Information-Flow Analysis of Android Applications in DroidSafe

Gordon, Michael I.; Kim, Deokhwan; Perkins, Jeff; Gilham, Limei; Nguyen, Nguyen; Rinard, Martin

doi:10.14722/ndss.2015.23089

Cited by 333 publications

(209 citation statements)

References 32 publications

Supporting

Mentioning

202

Contrasting

Unclassified

Order By: Relevance

“…For instance, FlowDroid [5] performs "context-, flow-, field-, object-sensitive and lifecycleaware static taint analysis for Android apps" to detect intracomponent sensitive data flows. Several other works have been presented to detect inter-component information flows [13], [14], [16], [25]. For example, IccTA [16] leverages FlowDroid to perform inter-component static taint analysis through instrumenting Android apps, reducing an inter-component problem to an intra-component problems.…”

Section: Related Workmentioning

confidence: 99%

Potential Component Leaks in Android Apps: An Investigation into a New Feature Set for Malware Detection

Allix

et al. 2015

2015 IEEE International Conference on Software Quality, Reliability and Security

View full text Add to dashboard Cite

Abstract-We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications. We show that PCLs are common in Android apps and that malicious applications indeed manipulate significantly more PCLs than benign apps. Then, we evaluate a machine learning-based approach relying on PCLs. Experimental validations show high performance for identifying malware, demonstrating that PCLs can be used for discriminating malicious apps from benign apps.

show abstract

Section: Related Workmentioning

confidence: 99%

Potential Component Leaks in Android Apps: An Investigation into a New Feature Set for Malware Detection

Allix

et al. 2015

2015 IEEE International Conference on Software Quality, Reliability and Security

View full text Add to dashboard Cite

show abstract

“…Many previous efforts were made to pursue in-depth analysis of application behaviors. Ded [22], DroidSIFT [41], CHEX [28], PEG [18], FlowDroid [15], DroidSafe [24] and AppAudit [38] practiced static dataflow analysis to identify specific code (e.g. malicious code or heavy computation code [20]) in Android apps.…”

Section: Question Set 4: Android Unpackersmentioning

confidence: 99%

Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation

Duan

Zhang

Bhaskar

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-The prevalent usage of runtime packers has complicated Android malware analysis, as both legitimate and malicious apps are leveraging packing mechanisms to protect themselves against reverse engineer. Although recent efforts have been made to analyze particular packing techniques, little has been done to study the unique characteristics of Android packers. In this paper, we report the first systematic study on mainstream Android packers, in an attempt to understand their security implications. For this purpose, we developed DROIDUNPACK, a whole-system emulation based Android packing analysis framework, which compared with existing tools, relies on intrinsic characteristics of Android runtime (rather than heuristics), and further enables virtual machine inspection to precisely recover hidden code and reveal packing behaviors. Running our tool on 6 major commercial packers, 93,910 Android malware samples and 3 existing state-of-the-art unpackers, we found that not only are commercial packing services abused to encrypt malicious or plagiarized contents, they themselves also introduce securitycritical vulnerabilities to the apps being packed. Our study further reveals the prevalence and rapid evolution of custom packers used by malware authors, which cannot be defended against using existing techniques, due to their design weaknesses.

show abstract

“…DroidSafe [29] provides a static information flow analysis framework. It analyzes an information flow that has the potential to include sensitive data.…”

Section: Related Workmentioning

confidence: 99%

Design of Function for Tracing Diffusion of Classified Information for IPC on KVM

Fujii

Sato

Yamauchi

et al. 2016

Journal of Information Processing

View full text Add to dashboard Cite

Abstract:The leaking of information has increased in recent years. To address this problem, we previously proposed a function for tracing the diffusion of classified information in a guest OS using a virtual machine monitor (VMM). This function makes it possible to grasp the location of classified information and detect information leakage without modifying the source codes of the guest OS. The diffusion of classified information is caused by a file operation, child process creation, and inter-process communication (IPC). In a previous study, we implemented the proposed function for a file operation and child process creation excluding IPC using a kernel-based virtual machine (KVM). In this paper, we describe the design of the proposed function for IPC on a KVM without modifying the guest OS. The proposed function traces the local and remote IPCs inside the guest OS from the outside so as to trace the information diffusion. Because IPC with an outside computer might cause information leakage, tracing the IPCs enables the detection of such a leakage. We also report the evaluation results including the traceability and performance of the proposed function.

show abstract

Information-Flow Analysis of Android Applications in DroidSafe

Cited by 333 publications

References 32 publications

Potential Component Leaks in Android Apps: An Investigation into a New Feature Set for Malware Detection

Potential Component Leaks in Android Apps: An Investigation into a New Feature Set for Malware Detection

Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation

Design of Function for Tracing Diffusion of Classified Information for IPC on KVM

Contact Info

Product

Resources

About