Protection against Code Obfuscation Attacks based on control dependencies in Android Systems

International audienceIn Android systems, an attacker can obfuscate an application code to leak sensitive information. TaintDroid is an information flow tracking system that protects private data in smartphones. But, TainDroid cannot detect control flows. Thus, it can be circumvented by an obfuscated code attack based on control dependencies. In this paper, we present a collection of obfuscated code attacks on TaintDroid system. We propose a technical solution based on a hybrid approach that combines static and dynamic analysis. We formally specify our solution based on two propagation rules. Finally, we evaluate our approach and show that we can avoid the obfuscated code attacks based on control dependencies by using these propagation rules

Detection of illegal control flow in Android System: Protecting private data used by Smartphone Apps

International audienceToday, security is a requirement for smartphone operating systems that are used to store and handle sensitive information. How- ever, smartphone users usually download third-party applications that can leak personal data without user authorization. For this reason, the dynamic taint analysis mechanism is used to control the manipulation of private data by third-party apps [9]. But this technique does not detect control flows. In particular, untrusted applications can circumvent An- droid system and get privacy sensitive information through control flows. In this paper, we propose a hybrid approach that combines static and dynamic analysis to propagate taint along control dependencies in An- droid system. To evaluate the effectiveness of our approach, we analyse 27 free Android applications. We found that 14 of these applications use control flows to transfer sensitive data. We successfully detect that 8 of them leaked private information. Our approach creates 19% performance overhead that is due to the propagation of taint in the control flow. By using our approach, it becomes possible to detect leakage of personal data through control flows

Analyse hybride du code pour détecter les violations de la confidentialité dans le système android

Security in embedded systems such as smartphones requires protection of private data manipulated by third-party applications. These applications can provoke the leakage of private information without user authorization. Many security mechanisms use dynamic taint analysis techniques for tracking information flow and protecting sensitive data in the smartphone system. But these techniques cannot detect control flows that use conditionals to implicitly transfer information from objects to other objects. This can cause an under tainting problem i.e. that some values should be marked as tainted, but are not. The under-tainting problem can be the cause of a failure to detect a leakage of sensitive information. In particular, malicious applications can bypass Android system and get privacy sensitive information through control flows. In this thesis, we provide a security mechanism to control the manipulation of private data by third-party apps that exploit control flows to leak sensitive information. We aim at overcoming the limitations of the existing approaches based on dynamic taint analysis. We propose an enhancement of dynamic taint analysis that propagates taint along control dependencies in the Android system embedded on smartphones. We use a hybrid approach that combines and benefits from the advantages of static and dynamic analyses to track control flows. We formally specify the under-tainting problem and we provide an algorithm to solve it based on a set of formally defined rules describing the taint propagation. We prove the completeness of these rules and the correctness and completeness of the algorithm. Our proposed approach can resist to code obfuscation attacks based on control dependencies that exploit taint propagation to leak sensitive information in the Android system. To detect these obfuscated code attacks, we use the defined propagation rules. Our approach is implemented and tested on the Android system embedded on smartphones. By using this new approach, it becomes possible to protect sensitive information and detect control flow attacks without reporting too many false positives.La sécurité dans les systèmes embarqués tels que les smartphones exige une protection des données privées manipulées par les applications tierces. Ces applications peuvent provoquer la fuite des informations confidentielles sans l¿autorisation de l¿utilisateur. Certains mécanismes utilisent des techniques d¿analyse dynamique basées sur le ¿data tainting¿ pour suivre les flux d¿informations et pour protéger les données sensibles dans les smartphones. Mais ces techniques ne propagent pas la teinte à travers les flux de contrôles qui utilisent des instructions conditionnelles pour transférer implicitement les informations. Cela peut provoquer un problème d¿under tainting : le processus de teintage tel que défini engendre des faux négatifs. En particulier, les applications malveillantes peuvent contourner le système Android et obtenir des informations sensibles à travers les flux de contrôle en exploitant le problème d¿under tainting. Dans cette thèse, nous fournissons un mécanisme de sécurité pour contrôler la manipulation des données privées par les applications tierces qui exploitent les flux de contrôle pour obtenir des informations sensibles. Nous visons à surmonter les limitations des approches existantes basées sur l¿analyse dynamique. Nous proposons une amélioration de l¿analyse dynamique qui propage la teinte tout au long des dépendances de contrôle dans les systèmes Android embarqués sur les smartphones. Nous utilisons une approche hybride qui combine et bénéficie des avantages de l¿analyse statique et de l¿analyse dynamique pour suivre les flux de contrôle. Nous spécifions formellement le problème d¿under tainting et nous fournissons un algorithme pour le résoudre reposant sur un ensemble de règles formellement définies qui décrivent la propagation de la teinte. Nous prouvons la complétude de ces règles ainsi que celle de l¿algorithme. Notre approche proposée résiste aux attaques d¿obfuscation de code reposant sur les dépendances de contrôle qui exploitent la propagation de la teinte pour obtenir des informations sensibles dans le système Android. Notre approche est implémentée et testée dans le système Android embarqué sur les smartphones. Grâce à cette nouvelle approche, il est possible de protéger les informations sensibles et de détecter les attaques de flux de contrôle sans engendrer trop de faux positifs

Détection de flux de contrôle illégaux dans les Smartphones

National audienceLa sécurité dans les systèmes embarqués tels que les smartphones exige une protection des données privées manipulées par les applications tierces. Certains mécanismes utilisent des techniques d’analyse dynamique basées sur le « data-tainting » pour suivre les flux d’informationsdans le programme. Mais ces techniques ne peuvent pas détecter les flux de contrôles qui utilisent des instructions conditionnelles pour transférer implicitement les informations. En particulier, les applications malveillantes peuvent contourner le système Android et obtenir des informations sensibles à travers les flux de contrôles. Nous proposons une amélioration de l’analyse dynamique qui propage la teinte tout au long des dépendances de contrôles en utilisant les données fournies par l’analyse statique dans les systèmes Android. Notre approche réussit à détecter des attaques de contrôle de flux sur les smartphones

Formal Characterization of Illegal Control Flow in Android System

International audienceThe dynamic taint analysis mechanism is used to protect sensitive data in the Android system. But this technique does not detect control flows which can cause an under-tainting problem. This means that some values should be marked as tainted, but are not. The under-tainting problem can be the cause of a failure to detect a leak of sensitive information. To solve this problem, we use a set of formally defined rules that describes the taint propagation. We prove the completeness of these rules. Also, we provide a correct and complete algorithm based on these rules to solve the under-tainting problem

Tracking explicit and control flows in Java and native Android apps code,

International audienceThe native app development is increased in Android systems to implement CPU-intensive applications suchas game engines, signal processing, and physics simulation. However, native code analysis is very difficultand requires a lot of time which explains the limited number of systems that track information flow in nativelibraries. But, none of them detects the sensitive information leakage through control flows at native level. Inthis paper, we combine dynamic and static taint analysis to propagate taint along control dependencies. Ourapproach has proven to be effective in analyzing several malicious Android applications that invoke nativelibrairies with reasonable performance overheads

Preventing Permissions Security Issues in Android: a Developer's Perspective

International audiencePermissions related attacks are a widespread security issue in Android environment. Due to the misuse of the privileges, attackers steal the user rights and perform malicious actions. Most existing defence solutions are specified from endusers perspectives e.g. building anti-malwares and changing system configurations. In this paper we take the developers perspective because security should be a software design issue. We review existing approaches, we underline their limits and present our main contributions. The goal is to assist developers to prevent permissions related security flaws and to set permissions more effectively and accurately

Assisting Developers in Preventing Permissions Related Issues in Android Applications

International audienc