Analyzing Security Property of Android Application Implementation Using Formal Method

As mobile phones are becoming a main approach for people to use to access Internet, security is a major concern when people are using their mobile phones. Different from the Web browser which has mature isolation mechanisms to protect users' information such as cookies and credentials, Android app developers have to implement the isolation mechanism such as the Single Origin Policy (SOP) themselves. During the implementation process, it is highly likely that there is vulnerability in the implementation. Therefore, it is necessary to perform analysis to the implementation before it is released to market. As part of an ongoing Ph.D. research project, this dissertation inspects two scenarios. The first scenario is an app which provides Single Sign-on (SSO) service using Facebook SDK. The author builds formal models from the captured network traffic of the app and uses a verifier Proverif to check against the defined properties of the formal models. After the analysis, one vulnerability is discovered which violates SOP. As for the second scenario, it is an initial analysis of information flow leak in Android apps.

[1]  Li Li,et al.  All Your Sessions Are Belong to Us: Investigating Authenticator Leakage through Backup Channels on Android , 2015, 2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS).

[2]  Jun Sun,et al.  AUTHSCAN: Automatic Extraction of Web Authentication Protocols from Implementations , 2013, NDSS.

[3]  Eric Rescorla,et al.  HTTP Over TLS , 2000, RFC.

[4]  XiaoFeng Wang,et al.  Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services , 2012, 2012 IEEE Symposium on Security and Privacy.

[5]  Zhemin Yang,et al.  LeakMiner: Detect Information Leakage on Android with Static Taint Analysis , 2012, 2012 Third World Congress on Software Engineering.

[6]  Christopher Krügel,et al.  EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework , 2015, NDSS.

[7]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[8]  Sam Malek,et al.  Detection of Design Flaws in the Android Permission Protocol Through Bounded Verification , 2015, FM.

[9]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[10]  Yuan Tian,et al.  OAuth Demystified for Mobile Application Developers , 2014, CCS.

[11]  Adam Barth,et al.  The Web Origin Concept , 2011, RFC.

[12]  Farnam Jahanian,et al.  When mobile is harder than fixed (and vice versa): demystifying security challenges in mobile environments , 2010, HotMobile '10.

[13]  Jeff H. Perkins,et al.  Information Flow Analysis of Android Applications in DroidSafe , 2015, NDSS.

[14]  Yuri Gurevich,et al.  Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization , 2013, USENIX Security Symposium.

[15]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .