TeICC: targeted execution of inter-component communications in Android

Effective analysis of applications (shortly apps) is essential to understanding apps' behavior. Two analysis approaches, i.e., static and dynamic, are widely used; although, both have well known limitations. Static analysis suffers from obfuscation and dynamic code updates. Whereas, it is extremely hard for dynamic analysis to guarantee the execution of all the code paths in an app and thereby, suffers from the code coverage problem. However, from a security point of view, executing all paths in an app might be less interesting than executing certain potentially malicious paths in the app. In this work, we use a hybrid approach that combines static and dynamic analysis in an iterative manner to cover their shortcomings. We use targeted execution of interesting code paths to solve the issues of obfuscation and dynamic code updates. Our targeted execution leverages a slicing-based analysis for the generation of data-dependent slices for arbitrary methods of interest (MOI) and on execution of the extracted slices for capturing their dynamic behavior. Motivated by the fact that malicious apps use Inter Component Communications (ICC) to exchange data [19], our main contribution is the automatic targeted triggering of MOI that use ICC for passing data between components. We implement a proof of concept, TelCC, and report the results of our evaluation.

[1]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[2]  Fabio Massacci,et al.  StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications , 2015, CODASPY.

[3]  Valerio Costamagna,et al.  ARTDroid: A Virtual-Method Hooking Framework on Android ART Runtime , 2016, IMPS@ESSoS.

[4]  Eric Bodden,et al.  Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques , 2016, NDSS.

[5]  Matthew L. Dering,et al.  Composite Constant Propagation: Application to Android Inter-Component Communication Analysis , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[6]  Jacques Klein,et al.  Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis , 2013 .

[7]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[8]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[9]  Uday P. Khedker Data Flow Analysis , 2002, The Compiler Design Handbook.

[10]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[11]  Erik Derr,et al.  R-Droid: Leveraging Android App Analysis with Static Slice Optimization , 2016, AsiaCCS.

[12]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[13]  R. Nigam Covering the global threat landscape OBFUSCATION IN ANDROID MALWARE, AND HOW TO FIGHT BACK , 2014 .

[14]  Jacques Klein,et al.  Effective Inter-Component Communication Mapping in Android: An Essential Step Towards Holistic Security Analysis , 2013, USENIX Security Symposium.

[15]  Jacques Klein,et al.  Static analysis of android apps: A systematic literature review , 2017, Inf. Softw. Technol..

[16]  Thorsten Holz,et al.  Slicing droids: program slicing for smali code , 2013, SAC '13.

[17]  Jeff H. Perkins,et al.  Information Flow Analysis of Android Applications in DroidSafe , 2015, NDSS.

[18]  Ondrej Lhoták,et al.  The Soot framework for Java program analysis: a retrospective , 2011 .

[19]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[20]  Leon J. Osterweil,et al.  Data Flow Analysis in Software Reliability , 1976, CSUR.

[21]  John Cocke,et al.  A program data flow analysis procedure , 1976, CACM.

[22]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[23]  Xue Liu,et al.  Effective Real-Time Android Application Auditing , 2015, 2015 IEEE Symposium on Security and Privacy.