AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection

Aafer, Yousra; Huang, Jianjun; Sun, Yinlong; Zhang, Xiangyu; Li, Ninghui; Tian, Chen

doi:10.14722/ndss.2018.23121

Cited by 21 publications

(41 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This hardcoded logic includes variants of the checkPermission method, Unix Identiier (UID) checks, as well as many subtle checks based on service-speciic state. Prior work [2,38] has primarily relied on manual enumeration of these checks, which is error prone. To simplify discussion in this paper, we refer to such methods that return or check Android system state as context queries.…”

Section: Background and Motivationmentioning

confidence: 99%

“…This example is particularly apropos to ACMiner, because hasU-serRestriction does not call any of the context queries considered by prior work [2,38]. It also does not throw a SecurityException.…”

Section: Background and Motivationmentioning

confidence: 99%

“…The intuition is that system developers are not malicious and that they are likely to get most of the checks correct. The approach was irst applied to security hook placement in the Linux kernel [12,29,41] and more recently the Android platform [2,38].…”

Section: Overviewmentioning

confidence: 99%

“…• Consistency: The granularity and type of consistency impacts the precision and utility of the analysis. While increasing the scope of relevant authorization checks increases the noise in the analysis, not considering all authorization checks (as in Kratos [38]) or using heuristics to determine relevancy (as in AceDroid [2]) raises the risk of not detecting vulnerabilities.…”

Section: Overviewmentioning

confidence: 99%

“…To date, only two prior works have attempted to evaluate the correctness of access control logic within Android's system services. Both Kratos [38] and AceDroid [2] approximate correctness through consistency measures, as previously done for evaluating correctness of security hooks in the Linux kernel [12,29,41]. However, these prior works have limitations.…”

mentioning

confidence: 99%

See 4 more Smart Citations

ACMiner

Gorski

Andow

Nadkarni

et al. 2019

Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

Billions of users rely on the security of the Android platform to protect phones, tablets, and many diferent types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks. ACMiner combines program and text analysis techniques to generate a rich set of authorization checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks. In doing so, we demonstrate ACMiner's ability to help domain experts process thousands of authorization checks scattered across millions of lines of code.

show abstract

Section: Background and Motivationmentioning

confidence: 99%

Section: Background and Motivationmentioning

confidence: 99%

Section: Overviewmentioning

confidence: 99%

Section: Overviewmentioning

confidence: 99%

mentioning

confidence: 99%

See 3 more Smart Citations

ACMiner

Gorski

Andow

Nadkarni

et al. 2019

Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

show abstract

Understanding Android VoIP Security: A System-Level Vulnerability Assessment

En¹,

Deng

2020

Detection of Intrusions and Malware, and Vulnerability Assessment

View full text Add to dashboard Cite

VoIP is a class of new technologies that deliver voice calls over the packet-switched networks, which surpasses the legacy circuitswitched telecom telephony. Android provides the native support of VoIP, including the recent VoLTE and VoWiFi standards. While prior works have analyzed the weaknesses of VoIP network infrastructure and the privacy concerns of third-party VoIP apps, no efforts were attempted to investigate the (in)security of Android's VoIP integration at the system level. In this paper, we first demystify Android VoIP's protocol stack and all its four attack surfaces. We then propose a novel vulnerability assessment approach that assembles on-device Intent/API fuzzing, networkside packet fuzzing, and targeted code auditing. By testing Android from version 7.0 to the recent 9.0, we have discovered 8 zero-day Android VoIP vulnerabilities, all of which were confirmed by Google with bug bounty awards. The security consequences are serious, including denying voice calls, caller ID spoofing, unauthorized call operations, and remote code execution. To mitigate these vulnerabilities and further improve Android VoIP security, we uncover a new root cause that requires developers' attention during their design and implementation.

show abstract

Finding the Missing Piece: Permission Specification Analysis for Android NDK

Zhou

Wang

et al. 2021

2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE)

View full text Add to dashboard Cite

AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection

Cited by 21 publications

References 18 publications

ACMiner

ACMiner

Understanding Android VoIP Security: A System-Level Vulnerability Assessment

Finding the Missing Piece: Permission Specification Analysis for Android NDK

Contact Info

Product

Resources

About