 2009. [Online]. Available: https://developer.ibm.com/articles/j-jni/#notc

[20]

Z. Liu and S. Wang, “How far we have come: Testing decompilation correctness of C decompilers,” in Proc. 29th ACM SIGSOFT Int. Symp. Softw. Testing Anal., ACM, 2020, pp. 475–487. [Online]. Available: https://doi.org/10.1145/3395363.3397370

[21]

C. Cifuentes and K. J. Gough, “Decompilation of binary programs,” Softw. Pract. Experience, vol. 25, no. 7, pp. 811–829, 1995. [Online]. Available: https://onlinelibrary.wiley.com/doi/abs/10.1002/spe.4380250706

[22]

C. Kruegel, W. Robertson, F. Valeur, and G. Vigna, “Static disassembly of obfuscated binaries,” in Proc. 13th Conf. USENIX Secur. Symp., USENIX Association, 2004, Art. no. [Online]. Available: https://dl.acm.org/doi/10.5555/1251375.1251393

[23]

C. Linn and S. Debray, “Obfuscation of executable code to improve resistance to static disassembly,” in Proc. 10th ACM Conf. Comput. Commun. Secur., Association for Computing Machinery, 2003, pp. 290–299. [Online]. Available: https://doi.org/10.1145/948109.948149

[24]

K. Coogan, G. Lu, and S. Debray, “Deobfuscation of virtualization-obfuscated software: A semantics-based approach,” in Proc. 18th ACM Conf. Comput. Commun. Secur., ACM, 2011, pp. 275–284. [Online]. Available: https://doi.org/10.1145/2046707.2046739

[25]

B. Yadegari, B. Johannesmeyer, B. Whitely, and S. Debray, “A generic approach to automatic deobfuscation of executable code,” in Proc. IEEE Symp. Secur. Privacy, 2015, pp. 674–691. [Online]. Available: https://doi.org/10.1109/SP.2015.47

[26]

D. Andriesse, X. Chen, V. Van Der Veen, A. Slowinska, and H. Bos, “An in-depth analysis of disassembly on full-scale x86/x64 binaries,” in Proc. 25th USENIX Conf. Secur. Symp., USENIX Association, 2016, pp. 583–600. [Online]. Available: https://dl.acm.org/doi/10.5555/3241094.3241140

[27]

V. B. Livshits, J. Whaley, and M. S. Lam, “Reflection analysis for Java,” in Proc. 3rd Asian Symp. Program. Lang. Syst., Springer, 2005, pp. 139–160. [Online]. Available: https://doi.org/10.1007/11575467_11

[28]

Y. Smaragdakis, G. Balatsouras, G. Kastrinis, and M. Bravenboer, “More sound static handling of Java reflection,” in Proc. 13th Asian Symp. Program. Lang. Syst., Springer, 2015, pp. 485–503. [Online]. Available: https://doi.org/10.1007/978%E2%80%933-319-26529-2_26

[29]

P. Barros et al., “Static analysis of implicit control flow: Resolving Java reflection and Android intents,” in Proc. IEEE/ACM 30th Int. Conf. Automated Softw. Eng., 2015, pp. 669–679. [Online]. Available: https://doi.org/10.1109/ASE.2015.69

[30]

S. Li and G. Tan, “Exception analysis in the Java native interface,” Sci. Comput. Program., vol. 89, pp. 273–297, 2014. [Online]. Available: https://doi.org/10.1016/j.scico.2014.01.018

[31]

M. Furr and J. S. Foster, “Polymorphic type inference for the JNI,” in Proc. 15th Eur. Symp. Program., Springer, 2006, pp. 309–324. [Online]. Available: https://doi.org/10.1007/11693024_21

[32]

D. Brumley, J. Lee, E. J. Schwartz, and M. Woo, “Native x86 decompilation using semantics-preserving structural analysis and iterative control-flow structuring,” in Proc. 22nd USENIX Secur. Symp., USENIX Association, 2013, pp. 353–368. [Online]. Available: https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/schwartz

[33]

C. Cifuentes, D. Simon, and A. Fraboulet, “Assembly to high-level language translation,” in Proc. IEEE Int. Conf. Softw. Maintenance, 1998, Art. no. [Online]. Available: https://dl.acm.org/doi/10.5555/850947.853321

[34]

M. S. Hecht and J. D. Ullman, “Characterizations of reducible flow graphs,” J. ACM, vol. 21, no. 3, pp. 367–375, Jul. 1974. [Online]. Available: https://doi.org/10.1145/321832.321835

Digital Library

[35]

T. Wei, J. Mao, W. Zou, and Y. Chen, “A new algorithm for identifying loops in decompilation,” in Proc. 14th Int. Symp. Static Anal., Springer, 2007, pp. 170–183. [Online]. Available: https://doi.org/10.1007/978%E2%80%933-540-74061-2_11

[36]

F. Verbeek, P. Olivier, and B. Ravindran, “Sound C code decompilation for a subset of x86–64 binaries,” in Proc. 18th Int. Conf. Softw. Eng. Formal Methods, Springer, 2020, pp. 247–264. [Online]. Available: https://doi.org/10.1007/978-3-030-58768-0_14

[37]

M. Chandramohan, Y. Xue, Z. Xu, Y. Liu, C. Y. Cho, and H. B. K. Tan, “BinGo: Cross-architecture cross-OS binary search,” in Proc. 24th ACM SIGSOFT Int. Symp. Found. Softw. Eng., 2016, pp. 678–689. [Online]. Available: https://doi.org/10.1145/2950290.2950350

[38]

Y. David, N. Partush, and E. Yahav, “FirmUp: Precise static detection of common vulnerabilities in firmware,” in Proc. 23rd Int. Conf. Architectural Support Program. Lang. Operating Syst., 2018, pp. 392–404. [Online]. Available: https://doi.org/10.1145/3173162.3177157

[39]

I. Gotovchits, R. Van Tonder, and D. Brumley, “Saluki: Finding taint-style vulnerabilities with static property checking,” in Proc. Workshop Binary Anal. Res., 2018, pp. 1–14. [Online]. Available: https://doi.org/10.14722/bar.2018.23019

Cited By

She XZhao YWang HFilkov VRay BZhou M(2024)WaDec: Decompiling WebAssembly Using Large Language ModelProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695020(481-492)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695020
Yang HNong YZhang TLuo XCai H(2024)Learning to Detect and Localize Multilingual BugsProceedings of the ACM on Software Engineering10.1145/36608041:FSE(2190-2213)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660804
Wang JWang HChristakis MPradel M(2024)NativeSummary: Summarizing Native Binary Code for Inter-language Static Analysis of Android AppsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680335(971-982)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680335
Show More Cited By

Recommendations

Evaluating the Java Native Interface JNI: Leveraging Existing Native Code, Libraries and Threads to a Running Java Virtual Machine

This article aims to explore JNI features and to discover fundamental operations of the Java programming language, such as arrays, objects, classes, threads and exception handling, and to illustrate these by using various algorithms and code samples. ...
Finding bugs in exceptional situations of JNI programs
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Software flaws in native methods may defeat Java's guarantees of safety and security. One common kind of flaws in native methods results from the discrepancy on how exceptions are handled in Java and in native methods. Unlike exceptions in Java, ...
Evaluating the Java Native Interface JNI: Data Types and Strings

This article describes how the java native interface JNI is a powerful feature of the java platform that started to draw attention in the latter years as an efficient programming framework for building and delivering innovative technological ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Software Engineering

IEEE Transactions on Software Engineering Volume 49, Issue 5

May 2023

312 pages

ISSN:0098-5589

Issue’s Table of Contents

0098-5589 © 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.

Publisher

IEEE Press

Publication History

Published: 01 May 2023

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

She XZhao YWang HFilkov VRay BZhou M(2024)WaDec: Decompiling WebAssembly Using Large Language ModelProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695020(481-492)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695020
Yang HNong YZhang TLuo XCai H(2024)Learning to Detect and Localize Multilingual BugsProceedings of the ACM on Software Engineering10.1145/36608041:FSE(2190-2213)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660804
Wang JWang HChristakis MPradel M(2024)NativeSummary: Summarizing Native Binary Code for Inter-language Static Analysis of Android AppsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680335(971-982)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680335
Eom HKim DLim SKoo HHwang S(2024)R2I: A Relative Readability Metric for Decompiled CodeProceedings of the ACM on Software Engineering10.1145/36437441:FSE(383-405)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643744
Cai YZhang C(2023)A Cocktail Approach to Practical Call Graph ConstructionProceedings of the ACM on Programming Languages10.1145/36228337:OOPSLA2(1001-1033)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622833

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents