Presentation is loading. Please wait.

Presentation is loading. Please wait.

Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee and Guofei Jiang CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability.

Published byErick Brooks Modified over 9 years ago

Similar presentations

Presentation on theme: "Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee and Guofei Jiang CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability."— Presentation transcript:

1 Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee and Guofei Jiang CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability

2 Vetting vulnerable apps in large scale  High volume of app submissions  Inexperienced developers  Large number of vulnerable apps CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 2 2 Component hijacking vulnerability Accurate and scalable app vetting methods

3 Components in Android apps CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 3 3 Basic building blocks of apps Mutually independent yet interactive Exportable App1App2 Android Framework

4 What can go wrong? CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 4 4 Contact Manager App EnumeratorService Enumerator Service Returns the address book upon request Accepts unauthorized requests Contacts Android Framework Unauthorized access to protected resources

5 What can go wrong? CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 5 5 Setting Update Receiver Overwrites sensitive data upon update Accepts external updates Unauthorized access to private resources Contact Manager App Android Framework Setting Update Receiver Private Storage

6 Component hijacking attacks CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 6 6 A class of attacks that seek to gain unauthorized access to protected or private resources through exported components in vulnerable apps. Vulnerable apps exist on target devices The attacking app is already installed

7 Similar attacks and countermeasures CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 7 7Attacks On permission- protected resources On a small set of apps Detections Lack of an in- depth and scalable method Alerting exported components Mitigations Enforcing strict permission delegation policy Data leakage prevention

8 CHEX -- Component Hijacking Examiner CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 8 8 Deep inspection Generic coverage Accurate Static analysis No de-compilation Fast No source code required No human assistance App market model Goal : Vetting large volumes of apps for component hijacking vulnerabilities CHEX

9 Analysis approach  A data-flow perspective  Component hijacking  read/write protected or private data via exported components  Detecting component hijacking  finding “hijack-enabling flows” CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 9 9 App Android Framework Private Protected

10 Challenges CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 10 Lack of generic analysis tools for Dalvik bytecode Multiple entry points Event-based model Dealing with Android apps’ programming paradigm Asynchronous execution Inter-component data flows Data flow analysis on Android apps can be expensive

11 Dalysis: Dalvik Analysis Framework  Consumes off-the-shelf Android app package (.apk)  Generates SSA IR (adopted from WALA)  Supports extensible backend for multiple types analysis tasks CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 11 Class hierarchy Instructions Meta data Constants Parse manifest Disassemble bytecode (DexLib) Instruction translation Abstract interpretation SSA conversion SSA IR Frontend Backend Point-to analysis Call graph builder SDG builder …

12 Android Framework Modeling Android Framework  Design choice: model the framework  For data-flow analysis, we model  Asynchronous entry points  Framework-assisted data-flows CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 12 App System managers LibrariesRuntime Reflections Mixed languages Large codebase …

13 App entry points  Points through which control transfers to the app  Start point  Callbacks CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 13 App launch points Component lifecycle callbacks UI event handlers Asynchronou s constructs Others Definition: App entry points are the methods that are defined by the app and intended to be called only by the framework.

14 Entry point discovery Observation: only two ways to “register” entry points  Declaring them in the manifest file  Overriding/implementing the designated interfaces CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 14 Unused methods overriding framework Entry points Dead code  How to distinguish?  Containing class is instantiated  Original interface is never called by app

15 Entry point discovery CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 15 Unused methods overriding framework Entry points Unused methods overriding framework Entry points

16 App splitting  Modeling app execution by permuting split executions in all feasible orders  Why reasonable?  Most splits cannot be interleaved  Efficient pruning techniques CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 16 App Android Framework Definition: A split is a subset of the app code that is reachable from an entry point.

17 SDS and PDS Permutation Data-flow Summary (PDS)  Linking two adjacent SDSs in a feasible permutation CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 17 G1 Src1 G1 Sink1 Src1 G1 Sink1 Split Data-flow Summary (SDS)  Intra-split data-flows that start and end at heap variables, sources, or sinks. When permutation ends, all possible data-flows have been enumerated.

18 Identifying “hijack-enabling flows”  Using descriptive policies to specify flows of interests CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 18 … Sensitive Public … Input Critical … Input Sensitive Input- specified exit

19 Performance  Median processing time: 37sec  22% apps took >5min Accuracy  254/5,486 flagged as vulnerable  True positive rate: 81%  254/5,486 flagged as vulnerable  True positive rate: 81% Evaluations CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 19  5,486 apps from the official and alternative markets  Hardware spec: Intel Core i7-970 with 12GB RAM Insights  50 entry points of 44 types per app  99.7% apps contain inter-split data-flows

20 Case study CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 20 Attack Class Representative cases Data TheftSending GPS data to URL specified by input string Capability Leak Input string used as hostname for socket connection Code Injection Input string used for raw SQL query statement Input string used as shell command Intent ProxyObject embedded in input used to start Activity Data tamperingInput string submitted to server as game score

21 Conclusion Conducted large-scale experiments 254 / 5,486 apps37.02 secCase studies Designed and implemented CHEX Identifying hijack- enabling flows Suited for large volume app vetting Overcoming analysis challenges of apps Studied component hijacking vulnerabilities Defined from a data flow perspectiveGeneralizing similar attacks CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 21

22 False positives  Sophisticated request validations  Infeasible split permutations False negatives  Control-flow driven hijacks Discussions CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities 22

Download ppt "Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee and Guofei Jiang CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability."

Similar presentations

Syracuse University, New York, USA

Syracuse University, New York, USA
Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin,

Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin,
2014 Network and Distributed System Security Symposium AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijecking.

2014 Network and Distributed System Security Symposium AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijecking.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability Chao Shi CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities.

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability Chao Shi CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities.
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.

Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.

Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Program Representations. Representing programs Goals.

Program Representations. Representing programs Goals.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
CIM2564 Introduction to Development Frameworks 1 Overview of a Development Framework Topic 1.

CIM2564 Introduction to Development Frameworks 1 Overview of a Development Framework Topic 1.
Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.

Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.
1 Static Testing: defect prevention SIM3302. 2 objectives Able to list various type of structured group examinations (manual checking) Able to statically.

1 Static Testing: defect prevention SIM objectives Able to list various type of structured group examinations (manual checking) Able to statically.
The Procedure Abstraction Part I: Basics Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved. Students enrolled in Comp 412.

The Procedure Abstraction Part I: Basics Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved. Students enrolled in Comp 412.
1 Software Testing and Quality Assurance Lecture 30 – Testing Systems.

1 Software Testing and Quality Assurance Lecture 30 – Testing Systems.
Recap from last time: live variables x := 5 y := x + 2 x := x + 1 y := x + 10... y...

Recap from last time: live variables x := 5 y := x + 2 x := x + 1 y := x y...
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.

Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.
ANDROID PROGRAMMING MODULE 1 – GETTING STARTED

ANDROID PROGRAMMING MODULE 1 – GETTING STARTED
Chien-Chung Shen cshen@udel.edu Manifest and Activity Chien-Chung Shen cshen@udel.edu.

Chien-Chung Shen Manifest and Activity Chien-Chung Shen
Impact Analysis of Database Schema Changes Andy Maule, Wolfgang Emmerich and David S. Rosenblum London Software Systems Dept. of Computer Science, University.

Impact Analysis of Database Schema Changes Andy Maule, Wolfgang Emmerich and David S. Rosenblum London Software Systems Dept. of Computer Science, University.

Similar presentations

Ads by Google