BeDroid - ART runtime intrumentation framework

Project Name: Project 1 - ARTDroid
Mentor: Cong Zheng (CN)
Backup mentor: TBC
Skills required: C++, Java, Linux, Android System, LLVM, ARM
Project type: New technology in existing tool.
Project goal: Build a dynamic malware analysis system for analyzing Android apps targeting on Android's new runtime -- ART.
Description:

From Android 4.4, Android system has a new runtime called ART [1][2] together with Dalvik. Users can switch between those two runtimes. However, since Android 5.0, Google totally abandoned Dalvik, so ART becomes the only runtime. Current dynamic analysis systems such as DroidBox, TaintDroid, DroidScope, etc., they are built on Dalvik VM, porting them to ART seems impossible since they depend on DVM heavily.

The goal of this project is to build a dynamic malware analysis system on ART, which allows users to monitor the execution of potentially malicious apps. This includes the following sub-goals:
    •    Monitoring function calls
    •    Modifying parameters/return value before/after function's execution
    •    Dumping objects' contents
    •    Reporting layer that is compatible with existing systems

The solution of this project should guarantee two points: low performance overhead and easily maintainability of analysis environment for future new Android versions.

[1] http://source.android.com/devices/tech/dalvik/
[2] http://androidxref.com/5.0.0_r2/xref/art/