Data-Oriented Instrumentation against Information Leakages of Android Applications
作者: Cong Sun , Pengbin Feng , Teng Li , Jianfeng Ma
关键词: Cryptographic primitive 、 Android (operating system) 、 Security policy 、 Static analysis 、 Taint checking 、 Cryptography 、 Computer security 、 Private information retrieval 、 Engineering 、 Cipher
摘要: As one of the most prominent threat, information leakages usually take sensitive data from some private sources and improperly release through malicious or misused method invocations intercommunications. a countermeasure against this number detection approaches have been developed based on static analysis, esp. taint analysis. But we still not reached satisfactory solution to patching mitigation threat. In paper, propose an approach automatically instrument Android applications with cryptographic primitives randomization. With help off-the-shelf analyzer, detect parts code that might leak information. order mitigate these leakages, standard cipher transformations randomization are used enforce different security policies according positions related sinks intermediate system calls along flow paths. The evaluation benchmark suites real-world demonstrates our can avoid false positives around 91% in real applications, acceptable cost analysis instrumentations affordable by desktops.
ieeecomputersociety.org参考文章(13)
Limin Jia, Jassim Aljuraidan, Elli Fragkaki, Lujo Bauer, Michael Stroucken, Kazuhide Fukushima, Shinsaku Kiyomoto, Yutaka Miyake, Run-Time Enforcement of Information-Flow Properties on Android european symposium on research in computer security. pp. 775- 792 ,(2013) , 10.1007/978-3-642-40203-6_43
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
I Gordon Michael, Kim Deokhwan, H Perkins Jeff, Gilham Limei, Nguyen Nguyen, C Rinard Martin, None, Information-Flow Analysis of Android Applications in DroidSafe network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23089
Mu Zhang, Heng Yin, AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23255
Mu Zhang, Heng Yin, Efficient, context-aware privacy leakage confinement for android applications without firmware modding computer and communications security. pp. 259- 270 ,(2014) , 10.1145/2590296.2590312
Damien Octeau, Siegfried Rasthofer, Yves Le Traon, Tegawende F. Bissyande, Eric Bodden, Alexandre Bartel, Patrick McDaniel, Steven Arzt, Jacques Klein, Li Li, IccTA: detecting inter-component privacy leaks in Android apps international conference on software engineering. ,vol. 1, pp. 280- 291 ,(2015) , 10.5555/2818754.2818791
Yajin Zhou, Kunal Patel, Lei Wu, Zhi Wang, Xuxian Jiang, Hybrid User-level Sandboxing of Third-party Android Apps computer and communications security. pp. 19- 30 ,(2015) , 10.1145/2714576.2714598
Wei Huang, Yao Dong, Ana Milanova, Julian Dolby, Scalable and precise taint analysis for Android international symposium on software testing and analysis. pp. 106- 117 ,(2015) , 10.1145/2771783.2771803
Michael D. Ernst, René Just, Suzanne Millstein, Werner Dietl, Stuart Pernsteiner, Franziska Roesner, Karl Koscher, Paulo Barros Barros, Ravi Bhoraskar, Seungyeop Han, Paul Vines, Edward X. Wu, Collaborative Verification of Information Flow for a High-Assurance App Store computer and communications security. pp. 1092- 1104 ,(2014) , 10.1145/2660267.2660343
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, Patrick McDaniel, FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps programming language design and implementation. ,vol. 49, pp. 259- 269 ,(2014) , 10.1145/2594291.2594299