Combining Static and Dynamic Permission Analysis for Android

As the world becomes increasingly reliant on mobile technologies, so has the importance of research in the area of mobile security in order to protect users and their data. My research is focused on the Android permissions-based security model and enhancing the effectiveness of Android application permission analysis. Android provides a permission-based security model in which access to privileged system resources is protected through security mechanisms known as Permissions. By default, an Android application does not have any privileges, but applications can request additional privileges through the use of these permissions. I present a novel method in which an Android application can be analyzed to determine the precise set of permissions an application needs to run properly and more securely on a mobile Android device. I present the tool, ACE4Android (Access-Control Explorer for Android), a Dynamic Analysis tool which, when combined with a Static Analysis tool, will allow application end users to know what they are installing when they download an application, and will allow application developers to improve the runnability and security of their applications

Access-rights Analysis in the Presence of Subjects

Modern software development and run-time environments, such as Java and the Microsoft .NET Common Language Runtime (CLR), have adopted a declarative form of access control. Permissions are granted to code providers, and during execution, the platform verifies compatibility between the permissions required by a security-sensitive operation and those granted to the executing code. While convenient, configuring the access-control policy of a program is not easy. If a code component is not granted sufficient permissions, authorization failures may occur. Thus, security administrators tend to define overly permissive policies, which violate the Principle of Least Privilege (PLP). A considerable body of research has been devoted to building program-analysis tools for computing the optimal policy for a program. However, Java and the CLR also allow executing code under the authority of a subject (user or service), and no program-analysis solution has addressed the challenges of determining the policy of a program in the presence of subjects. This paper introduces Subject Access Rights Analysis (SARA), a novel analysis algorithm for statically computing the permissions required by subjects at run time. We have applied SARA to 348 libraries in IBM WebSphere Application Server - a commercial enterprise application server written in Java that consists of >2 million lines of code and is required to support the Java permission- and subject-based security model. SARA detected 263 PLP violations, 219 cases of policies with missing permissions, and 29 bugs that led code to be unnecessarily executed under the authority of a subject. SARA corrected all these vulnerabilities automatically, and additionally synthesized fresh policies for all the libraries, with a false-positive rate of 5% and an average running time of 103 seconds per library. SARA also implements mechanisms for mitigating the risk of false negatives due to reflection and native code; according to a thorough result evaluation based on testing, no false negative was detected. SARA enabled IBM WebSphere Application Server to receive the Common Criteria for Information Technology Security Evaluation Assurance Level 4 certification

Role-Based access control consistency validation

Modern enterprise systems support Role-Based Access Con-trol (RBAC). Although RBAC allows restricting access to privileged operations, a deployer may actually intend to re-strict access to privileged data. This paper presents a theo-retical foundation for correlating an operation-based RBAC policy with a data-based RBAC policy. Relying on a location-consistency property, this paper shows how to infer whether an operation-based RBAC policy is equivalent to any data-based RBAC policy. We have built a static analysis tool for Java Platform, Enterprise Edition (Java EE) called Static Analysis for Validation of Enterprise Security (SAVES). Re-lying on interprocedural pointer analysis and dataflow anal-ysis, SAVES analyzes Java EE bytecode to determine if the associated RBAC policy is location consistent, and report