A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks

Rasthofer, Siegfried; Arzt, Steven; Bodden, Eric

doi:10.14722/ndss.2014.23039

Cited by 257 publications

(155 citation statements)

References 25 publications

Supporting

Mentioning

154

Contrasting

Unclassified

Order By: Relevance

“…A path may be within a single component or across multiple components. In this paper, the sources and sinks we use are provided by SUSI [38]. Listing 1 illustrates the concept of ICC leak through a concrete example.…”

Section: Icc Leaksmentioning

confidence: 99%

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

Bartel

Bissyandé³

et al. 2015

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering

Self Cite

369

356

View full text Add to dashboard Cite

Abstract-Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record user conversations and upload them remotely. To give more confidence about how Shake Them All actually processes what it records, it is necessary to build a precise analysis tool that tracks the flow of any sensitive data from its source point to any sink, especially if those are in different components.Since Android applications may leak private data carelessly or maliciously, we propose IccTA, a static taint analyzer to detect privacy leaks among components in Android applications. IccTA goes beyond state-of-the-art approaches by supporting intercomponent detection. By propagating context information among components, IccTA improves the precision of the analysis. IccTA outperforms existing tools on two benchmarks for ICC-leak detectors: DroidBench and ICC-Bench. Moreover, our approach detects 534 ICC leaks in 108 apps from MalGenome and 2,395 ICC leaks in 337 apps in a set of 15,000 Google Play apps.

show abstract

Section: Icc Leaksmentioning

confidence: 99%

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

Bartel

Bissyandé³

et al. 2015

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering

Self Cite

369

356

View full text Add to dashboard Cite

show abstract

“…Potential Active Component Leak (PACL). We define a PACL as a taint flow path starting from a source (defined as calls into resource methods returning non-constant values into the application code [23]) and ending with an exit-point. Such PCLs are referred to as "active", as the involved component is actively leaking sensitive data that it collected itself to other components (cf.…”

Section: B Pcl Typesmentioning

confidence: 99%

“…We define a PPCL as a taint flow path starting from an entry-point and ending with a sink (defined as calls into resource methods accepting at least one non-constant data value from the application code as parameter, if and only if a new value is written or an existing one is overwritten on the shared resource (e.g., GSM network) [23]). Such PCLs are referred to as "passive", as the involved component is passively leaking sensitive data collected by other components (cf.…”

Section: B Pcl Typesmentioning

confidence: 99%

“…The key idea behinds static taint analysis is to identify a path that starts from a sensitive source and ends with a sensitive sink. In this study, the sensitive source and sink we use are extracted by SUSI [23], which automatically classifies all methods in the whole Android API as source, sink or neither. In Android 4.2, SUSI yields 18,076 source methods and 8,314 sink methods.…”

Section: A Pcleaks Settingsmentioning

confidence: 99%

See 1 more Smart Citation

Potential Component Leaks in Android Apps: An Investigation into a New Feature Set for Malware Detection

Allix

et al. 2015

2015 IEEE International Conference on Software Quality, Reliability and Security

View full text Add to dashboard Cite

Abstract-We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications. We show that PCLs are common in Android apps and that malicious applications indeed manipulate significantly more PCLs than benign apps. Then, we evaluate a machine learning-based approach relying on PCLs. Experimental validations show high performance for identifying malware, demonstrating that PCLs can be used for discriminating malicious apps from benign apps.

show abstract

“…Initially, we tested SuSi, a tool that automatically identifies sink and source methods in the Android API [24]. The automatically identified sources and sinks were incomplete.…”

Section: Identifying and Classifying Sources And Sinksmentioning

confidence: 99%

Information-Flow Analysis of Android Applications in DroidSafe

Gordon

Kim

Perkins

et al. 2015

Proceedings 2015 Network and Distributed System Security Symposium

320

202

View full text Add to dashboard Cite

Abstract-We present DroidSafe, a static information flow analysis tool that reports potential leaks of sensitive information in Android applications. DroidSafe combines a comprehensive, accurate, and precise model of the Android runtime with static analysis design decisions that enable the DroidSafe analyses to scale to analyze this model. This combination is enabled by accurate analysis stubs, a technique that enables the effective analysis of code whose complete semantics lies outside the scope of Java, and by a combination of analyses that together can statically resolve communication targets identified by dynamically constructed values such as strings and class designators.Our experimental results demonstrate that 1) DroidSafe achieves unprecedented precision and accuracy for Android information flow analysis (as measured on a standard previously published set of benchmark applications) and 2) DroidSafe detects all malicious information flow leaks inserted into 24 real-world Android applications by three independent, hostile Red-Team organizations. The previous state-of-the art analysis, in contrast, detects less than 10% of these malicious flows.

show abstract

A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks

Cited by 257 publications

References 25 publications

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

Potential Component Leaks in Android Apps: An Investigation into a New Feature Set for Malware Detection

Information-Flow Analysis of Android Applications in DroidSafe

Contact Info

Product

Resources

About