[Soot-list] Query Regarding SuSi
Steven Arzt
Steven.Arzt at cased.de
Fri Jul 18 12:10:10 EDT 2014
Hi Lokesh,
For this purpose, you don’t actually need to run SuSi. You can just take the source/sink lists we have already generated using SuSi. Every line in these files is a single source or sink. All you need to do is to iterate over all methods in your APK file and see whether it matches any line in the source/sink definition file. For parsing the definition files, there are even existing classes in the FlowDroid project (soot-infoflow-android on Github, package “soot.jimple.infoflow.android.data.parsers”).
Best regards,
Steven
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von LOKESH JAIN
Gesendet: Freitag, 18. Juli 2014 18:07
An: soot-list at CS.McGill.CA; soot-list at sable.mcgill.ca; soot-list at googlegroups.com
Betreff: Re: [Soot-list] Query Regarding SuSi
Hi,
Thanks a lot for a quick reply.
I want to find the source and sink of my apk file. Like i want to find the sources and sinks of suppose xyz.apk file. I am using android version 4.4. But if it would be a problem then i can use 4.2 version as well. SourceSinkList is i think like a training data.
I want to give an .apk file as input and get the sources and sink list of that .apk file..?
Regards
Lokesh
Regards
On Fri, Jul 18, 2014 at 9:31 PM, LOKESH JAIN <lokeshjain92 at gmail.com> wrote:
Hi,
Thanks a lot for a quick reply.
I want to find the source and sink of my apk file. Like i want to find the sources and sinks of suppose xyz.apk file. I am using android version 4.4. But if it would be a problem then i can use 4.2 version as well. SourceSinkList is i think like a training data.
I want to give an .apk file as input and get the sources and sink list of that .apk file..?
Regards
Lokesh Jain
On Fri, Jul 18, 2014 at 2:08 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:
Hi Lokesh,
In most cases, you can directly use the source and sink definition files which we have produced using SuSi and do not have to run the tool on your own. These files can be found in the “SourceSinkLists” folder in the Github repository.
If you want to run SuSi on your own e.g., to obtain definition files for other versions of Android, you need a fully implemented android.jar file. The one shipped with the Android SDK will not do. You can try the ones provided by the Sable research group: https://github.com/Sable/android-platforms The file of the platform you want to analyze must then be passed to SuSi as the first command-line parameter. The second, third, usw. command-line parameter is used for passing in an arbitrary number of files containing training data for the machine learner. The last command-line parameter is the output file name.
Best regards,
Steven
M.Sc. M.Sc. Steven Arzt
Secure Software Engineering Group (SSE)
European Center for Security and Privacy by Design (EC SPRIDE)
Mornewegstraße 32
D-64293 Darmstadt
Phone: +49 61 51 16-75426
Fax: +49 61 51 16-72118
eMail: <mailto:steven.arzt at ec-spride.de> steven.arzt at ec-spride.de
Web: http://sse.ec-spride.de <http://sse.ec-spride.de/>
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von LOKESH JAIN
Gesendet: Donnerstag, 17. Juli 2014 19:37
An: soot-list at CS.McGill.CA; soot-list at sable.mcgill.ca; soot-list at googlegroups.com; Steven Arzt
Betreff: [Soot-list] Query Regarding SuSi
Hello,
I need to use SuSi in my research project but i couldn't found any tutorial that could guide me how to use SuSi.
Any help would be appreciated.
Regards
Lokesh Jain
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140718/6717b046/attachment-0003.html
More information about the Soot-list
mailing list