IIFA: Modular Inter-app Intent Information Flow Analysis of Android Applications

Android apps cooperate through message passing via intents. However, when apps do not have identical sets of privileges inter-app communication (IAC) can accidentally or maliciously be misused, e.g., to leak sensitive information contrary to users expectations. Recent research considered static program analysis to detect dangerous data leaks due to inter-component communication (ICC) or IAC, but suffers from shortcomings with respect to precision, soundness, and scalability. To solve these issues we propose a novel approach for static ICC/IAC analysis. We perform a fixed-point iteration of ICC/IAC summary information to precisely resolve intent communication with more than two apps involved. We integrate these results with information flows generated by a baseline (i.e. not considering intents) information flow analysis, and resolve if sensitive data is flowing (transitively) through components/apps in order to be ultimately leaked. Our main contribution is the first fully automatic sound and precise ICC/IAC information flow analysis that is scalable for realistic apps due to modularity, avoiding combinatorial explosion: Our approach determines communicating apps using short summaries rather than inlining intent calls, which often requires simultaneously analyzing all tuples of apps. We evaluated our tool IIFA in terms of scalability, precision, and recall. Using benchmarks we establish that precision and recall of our algorithm are considerably better than prominent state-of-the-art analyses for IAC. But foremost, applied to the 90 most popular applications from the Google Playstore, IIFA demonstrated its scalability to a large corpus of real-world apps. IIFA reports 62 problematic ICC-/IAC-related information flows via two or more apps/components

MuTent: Dynamic Android Intent Protection with Ownership-Based Key Distribution and Security Contracts

Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent\u27s data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library MuTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, MuTent provides accessibility and visibility of Intent data by validating the receiver\u27s capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging MuTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that MuTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using F-Droid apps

Advanced Security Analysis for Emergent Software Platforms

Emergent software ecosystems, boomed by the advent of smartphones and the Internet of Things (IoT) platforms, are perpetually sophisticated, deployed into highly dynamic environments, and facilitating interactions across heterogeneous domains. Accordingly, assessing the security thereof is a pressing need, yet requires high levels of scalability and reliability to handle the dynamism involved in such volatile ecosystems. This dissertation seeks to enhance conventional security detection methods to cope with the emergent features of contemporary software ecosystems. In particular, it analyzes the security of Android and IoT ecosystems by developing rigorous vulnerability detection methods. A critical aspect of this work is the focus on detecting vulnerable and unsafe interactions between applications that share common components and devices. Contributions of this work include novel insights and methods for: (1) detecting vulnerable interactions between Android applications that leverage dynamic loading features for concealing the interactions; (2) identifying unsafe interactions between smart home applications by considering physical and cyber channels; (3) detecting malicious IoT applications that are developed to target numerous IoT devices; (4) detecting insecure patterns of emergent security APIs that are reused from open-source software. In all of the four research thrusts, we present thorough security analysis and extensive evaluations based on real-world applications. Our results demonstrate that the proposed detection mechanisms can efficiently and effectively detect vulnerabilities in contemporary software platforms. Advisers: Hamid Bagheri and Qiben Ya

A Memory Usage Comparison Between Jitana and Soot

There are several factors that make analyzing Android apps to address dependability and security concerns challenging. These factors include (i) resource efficiency as analysts need to be able to analyze large code-bases to look for issues that can exist in the application code and underlying platform code; (ii) scalability as today’s cybercriminals deploy attacks that may involve many participating apps; and (iii) in many cases, security analysts often rely on dynamic or hybrid analysis techniques to detect and identify the sources of issues. The underlying principle governing the design of existing program analysis engines is the main cause that prevents them from satisfying these factors. Existing designs operate like compilers, so they only analyze one app at a time using a close-world process that leads to poor efficiency and scalability. Recently, Tsutana et al. introduced Jitana, a Virtual Class-Loader (VCL) based approach to construct program analyses based on the open-world concept. This approach is able to continuously load and analyze code. As such, this approach establishes a new way to make analysis efforts proportional to the code size and provides an infrastructure to construct complex, efficient, and scalable static, dynamic, and hybrid analysis procedures to address emerging dependability and security needs. In this thesis, we attempt to quantify the performance benefit of Jitana through the lens of memory usage. Memory is a very important system-level resource that if not expended efficiently, can result in long execution time and premature termination of a program. Existing program analysis frameworks are notorious for consuming a large amount of memory during an attempt to analyze a large software project. As such, we design an experiment to compare the memory usage between Jitana and Soot, a widely used program analysis and optimization framework for Java. Our evaluation consists of using 18 Android apps, with sizes ranging from 0.02 MB to 80.4 MB. Our empirical evaluations reveal that Jitana requires up to 81% less memory than Soot to analyze an app. At the same time, it can also analyze more components including those belonging to the application and those belonging to the Android framework. Adviser: Witawas Srisa-a

JITANA: A modern hybrid program analysis framework for android platforms

Security vetting of Android apps is often performed under tight time constraints (e.g., a few minutes). As such, vetting activities must be performed “at speed”, when an app is submitted for distribution or a device is analyzed for malware. Existing static and dynamic program analysis approaches are not feasible for use in security analysis tools because they require a much longer time to operate than security analysts can afford. There are two factors that limit the performance and efficiency of current analysis approaches. First, existing approaches analyze only one app at a time. Finding security vulnerabilities in collaborative environments such as Android, however, requires collaborating apps to be analyzed simultaneously. Thus, existing approaches are not adequate when applied in this context. Second, existing static program analysis approaches tend to operate in a “closed world” fashion; therefore, they are not easily integrated with dynamic analysis processes to efficiently produce hybrid analysis results within a given time constraint. In this work, we introduce JITANA, an efficient and scalable hybrid program analysis framework for Android. JITANA has been designed from the ground up to be used as a building block to construct efficient and scalable program analysis techniques. JITANA also operates in an open world fashion, so malicious code detected as part of dynamic analysis can be quickly analyzed and the analysis results can be seamlessly integrated with the original static analysis results. To illustrate JITANA’s capability, we used it to analyze a large collection of apps simultaneously to identify potential collaborations among apps. We have also constructed several analysis techniques on top of JITANA and we use these to perform security vetting under four realistic scenarios. The results indicate that JITANA is scalable and robust; it can effectively and efficiently analyze complex apps including Facebook, Pokémon Go, and Pandora that the state-of-the-art approach cannot handle. In addition, we constructed a visualization engine as a plugin for JITANA to provide real-time feedback on code coverage to help analysts assess their vetting efforts. Such feedback can lead analysts to hard to reach code segments that may need further analysis. Finally we illustrate the effectiveness of JITANA in detecting and analyzing dynamically loaded code. Supplementary material attached below