摘要
The Android operating system provides a rich Inter-Component Communication(ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method is proposed to model and detect inter-component communication behavior in Android applications. Firstly,we generate data flow graphs and data facts for each component through component-level data flow analysis.Secondly, our approach treats ICC just like method calls. After analyzing the fields and data dependencies of the intent, we identify the ICC caller and callee, track the data flow between them, and construct the ICC model. Thirdly,the behavior model of Android applications is constructed by a formal mapping method for component data flow graph based on Pi calculus. The runtime sensitive path trigger detection algorithm is then given. Communicationbased attacks are detected by analyzing intent abnormity. Finally, we analyze the modeling and detection efficiency,and compare it with relevant methods. Analysis of 57 real-world applications partly verifies the effectiveness of the proposed method.
The Android operating system provides a rich Inter-Component Communication(ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method is proposed to model and detect inter-component communication behavior in Android applications. Firstly,we generate data flow graphs and data facts for each component through component-level data flow analysis.Secondly, our approach treats ICC just like method calls. After analyzing the fields and data dependencies of the intent, we identify the ICC caller and callee, track the data flow between them, and construct the ICC model. Thirdly,the behavior model of Android applications is constructed by a formal mapping method for component data flow graph based on Pi calculus. The runtime sensitive path trigger detection algorithm is then given. Communicationbased attacks are detected by analyzing intent abnormity. Finally, we analyze the modeling and detection efficiency,and compare it with relevant methods. Analysis of 57 real-world applications partly verifies the effectiveness of the proposed method.
引文
[1]IDC,Smartphone market share,https://www.idc.com/promo/smartphone-market-share/os,2018.
[2]L.Davi,A.Dmitrienko,A.R.Sadeghi,and M.Winandy,Privilege escalation attacks on android,in Proc.13thInt.Conf.Information Security,Boca Raton,FL,USA,2010,pp.346-360.
[3]E.Chin,A.P.Felt,K.Greenwood,and D.Wagner,Analyzing inter-application communication in android,in Proc.9thInt.Conf.Mobile Systems,Applications,and Services,Bethesda,MD,USA,2011,pp.239-252.
[4]A.P.Felt,H.J.Wang,A.Moshchuk,S.Hanna,and E.Chin,Permission re-delegation:Attacks and defenses,in Proc.20thUSENIX Conf.Security,San Francisco,CA,USA,2011,pp.19-31.
[5]Y.J.Zhou and X.X.Jiang,Detecting passive content leaks and pollution in android applications,in Proc.20th Network and Distributed System Security Symp.,San Diego,CA,USA,2013,pp.434-443.
[6]L.Lu,Z.C.Li,Z.Y.Wu,W.Lee,and G.F.Jiang,CHEX:Statically vetting android apps for component hijacking vulnerabilities,in Proc.2012 ACM Conf.Computer and Communications Security,Raleigh,NC,USA,2012,pp.229-240.
[7]Z.R.Fang,W.L.Han,D.Li,Z.Q.Guo,D.H.Guo,X.S.Wang,Z.Y.Qian,and H.Chen,revDroid:Code analysis of the side effects after dynamic permission revocation of android apps,in Proc.11thACM on Asia Conf.Computer and Communications Security,Xi’an,China,2016,pp.747-758.
[8]Y.J.Hu and I.Neamtiu,Static detection of eventbased races in android apps,in Proc.23rdInt.Conf.Architectural Support for Programming Languages and Operating Systems,Williamsburg,VA,USA,2018,pp.257-270.
[9]W.Enck,D.Octeau,P.McDaniel,and S.Chaudhuri,A study of android application security,in Proc.20th USENIX Conf.Security,San Francisco,CA,USA,2011,pp.64-80.
[10]K.Fan,H.Li,W.Jiang,C.S.Xiao,and Y.T.Yang,Secure authentication protocol for mobile payment.Tsinghua Sci.Technol.,vol.23,no.5,pp.610-620,2018.
[11]S.Arzt,S.Rasthofer,C.Fritz,E.Bodden,A.Bodden,J.Klein,Y.Le Traon,D.Octeau,and P.McDaniel,FlowDroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for android apps,in Proc.35thACM SIGPLAN Conf.Programming Language Design and Implementation,vol.49,no.6,pp.259-269,2014.
[12]C.Fritz,S.Arzt,S.Rasthofer,E.Bodden,A.Bartel,J.Klein,Y.le Traon,D.Octeau,and P.McDaniel,Highly precise taint analysis for Android applications,Tech.Rep.Nr.TUD-CS-2013-0113,Technische Universitat Darmstadt,Darmstadt,Germany,2013.
[13]R.Vall′ee-Rai,E.Gagnon,L.Hendren,P.Lam,P.Pominville,and V.Sundaresan,Optimizing Java bytecode using the Soot framework:Is it feasible?in Proc.9thInt.Conf.Compiler Construction,Berlin,Germany,2000,pp.18-34.
[14]M.Sagiv,T.Reps,and S.Horwitz,Precise interprocedural dataflow analysis with applications to constant propagation,Theor.Comput.Sci.,vol.167,nos.1&2,pp.131-170,1996.
[15]T.Reps,S.Horwitz,and M.Sagiv,Precise interprocedural dataflow analysis via graph reachability,in Proc.22ndACM SIGPLAN-SIGACT Symp.Principles of Programming Languages,San Francisco,CA,USA,1995,pp.49-61.
[16]D.Octeau,P.McDaniel,S.Jha,A.Bartel,E.Bodden,J.Klein,and Y.Le Traon,Effective inter-component communication mapping in Android with Epicc:An essential step towards holistic security analysis,in Proc.22ndUSENIX Conf.Security,Washington,DC,USA,2013,pp.543-558.
[17]M.C.Grace,W.Zhou,X.X.Jiang,and A.R.Sadeghi,Unsafe exposure analysis of mobile in-app advertisements,in Proc.5thACM Conf.Security and Privacy in Wireless and Mobile Networks,Tucson,AZ,USA,2012,pp.101-112.
[18]F.G.Wei,S.Roy,X.M.Ou,and Robby,Amandroid:A precise and general inter-component data flow analysis framework for security vetting of android apps,in Proc.2014 ACM SIGSAC Conf.Computer and Communications Security,Scottsdale,AZ,USA,2014,pp.1329-1341.
[19]W.Enck,P.Gilbert,S.Han,V.Tendulkar,B.G.Chun,L.P.Cox,J.Jung,P.McDaniel,and A.N.Sheth,TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones,ACM Trans.Comput.Syst.,vol.32,no.2,p.5,2014.
[20]P.Gilbert,B.G.Chun,L.P.Cox,and J.Jung,Vision:Automated security validation of mobile apps at app markets,in Proc.2ndInt.Workshop on Mobile Cloud Computing and Services,Bethesda,MD,USA,2011,pp.21-26.
[21]C.Zheng,S.X.Zhu,S.F.Dai,G.F.Gu,X.R.Gong,X.H.Han,and W.Zou,SmartDroid:An automatic system for revealing UI-based trigger conditions in android applications,in Proc.2ndACM Workshop on Security and Privacy in Smartphones and Mobile Devices,Raleigh,NC,USA,2012,pp.93-104.
[22]W.Klieber,L.Flynn,A.Bhosale,L.M.Jia,and L.Bauer,Android taint flow analysis for app sets,in Proc.3rdACMSIGPLAN Int.Workshop on the State of the Art in Java Program Analysis,Edinburgh,UK,2014,pp.1-6.
[23]L.Wu,M.Grace,Y.J.Zhou,C.Wu,and X.X.Jiang,The impact of vendor customizations on android security,in Proc.2013 ACM SIGSAC Conference on Computer&Communications Security,Berlin,Germany,2013,pp.623-634.
[24]M.Zhang and H.Yin,AppSealer:Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in android applications,in Proc.21st Annu.Network and Distributed System Security Symp.,San Diego,CA,USA,2014,pp.1-15.
[25]H.Bagheri,A.Sadeghi,R.Jabbarvand,and S.Malek,Automated dynamic enforcement of synthesized security policies in Android,Tech.Rep.GMU-CS-TR-2015-5,George Mason University,Fairfax,VA,USA,2015.
[26]K.O.Elish,D.D.Yao,and B.G.Ryder,On the need of precise inter-app ICC classification for detecting android malware collusions,in Proc.IEEE Mobile Security Technologies,San Jose,CA,USA,2015.
[27]H.Bagheri,A.Sadeghi,J.Garcia,and S.Malek,COVERT:Compositional analysis of Android inter-app vulnerabilities,Tech.Rep.GMU-CS-TR-2015-1,George Mason University,Fairfax,VA,USA,2015.
[28]F.Nielson,H.R.Nielson,and C.Hankin,Principles of Program Analysis.Springer,2015.