面向Android应用隐私泄露检测的多源污点分析技术
|
摘要
当前,静态污点分析检测Android应用隐私泄露存在误报率较高的问题,这给检测人员和用户带来很大的不便.针对这一问题,提出了一种多源绑定发生的污点分析技术.该技术可以精确地判断污点分析结果中多组源是否可以在一次执行中绑定发生,用户可以从单一分析1条结果转为分析有关联的多组结果,这既缩小了分析范围,又降低了检测的误报率.在精度上,该技术支持上下文敏感、流敏感、域敏感等特性,并可以有效地区分出分支互斥的情况.在效率上,提供了一种高效的实现方法,可以将高复杂度(指数级别)的分析降低为与传统方法时间相近的分析(初始阶段开销为19.7%,进一步的多源分析平均时间为0.3s).基于此,实现了一个原型系统MultiFlow,利用其对2116个良性手机软件和2089个恶意手机软件进行应用,应用结果表明,多源污点分析技术可以有效地降低隐私泄露检测的误报率(减少多源对41.1%).同时,还提出了一种污点分析结果风险评级标准,评级标准可以进一步帮助用户提高隐私泄露检测的效率.最后探讨了该技术潜在的应用场景.
Currently, the results of static taint analysis cannot explain whether the application has privacy leaks directly(high false positives), which causes inconvenience to the detectors or users. Aiming at this problem, this study puts forward a new technique—multisource binding taint analysis, which can determine whether multiple sets of sources occur in one execution precisely and efficiently. In terms of precision, the technique supports context sensitivity, flow sensitivity, and field sensitivity, and can precisely distinguish exclusive branches. In terms of efficiency, an efficient implementation method is provided to reduce high complexity(exponential level) to an analysis close to traditional method(initial overhead is 19.7%, further multi-analysis stage time is 0.3 s). A prototype called MultiFlow is implemented, and it is applied to 2 116 benign Apps and 2 089 malicious Apps. Such results support the feasibility of multi-source technique for precision enhancement of privacy leak detection(reducing multi-source pairs by 41.1%). Also, these characteristics are used as a risk rank standard of the Apps to improve detection convenience. Finally, the potential application scenarios of the technology are explored.
Currently, the results of static taint analysis cannot explain whether the application has privacy leaks directly(high false positives), which causes inconvenience to the detectors or users. Aiming at this problem, this study puts forward a new technique—multisource binding taint analysis, which can determine whether multiple sets of sources occur in one execution precisely and efficiently. In terms of precision, the technique supports context sensitivity, flow sensitivity, and field sensitivity, and can precisely distinguish exclusive branches. In terms of efficiency, an efficient implementation method is provided to reduce high complexity(exponential level) to an analysis close to traditional method(initial overhead is 19.7%, further multi-analysis stage time is 0.3 s). A prototype called MultiFlow is implemented, and it is applied to 2 116 benign Apps and 2 089 malicious Apps. Such results support the feasibility of multi-source technique for precision enhancement of privacy leak detection(reducing multi-source pairs by 41.1%). Also, these characteristics are used as a risk rank standard of the Apps to improve detection convenience. Finally, the potential application scenarios of the technology are explored.
引文
[1]McAfee.Mobile threat report.2016.http://www.mcafee.com/us/resources/reports/rp-mobile-threat-report-2016.pdf
[2]Livshits VB,Lam MS.Finding security vulnerabilities in Java applications with static analysis.In:Proc.of the Conf.on Usenix Security Symp.USENIX Association,2005.262-266.https://www.usenix.org/legacy/event/sec05/tech/full_papers/livshits/livshits_html/
[3]Sabelfeld A,Myers AC.Language-based information-flow security.IEEE Journal on Selected Areas in Communications,2003,21(1):5-19.[doi:10.1109/JSAC.2002.806121]
[4]Li L,BissyandéTF,Papadakis M,Rasthofer S,Bartel A,Octeau D.Static analysis of Android apps:A systematic literature review.In:Proc.of the Information&Software Technology.2017.67-95.http://orbilu.uni.lu/handle/10993/26879
[5]Avdiienko V,Kuznetsov K,Gorla A,Zeller A,Arzt S,Rasthofer S,Bodden E.Mining apps for abnormal usage of sensitive data.In:Proc.of the 37th Int’l Conf.on Software Engineering(ICSE),Vol.1.IEEE Press,2015.426-436.[doi:10.1109/ICSE.2015.61]
[6]Feng Y,Anand S,Dillig I,Aiken A.Apposcopy:Semantics-based detection of android malware through static analysis.In:Proc.of the 22nd ACM SIGSOFT Int’l Symp.on Foundations of Software Engineering.ACM Press,2014.576-587.[doi:10.1145/2635868.2635869]
[7]Pan X,Wang X,Duan Y,Wang X,Yin H.Dark hazard:Learning-based,large-scale discovery of hidden sensitive operations in Android apps.In:Proc.of the NDSS.2017.http://www.cs.ucr.edu/~heng/pubs/ndss2017.pdf
[8]Li Y,Shen T,Sun X,Pan X,Mao B.Detection,classification and characterization of Android malware using API data dependency.In:Proc.of the Int’l Conf.on Security and Privacy in Communication Systems.Cham:Springer-Verlag,2015.23-40.[doi:10.1007/978-3-319-28865-92]
[9]Aho AV,Sethi R,Ullman JD.Compilers,Principles,Techniques.Boston:Addison Wesley,1986.
[10]Reps T,Horwitz S,Sagiv M.Precise interprocedural dataflow analysis via graph reachability.In:Proc.of the 22nd ACMSIGPLAN-SIGACT Symp.on Principles of Programming Languages.ACM Press,1995.49-61.[doi:10.1145/199448.199462]
[11]Reps T.Program analysis via graph reachability.Information and Software Technology,1998,40(11):701-726.[doi:10.1016/S0950-5849(98)00093-7]
[12]Arzt S,Rasthofer S,Fritz C,Bodden E,Bartel A,Klein J,Le Traon Y,Octeau D,McDaniel P.Flowdroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android apps.ACM SIGPLAN Notices,2014,49(6):259-269.[doi:10.1145/2594291.2594299]
[13]Lam P,Bodden E,Lhoták O,Hendren L.The Soot framework for Java program analysis:A retrospective.In:Proc.of the Cetus Users and Compiler Infastructure Workshop(CETUS 2011),Vol.15.2011.[doi:10.1.1.221.5311]
[14]Rasthofer S,Arzt S,Bodden E.A machine-learning approach for classifying and categorizing Android sources and sinks.In:Proc.of the Network and Distributed System Security Symp.(NDSS).2014.[doi:10.14722/ndss.2014.23039]
[15]Arzt S,Bodden E.StubDroid:Automatic inference of precise data-flow summaries for the Android framework.In:Proc.of the 38th Int’l Conf.on Software Engineering.ACM Press,2016.725-735.[doi:10.1145/2884781.2884816]
[16]Google play.https://play.google.com/store
[17]Zhou Y,Jiang X.Dissecting Android malware:Characterization and evolution.In:Proc.of the 2012 IEEE Symp.on Security and Privacy(SP).IEEE,2012.95-109.[doi:10.1109/SP.2012.16]
[18]Fritz C,Arzt S,Rasthofer S,Bodden E,Bartel A,Klein J,Le Traon Y,Octeau D,McDaniel P.Highly precise taint analysis for Android applications.Technical Report,TUD-CS-2013-0113,EC SPRIDE,2013.http://www.bodden.de/pubs/TUD-CS-2013-0113.pdf
[19]Lerch J,Hermann B,Bodden E,Mezini M.FlowTwist:Efficient context-sensitive inside-out taint analysis for large codebases.In:Proc.of the 22nd ACM SIGSOFT Int’l Symp.on Foundations of Software Engineering.ACM Press,2014.98-108.[doi:10.1145/2635868.2635878]
[20]http://www.anzhi.com/applist.html
[21]http://virusshare.com
[22]Agrawal R,Srikant R.Fast algorithms for mining association rules.In:Proc.of the 20th Int’l Conf.on Very Large Data Bases(VLDB’94),Vol.1215.1994.487-499.[doi:10.1.1.100.247]
[23]Crandall JR,Chong FT.Minos:Control data attack prevention orthogonal to memory model.In:Proc.of the 37th Int’l Symp.on Microarchitecture(MICRO-37).IEEE,2004.221-232.[doi:10.1109/MICRO.2004.26]
[24]Zhu Y,Jung J,Song D,Kohno T,Wetherall D.Privacy scope:A precise information flow tracking system for finding application leaks.Technical Report,EECS-2009-145,Berkeley:University of California,2009.
[25]Clause J,Li W,Orso A.DYTAN:A generic dynamic taint analysis framework.In:Proc.of the 2007 Int’l Symp.on Software Testing and Analysis.ACM Press,2007.196-206.[doi:10.1145/1273463.1273490]
[26]Luk CK,Cohn R,Muth R,Patil H,Klauser A,Lowney G,Wallace S,Reddi VJ,Hazelwood K.Pin:Building customized program analysis tools with dynamic instrumentation.ACM SIGPLAN Notices,2005,40(6):190-200.[doi:10.1145/1064978.1065034]
[27]Tripp O,Pistoia M,Fink SJ,Sridharan M,Weisman O.TAJ:Effective taint analysis of Web applications.ACM SIGPLAN Notices,2009,44(6):87-97.[doi:10.1145/1542476.1542486]
[28]Enck W,Gilbert P,Han S,Tendulkar V,Chun BG,Cox LP,Jung J,McDaniel P,Sheth AN.TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones.ACM Trans.on Computer Systems,2014,32(2):393-407.[doi:10.1145/2619091]
[29]Lu L,Li Z,Wu Z,Lee W,Jiang G.Chex:Statically vetting Android apps for component hijacking vulnerabilities.In:Proc.of the2012 ACM Conf.on Computer and Communications Security.ACM Press,2012.229-240.[doi:10.1145/2382196.2382223]
[30]Gordon MI,Kim D,Perkins JH,Gilham L,Nguyen N,Rinard MC.Information flow analysis of Android applications in DroidSafe.In:Proc.of the NDSS 2015.2015.[doi:10.14722/ndss.2015.23089]
[31]Li L,Bartel A,BissyandéTF,Klein J,Le Traon Y,Arzt S,Rasthofer S,Bodden E,Octeau D,McDaniel P.Iccta:Detecting intercomponent privacy leaks in Android apps.In:Proc.of the 37th Int’l Conf.on Software Engineering,Vol.1.IEEE Press,2015.280-291.[doi:10.1109/ICSE.2015.48]
[32]Octeau D,Luchaup D,Dering M,Jha S,McDaniel P.Composite constant propagation:Application to Android inter-component communication analysis.In:Proc.of the 37th Int’l Conf.on Software Engineering,Vol.1.IEEE Press,2015.77-88.[doi:10.1109/ICSE.2015.30]
[2]Livshits VB,Lam MS.Finding security vulnerabilities in Java applications with static analysis.In:Proc.of the Conf.on Usenix Security Symp.USENIX Association,2005.262-266.https://www.usenix.org/legacy/event/sec05/tech/full_papers/livshits/livshits_html/
[3]Sabelfeld A,Myers AC.Language-based information-flow security.IEEE Journal on Selected Areas in Communications,2003,21(1):5-19.[doi:10.1109/JSAC.2002.806121]
[4]Li L,BissyandéTF,Papadakis M,Rasthofer S,Bartel A,Octeau D.Static analysis of Android apps:A systematic literature review.In:Proc.of the Information&Software Technology.2017.67-95.http://orbilu.uni.lu/handle/10993/26879
[5]Avdiienko V,Kuznetsov K,Gorla A,Zeller A,Arzt S,Rasthofer S,Bodden E.Mining apps for abnormal usage of sensitive data.In:Proc.of the 37th Int’l Conf.on Software Engineering(ICSE),Vol.1.IEEE Press,2015.426-436.[doi:10.1109/ICSE.2015.61]
[6]Feng Y,Anand S,Dillig I,Aiken A.Apposcopy:Semantics-based detection of android malware through static analysis.In:Proc.of the 22nd ACM SIGSOFT Int’l Symp.on Foundations of Software Engineering.ACM Press,2014.576-587.[doi:10.1145/2635868.2635869]
[7]Pan X,Wang X,Duan Y,Wang X,Yin H.Dark hazard:Learning-based,large-scale discovery of hidden sensitive operations in Android apps.In:Proc.of the NDSS.2017.http://www.cs.ucr.edu/~heng/pubs/ndss2017.pdf
[8]Li Y,Shen T,Sun X,Pan X,Mao B.Detection,classification and characterization of Android malware using API data dependency.In:Proc.of the Int’l Conf.on Security and Privacy in Communication Systems.Cham:Springer-Verlag,2015.23-40.[doi:10.1007/978-3-319-28865-92]
[9]Aho AV,Sethi R,Ullman JD.Compilers,Principles,Techniques.Boston:Addison Wesley,1986.
[10]Reps T,Horwitz S,Sagiv M.Precise interprocedural dataflow analysis via graph reachability.In:Proc.of the 22nd ACMSIGPLAN-SIGACT Symp.on Principles of Programming Languages.ACM Press,1995.49-61.[doi:10.1145/199448.199462]
[11]Reps T.Program analysis via graph reachability.Information and Software Technology,1998,40(11):701-726.[doi:10.1016/S0950-5849(98)00093-7]
[12]Arzt S,Rasthofer S,Fritz C,Bodden E,Bartel A,Klein J,Le Traon Y,Octeau D,McDaniel P.Flowdroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android apps.ACM SIGPLAN Notices,2014,49(6):259-269.[doi:10.1145/2594291.2594299]
[13]Lam P,Bodden E,Lhoták O,Hendren L.The Soot framework for Java program analysis:A retrospective.In:Proc.of the Cetus Users and Compiler Infastructure Workshop(CETUS 2011),Vol.15.2011.[doi:10.1.1.221.5311]
[14]Rasthofer S,Arzt S,Bodden E.A machine-learning approach for classifying and categorizing Android sources and sinks.In:Proc.of the Network and Distributed System Security Symp.(NDSS).2014.[doi:10.14722/ndss.2014.23039]
[15]Arzt S,Bodden E.StubDroid:Automatic inference of precise data-flow summaries for the Android framework.In:Proc.of the 38th Int’l Conf.on Software Engineering.ACM Press,2016.725-735.[doi:10.1145/2884781.2884816]
[16]Google play.https://play.google.com/store
[17]Zhou Y,Jiang X.Dissecting Android malware:Characterization and evolution.In:Proc.of the 2012 IEEE Symp.on Security and Privacy(SP).IEEE,2012.95-109.[doi:10.1109/SP.2012.16]
[18]Fritz C,Arzt S,Rasthofer S,Bodden E,Bartel A,Klein J,Le Traon Y,Octeau D,McDaniel P.Highly precise taint analysis for Android applications.Technical Report,TUD-CS-2013-0113,EC SPRIDE,2013.http://www.bodden.de/pubs/TUD-CS-2013-0113.pdf
[19]Lerch J,Hermann B,Bodden E,Mezini M.FlowTwist:Efficient context-sensitive inside-out taint analysis for large codebases.In:Proc.of the 22nd ACM SIGSOFT Int’l Symp.on Foundations of Software Engineering.ACM Press,2014.98-108.[doi:10.1145/2635868.2635878]
[20]http://www.anzhi.com/applist.html
[21]http://virusshare.com
[22]Agrawal R,Srikant R.Fast algorithms for mining association rules.In:Proc.of the 20th Int’l Conf.on Very Large Data Bases(VLDB’94),Vol.1215.1994.487-499.[doi:10.1.1.100.247]
[23]Crandall JR,Chong FT.Minos:Control data attack prevention orthogonal to memory model.In:Proc.of the 37th Int’l Symp.on Microarchitecture(MICRO-37).IEEE,2004.221-232.[doi:10.1109/MICRO.2004.26]
[24]Zhu Y,Jung J,Song D,Kohno T,Wetherall D.Privacy scope:A precise information flow tracking system for finding application leaks.Technical Report,EECS-2009-145,Berkeley:University of California,2009.
[25]Clause J,Li W,Orso A.DYTAN:A generic dynamic taint analysis framework.In:Proc.of the 2007 Int’l Symp.on Software Testing and Analysis.ACM Press,2007.196-206.[doi:10.1145/1273463.1273490]
[26]Luk CK,Cohn R,Muth R,Patil H,Klauser A,Lowney G,Wallace S,Reddi VJ,Hazelwood K.Pin:Building customized program analysis tools with dynamic instrumentation.ACM SIGPLAN Notices,2005,40(6):190-200.[doi:10.1145/1064978.1065034]
[27]Tripp O,Pistoia M,Fink SJ,Sridharan M,Weisman O.TAJ:Effective taint analysis of Web applications.ACM SIGPLAN Notices,2009,44(6):87-97.[doi:10.1145/1542476.1542486]
[28]Enck W,Gilbert P,Han S,Tendulkar V,Chun BG,Cox LP,Jung J,McDaniel P,Sheth AN.TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones.ACM Trans.on Computer Systems,2014,32(2):393-407.[doi:10.1145/2619091]
[29]Lu L,Li Z,Wu Z,Lee W,Jiang G.Chex:Statically vetting Android apps for component hijacking vulnerabilities.In:Proc.of the2012 ACM Conf.on Computer and Communications Security.ACM Press,2012.229-240.[doi:10.1145/2382196.2382223]
[30]Gordon MI,Kim D,Perkins JH,Gilham L,Nguyen N,Rinard MC.Information flow analysis of Android applications in DroidSafe.In:Proc.of the NDSS 2015.2015.[doi:10.14722/ndss.2015.23089]
[31]Li L,Bartel A,BissyandéTF,Klein J,Le Traon Y,Arzt S,Rasthofer S,Bodden E,Octeau D,McDaniel P.Iccta:Detecting intercomponent privacy leaks in Android apps.In:Proc.of the 37th Int’l Conf.on Software Engineering,Vol.1.IEEE Press,2015.280-291.[doi:10.1109/ICSE.2015.48]
[32]Octeau D,Luchaup D,Dering M,Jha S,McDaniel P.Composite constant propagation:Application to Android inter-component communication analysis.In:Proc.of the 37th Int’l Conf.on Software Engineering,Vol.1.IEEE Press,2015.77-88.[doi:10.1109/ICSE.2015.30]