Visible to the public BenchPress: Analyzing Android App Vulnerability Benchmark Suites

TitleBenchPress: Analyzing Android App Vulnerability Benchmark Suites
Publication TypeConference Paper
Year of Publication2019
AuthorsMitra, Joydeep, Ranganath, Venkatesh-Prasad, Narkar, Aditya
Conference Name2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)
Keywordsandroid, Android (operating system), Android app development, Android app vulnerability benchmark suite analysis, Android security analysis tools, Android-specific benchmark suites, APIs, application program interfaces, application programming interface, benchmark, BenchPress, compositionality, DroidBench, empirical software engineering, evaluation, Ghera, ICCBench, mobile computing, pubcrawl, Representativeness, resilience, Resiliency, security, security of data, security-related APIs, stack overflow, temperature 227.0 K, tool developers, UBCBench
AbstractIn recent years, various benchmark suites have been developed to evaluate the efficacy of Android security analysis tools. Tool developers often choose such suites based on the availability and popularity of suites and not on their characteristics and relevance due to the lack of information about them. In this context, based on a recent effort, we empirically evaluated four Android-specific benchmark suites: DroidBench, Ghera, ICCBench, and UBCBench. For each benchmark suite, we identified the APIs used by the suite that were discussed on Stack Overflow in the context of Android app development and measured the usage of these APIs in a sample of 227K real-world apps (coverage). We also identified security-related APIs used in real-world apps but not in any of the above benchmark suites to assess the opportunities to extend benchmark suites (gaps).
Citation Keymitra_benchpress_2019