Muse (alternatively µSE) is a mutation-based soundness evaluation framework which systematically evaluates Android static analysis tools to discover, document, and fix, flaws, by leveraging the well-founded practice of mutation analysis. More information about Muse can be found in our USENIX Security'18 paper and on our website.

Muse can be downloaded from this git repository, with a Maven Eclipse project found in the Muse directory. After downloading, Muse can be compiled with the following commands:

mvn clean
mvn package

The generated runnable jar can be found in: target/Muse-1.0.0.jar

Muse relies on MDroidPlus. You will need the libs4ast folder of that project in order to run Muse.

To run Muse, use the following command, specifying the required arguments:

java -jar Muse-1.0.0.jar <libs4ast> <AppSourceCode> <AppName> <OutputPath>

Provide the following list of required arguments when running Muse:

1. libs4ast: path of the lib4ast folder, inherited from MDroidPlus;
2. AppSourceCode: path of the Android app source code folder;
3. AppName: App main package name;
4. Output: path of the folder where the mutants will be created;

java -jar Muse-1.0.0.jar MDroidPlus/libs4ast/ /tmp/AppFoo/src/ AppFoo /tmp/mutants/

The output directory will contain a folder with the source code for each generated mutant.

If you use Muse for academic purposes, please cite:

Bonett, R., Kafle, K., Moran, K., Nadkarni, A., & Poshyvanyk, D. (2018, August). Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association.

Currently Muse is oriented towards the evaluation of static analysis tools for Android data leak detection. We intend to expand Muse by developing additional security operators and mutation schemes for tools with other goals, e.g. SSL verification.