Protection against Code Obfuscation Attacks Based on Control Dependencies in Android Systems
作者: Mariem Graa , Nora Cuppens Boulahia , Frederic Cuppens , Ana Cavalliy
关键词:
摘要: In Android systems, an attacker can obfuscate application code to leak sensitive information. TaintDroid is information flow tracking system that protects private data in smartphones. But, TainDroid cannot detect control flows. Thus, it be circumvented by obfuscated attack based on dependencies. this paper, we present a collection of attacks system. We propose technical solution hybrid approach combines static and dynamic analysis. formally specify our two propagation rules. Finally, evaluate show avoid the dependencies using these
archives-ouvertes.fr
telecom-bretagne.eu 
sci-hub.se 参考文章(23)
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Thomas F. Knight, Jeremy Brown, A Minimal Trusted Computing Base for Dynamically Ensuring Secure Information Flow ,(2001)
Mariem Graa, Nora Cuppens-Boulahia, Frédéric Cuppens, Ana Cavalli, Detecting control flow in smarphones: combining static and dynamic analyses CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security. pp. 33- 47 ,(2012) , 10.1007/978-3-642-35362-8_4
Ravi Sethi, Jeffrey D. Ullman, Alfred V. Aho, Compilers: Principles, Techniques, and Tools ,(1986)
Lorenzo Cavallaro, Prateek Saxena, R. Sekar, On the Limits of Information Flow Techniques for Malware Analysis and Containment international conference on detection of intrusions and malware and vulnerability assessment. pp. 143- 163 ,(2008) , 10.1007/978-3-540-70542-0_8
Dorothy Elizabeth Robling Denning, Secure information flow in computer systems. Purdue University. ,(1975)
Babil Golam Sarwar, Olivier Mehani, Roksana Boreli, Mohamed-Ali Kaafar, None, On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices international conference on security and cryptography. pp. 461- 468 ,(2013)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Engin Kirda, Manuel Egele, Christopher Kruegel, Dawn Song, Heng Yin, Dynamic spyware analysis usenix annual technical conference. pp. 18- ,(2007)
David Thomas, Andrew Hunt, Programming Ruby: the pragmatic programmer's guide Addison-Wesley Longman Publishing Co., Inc.. ,(2000)