10,579 research outputs found
ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware
Billions of users rely on the security of the Android platform to protect
phones, tablets, and many different types of consumer electronics. While
Android's permission model is well studied, the enforcement of the protection
policy has received relatively little attention. Much of this enforcement is
spread across system services, taking the form of hard-coded checks within
their implementations. In this paper, we propose Authorization Check Miner
(ACMiner), a framework for evaluating the correctness of Android's access
control enforcement through consistency analysis of authorization checks.
ACMiner combines program and text analysis techniques to generate a rich set of
authorization checks, mines the corresponding protection policy for each
service entry point, and uses association rule mining at a service granularity
to identify inconsistencies that may correspond to vulnerabilities. We used
ACMiner to study the AOSP version of Android 7.1.1 to identify 28
vulnerabilities relating to missing authorization checks. In doing so, we
demonstrate ACMiner's ability to help domain experts process thousands of
authorization checks scattered across millions of lines of code
Set-Based Pre-Processing for Points-To Analysis
We present set-based pre-analysis: a virtually universal op-
timization technique for flow-insensitive points-to analysis.
Points-to analysis computes a static abstraction of how ob-
ject values flow through a program’s variables. Set-based
pre-analysis relies on the observation that much of this rea-
soning can take place at the set level rather than the value
level. Computing constraints at the set level results in sig-
nificant optimization opportunities: we can rewrite the in-
put program into a simplified form with the same essential
points-to properties. This rewrite results in removing both
local variables and instructions, thus simplifying the sub-
sequent value-based points-to computation. E
ectively, set-
based pre-analysis puts the program in a normal form opti-
mized for points-to analysis.
Compared to other techniques for o
-line optimization of
points-to analyses in the literature, the new elements of our
approach are the ability to eliminate statements, and not just
variables, as well as its modularity: set-based pre-analysis
can be performed on the input just once, e.g., allowing the
pre-optimization of libraries that are subsequently reused
many times and for di
erent analyses. In experiments with
Java programs, set-based pre-analysis eliminates 30% of the
program’s local variables and 30% or more of computed
context-sensitive points-to facts, over a wide set of bench-
marks and analyses, resulting in a
20% average speedup
(max: 110%, median: 18%)
Impact assessment for vulnerabilities in open-source software libraries
Software applications integrate more and more open-source software (OSS) to
benefit from code reuse. As a drawback, each vulnerability discovered in
bundled OSS potentially affects the application. Upon the disclosure of every
new vulnerability, the application vendor has to decide whether it is
exploitable in his particular usage context, hence, whether users require an
urgent application patch containing a non-vulnerable version of the OSS.
Current decision making is mostly based on high-level vulnerability
descriptions and expert knowledge, thus, effort intense and error prone. This
paper proposes a pragmatic approach to facilitate the impact assessment,
describes a proof-of-concept for Java, and examines one example vulnerability
as case study. The approach is independent from specific kinds of
vulnerabilities or programming languages and can deliver immediate results
AndroShield:automated Android applications vulnerability detection, a hybrid static and dynamic analysis approach
The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution
Sound Static Deadlock Analysis for C/Pthreads (Extended Version)
We present a static deadlock analysis approach for C/pthreads. The design of
our method has been guided by the requirement to analyse real-world code. Our
approach is sound (i.e., misses no deadlocks) for programs that have defined
behaviour according to the C standard, and precise enough to prove
deadlock-freedom for a large number of programs. The method consists of a
pipeline of several analyses that build on a new context- and thread-sensitive
abstract interpretation framework. We further present a lightweight dependency
analysis to identify statements relevant to deadlock analysis and thus speed up
the overall analysis. In our experimental evaluation, we succeeded to prove
deadlock-freedom for 262 programs from the Debian GNU/Linux distribution with
in total 2.6 MLOC in less than 11 hours
- …