SoProtector: Safeguard Privacy for Native SO Files in Evolving Mobile IoT Applications
作者: Guangquan Xu , Weizhe Wang , Litao Jiao , Xiaotong Li , Kaitai Liang
DOI: 10.1109/JIOT.2019.2944006
关键词: Android (operating system) 、 Computer science 、 Static program analysis 、 Internet of Things 、 Encryption 、 Mobile device 、 Malware 、 Computer security
摘要: Android Apps have become the most important mobile applications in evolving IoT systems, whose security and privacy are confronted with ever more challenges, since such devices as smartphones involve too much personal information. Meanwhile, developers prefer to put core functions (e.g., encryption function T9 search function) of native layer for execution efficiency. However, there no automated analysis tools protect layer, especially those dynamically loaded third-party SO libraries. In order solve previous problem, which is confusing, we propose a novel scalable system, called SoProtector, prevent from leaking via data flow between Java layers. For detection malicious implanted libraries, SoProtector realizes real-time engine. We derive malware features three steps: 1) present binary files family grayscale image; 2) use ARM instructions set reversely obtain code file using Python opcode sequence; 3) each transformed form assembly language by IDA Pro, includes gdl an accompaniment. Our experiment, involved 3400 applications, demonstrates that able detect sinks, sources, smudges. It effectively inspects blocks at least 82% loading dynamically, it has relatively low overhead meantime, compared existing static FlowDroid AndroidLeaks).
tudelft.nl参考文章(34)
Clint Gibler, Jonathan Crussell, Jeremy Erickson, Hao Chen, AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale trust and trustworthy computing. pp. 291- 307 ,(2012) , 10.1007/978-3-642-30921-2_17
Eui Chul Richard Shin, Dawn Song, Reza Moazzezi, None, Recognizing functions in binaries with neural networks usenix security symposium. pp. 611- 626 ,(2015)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, Anmol N. Sheth, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones ACM Transactions on Computer Systems. ,vol. 32, pp. 5- ,(2014) , 10.1145/2619091
Luke Deshotels, Vivek Notani, Arun Lakhotia, DroidLegacy: Automated Familial Classification of Android Malware Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014. pp. 3- ,(2014) , 10.1145/2556464.2556467
Wei Wang, Xing Wang, Dawei Feng, Jiqiang Liu, Zhen Han, Xiangliang Zhang, Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection IEEE Transactions on Information Forensics and Security. ,vol. 9, pp. 1869- 1882 ,(2014) , 10.1109/TIFS.2014.2353996
Daniel Schreckling, Johannes Köstler, Matthias Schaff, Kynoid: Real-time enforcement of fine-grained, user-defined, and data-centric security policies for Android Information Security Technical Report. ,vol. 17, pp. 71- 80 ,(2013) , 10.1016/J.ISTR.2012.10.006
Yury Zhauniarovich, Maqsood Ahmad, Olga Gadyatskaya, Bruno Crispo, Fabio Massacci, StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications conference on data and application security and privacy. ,vol. 159, pp. 37- 48 ,(2015) , 10.1145/2699026.2699105
Vaibhav Rastogi, Yan Chen, Xuxian Jiang, DroidChameleon: evaluating Android anti-malware against transformation attacks computer and communications security. pp. 329- 334 ,(2013) , 10.1145/2484313.2484355
Peter Hornyack, Seungyeop Han, Jaeyeon Jung, Stuart Schechter, David Wetherall, These aren't the droids you're looking for Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. pp. 639- 652 ,(2011) , 10.1145/2046707.2046780