Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee and Guofei Jiang CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability.

Slides:



Advertisements
Similar presentations
Syracuse University, New York, USA
Advertisements

Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin,
2014 Network and Distributed System Security Symposium AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijecking.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability Chao Shi CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities.
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Program Representations. Representing programs Goals.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
CIM2564 Introduction to Development Frameworks 1 Overview of a Development Framework Topic 1.
Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.
1 Static Testing: defect prevention SIM objectives Able to list various type of structured group examinations (manual checking) Able to statically.
The Procedure Abstraction Part I: Basics Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved. Students enrolled in Comp 412.
1 Software Testing and Quality Assurance Lecture 30 – Testing Systems.
Recap from last time: live variables x := 5 y := x + 2 x := x + 1 y := x y...
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.
ANDROID PROGRAMMING MODULE 1 – GETTING STARTED
Chien-Chung Shen Manifest and Activity Chien-Chung Shen
Impact Analysis of Database Schema Changes Andy Maule, Wolfgang Emmerich and David S. Rosenblum London Software Systems Dept. of Computer Science, University.
SymCall: Symbiotic Virtualization Through VMM-to-Guest Upcalls John R. Lange and Peter Dinda University of Pittsburgh (CS) Northwestern University (EECS)
박 종 혁 컴퓨터 보안 및 운영체제 연구실 MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications,
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.
The Procedure Abstraction Part I: Basics Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved. Students enrolled in Comp 412.
C Copyright © 2009, Oracle. All rights reserved. Appendix C: Service-Oriented Architectures.
University of Maryland Compiler-Assisted Binary Parsing Tugrul Ince PD Week – 27 March 2012.
Introduction Overview Static analysis Memory analysis Kernel integrity checking Implementation and evaluation Limitations and future work Conclusions.
SUPOR : Precise and Scalable Sensitive User Input Detection for Android Apps Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang,
COMP 410 & Sky.NET May 2 nd, What is COMP 410? Forming an independent company The customer The planning Learning teamwork.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
CS378 - Mobile Computing Intents.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Architectural Design l Establishing the overall structure of a software system.
Android for Java Developers Denver Java Users Group Jan 11, Mike
CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.
Effective Real-time Android Application Auditing
Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.
CS378 - Mobile Computing Intents. Allow us to use applications and components that are part of Android System – start activities – start services – deliver.
Auther: Kevian A. Roudy and Barton P. Miller Speaker: Chun-Chih Wu Adviser: Pao, Hsing-Kuo.
Modeling Component-based Software Systems with UML 2.0 George T. Edwards Jaiganesh Balasubramanian Arvind S. Krishna Vanderbilt University Nashville, TN.
Android Security Model that Provide a Base Operating System Presented: Hayder Abdulhameed.
Information Security What is Information Security?
Creating Graphical User Interfaces (GUI’s) with MATLAB By Jeffrey A. Webb OSU Gateway Coalition Member.
Checking More Alerting Less PRESENTED BY: AMIN ROIS SINUNG NUGROHO.
CSC480 Software Engineering Lecture 10 September 25, 2002.
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
Chapter 10: Classes and Data Abstraction. Objectives In this chapter, you will: Learn about classes Learn about private, protected, and public members.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.
Android Permissions Demystified
CS223: Software Engineering
Chapter 10: Classes and Data Abstraction. Classes Object-oriented design (OOD): a problem solving methodology Objects: components of a solution Class:
AFS/OSD Project R.Belloni, L.Giammarino, A.Maslennikov, G.Palumbo, H.Reuter, R.Toebbicke.
Whole Test Suite Generation. Abstract Not all bugs lead to program crashes, and not always is there a formal specification to check the correctness of.
Beyond Stack Smashing: Recent Advances In Exploiting Buffer Overruns Jonathan Pincus and Brandon Baker Microsoft Researchers IEEE Security and.
Interrupts and Exception Handling. Execution We are quite aware of the Fetch, Execute process of the control unit of the CPU –Fetch and instruction as.
Slide 1 Chapter 8 Architectural Design. Slide 2 Topics covered l System structuring l Control models l Modular decomposition l Domain-specific architectures.
Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.
AppAudit Effective Real-time Android Application Auditing Andrew Jeong
LLVM IR, File - Praakrit Pradhan. Overview The LLVM bitcode has essentially two things A bitstream container format Encoding of LLVM IR.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Chapter 5:Architectural Design l Establishing the overall structure of a software.
INFORMATION-FLOW ANALYSIS OF ANDROID APPLICATIONS IN DROIDSAFE JARED YOUNG.
Database and Cloud Security
More Security and Programming Language Work on SmartPhones
Security and Programming Language Work on SmartPhones
Android System Security
AUDACIOUS: USER DRIVEN ACCESS CONTROL WITH UNMODIFIED OPERATING SYSTEM
Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques Presented by Vikraman Mohan.
TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.
Security mechanisms and vulnerabilities in .NET
Systematic Detection of capability leaks in stock android smartphones
Presentation transcript:

Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee and Guofei Jiang CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability

Vetting vulnerable apps in large scale  High volume of app submissions  Inexperienced developers  Large number of vulnerable apps CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 2 2 Component hijacking vulnerability Accurate and scalable app vetting methods

Components in Android apps CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 3 3 Basic building blocks of apps Mutually independent yet interactive Exportable App1App2 Android Framework

What can go wrong? CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 4 4 Contact Manager App EnumeratorService Enumerator Service Returns the address book upon request Accepts unauthorized requests Contacts Android Framework Unauthorized access to protected resources

What can go wrong? CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 5 5 Setting Update Receiver Overwrites sensitive data upon update Accepts external updates Unauthorized access to private resources Contact Manager App Android Framework Setting Update Receiver Private Storage

Component hijacking attacks CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 6 6 A class of attacks that seek to gain unauthorized access to protected or private resources through exported components in vulnerable apps. Vulnerable apps exist on target devices The attacking app is already installed

Similar attacks and countermeasures CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 7 7Attacks On permission- protected resources On a small set of apps Detections Lack of an in- depth and scalable method Alerting exported components Mitigations Enforcing strict permission delegation policy Data leakage prevention

CHEX -- Component Hijacking Examiner CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 8 8 Deep inspection Generic coverage Accurate Static analysis No de-compilation Fast No source code required No human assistance App market model Goal : Vetting large volumes of apps for component hijacking vulnerabilities CHEX

Analysis approach  A data-flow perspective  Component hijacking  read/write protected or private data via exported components  Detecting component hijacking  finding “hijack-enabling flows” CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 9 9 App Android Framework Private Protected

Challenges CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 10 Lack of generic analysis tools for Dalvik bytecode Multiple entry points Event-based model Dealing with Android apps’ programming paradigm Asynchronous execution Inter-component data flows Data flow analysis on Android apps can be expensive

Dalysis: Dalvik Analysis Framework  Consumes off-the-shelf Android app package (.apk)  Generates SSA IR (adopted from WALA)  Supports extensible backend for multiple types analysis tasks CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 11 Class hierarchy Instructions Meta data Constants Parse manifest Disassemble bytecode (DexLib) Instruction translation Abstract interpretation SSA conversion SSA IR Frontend Backend Point-to analysis Call graph builder SDG builder …

Android Framework Modeling Android Framework  Design choice: model the framework  For data-flow analysis, we model  Asynchronous entry points  Framework-assisted data-flows CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 12 App System managers LibrariesRuntime Reflections Mixed languages Large codebase …

App entry points  Points through which control transfers to the app  Start point  Callbacks CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 13 App launch points Component lifecycle callbacks UI event handlers Asynchronou s constructs Others Definition: App entry points are the methods that are defined by the app and intended to be called only by the framework.

Entry point discovery Observation: only two ways to “register” entry points  Declaring them in the manifest file  Overriding/implementing the designated interfaces CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 14 Unused methods overriding framework Entry points Dead code  How to distinguish?  Containing class is instantiated  Original interface is never called by app

Entry point discovery CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 15 Unused methods overriding framework Entry points Unused methods overriding framework Entry points

App splitting  Modeling app execution by permuting split executions in all feasible orders  Why reasonable?  Most splits cannot be interleaved  Efficient pruning techniques CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 16 App Android Framework Definition: A split is a subset of the app code that is reachable from an entry point.

SDS and PDS Permutation Data-flow Summary (PDS)  Linking two adjacent SDSs in a feasible permutation CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 17 G1 Src1 G1 Sink1 Src1 G1 Sink1 Split Data-flow Summary (SDS)  Intra-split data-flows that start and end at heap variables, sources, or sinks. When permutation ends, all possible data-flows have been enumerated.

Identifying “hijack-enabling flows”  Using descriptive policies to specify flows of interests CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 18 … Sensitive Public … Input Critical … Input Sensitive Input- specified exit

Performance  Median processing time: 37sec  22% apps took >5min Accuracy  254/5,486 flagged as vulnerable  True positive rate: 81%  254/5,486 flagged as vulnerable  True positive rate: 81% Evaluations CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 19  5,486 apps from the official and alternative markets  Hardware spec: Intel Core i7-970 with 12GB RAM Insights  50 entry points of 44 types per app  99.7% apps contain inter-split data-flows

Case study CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 20 Attack Class Representative cases Data TheftSending GPS data to URL specified by input string Capability Leak Input string used as hostname for socket connection Code Injection Input string used for raw SQL query statement Input string used as shell command Intent ProxyObject embedded in input used to start Activity Data tamperingInput string submitted to server as game score

Conclusion Conducted large-scale experiments 254 / 5,486 apps37.02 secCase studies Designed and implemented CHEX Identifying hijack- enabling flows Suited for large volume app vetting Overcoming analysis challenges of apps Studied component hijacking vulnerabilities Defined from a data flow perspectiveGeneralizing similar attacks CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 21

False positives  Sophisticated request validations  Infeasible split permutations False negatives  Control-flow driven hijacks Discussions CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 22

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.