Modeling and Enhancing Android's Permission System

Fragkaki, Elli; Bauer, Lujo; Jia, Limin; Swasey, David

doi:10.21236/ada579929

Cited by 19 publications

(6 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similarly, prior work has also focused on benign but vulnerable Android applications, and proposed techniques to detect or fix vulnerabilities such as cryptographic API misuse API [30,34,35,97] or unprotected application interfaces [16,37,57]. Moreover, these techniques have often been deployed as modifications to Android's permission enforcement [12,13,17,26,32,33,37,40,45,77,83,85,93,96,112], SDK tools [7,36,104], or inline reference monitors [9,10,18,52,105]. While this paper demonstrates the evaluation of only a small subset of these tools with SE, our experiments demonstrate that SE has the potential to impact nearly all of them.…”

Section: Related Workmentioning

confidence: 99%

Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques

Ami

Kafle

Moran

et al. 2021

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

Mobile application security has been a major area of focus for security research over the course of the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However, existing tools, and specifically, static analysis tools, trade soundness of the analysis for precision and performance and are hence sound y . Unfortunately, the specific unsound choices or flaws in the design of these tools is often not known or well documented, leading to misplaced confidence among researchers, developers, and users. This article describes the Mutation-Based Soundness Evaluation (μSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix flaws, by leveraging the well-founded practice of mutation analysis. We implemented μSE and applied it to a set of prominent Android static analysis tools that detect private data leaks in apps. In a study conducted previously, we used μSE to discover 13 previously undocumented flaws in FlowDroid, one of the most prominent data leak detectors for Android apps. Moreover, we discovered that flaws also propagated to other tools that build upon the design or implementation of FlowDroid or its components. This article substantially extends our μSE framework and offers a new in-depth analysis of two more major tools in our 2020 study; we find 12 new, undocumented flaws and demonstrate that all 25 flaws are found in more than one tool, regardless of any inheritance-relation among the tools. Our results motivate the need for systematic discovery and documentation of unsound choices in soundy tools and demonstrate the opportunities in leveraging mutation testing in achieving this goal.

show abstract

Section: Related Workmentioning

confidence: 99%

Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques

Ami

Kafle

Moran

et al. 2021

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

show abstract

“…Privilege escalation attacks have been extensively studied in the context of Android applications, starting with [12,29]. Fragkaki et al formalized protection against privilege escalation in Android applications as a noninterference property, which is then enforced by a dynamic reference monitor [14]. Bugliesi et al presented a stronger security notion and discussed a static type system for Android applications, which provably enforces protection against privilege escalation [8].…”

Section: Contributionsmentioning

confidence: 99%

Fine-Grained Detection of Privilege Escalation Attacks on Browser Extensions

Calzavara

Bugliesi

Crafa

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Even though their architecture relies on robust security principles, it is well-known that poor programming practices may expose browser extensions to serious security flaws, leading to privilege escalations by untrusted web pages or compromised extension components. We propose a formal security analysis of browser extensions in terms of a finegrained characterization of the privileges that an active opponent may escalate through the message passing interface and we discuss to which extent current programming practices take this threat into account. Our theory builds on a formal language that embodies the essential features of JavaScript, together with few additional constructs dealing with the security aspects specific to the browser extension architecture. We then present a flow logic specification estimating the safety of browser extensions modelled in our language against the threats of privilege escalation and we prove its soundness. Finally, we show the feasibility of our approach by means of Chen, a prototype static analyser for Google Chrome extensions based on our flow logic specification.

show abstract

“…Our approach has been implemented and a working prototype, called Safe Component Provider (SCP), is publicly available 11 . The prototype includes two elements: SCPcore and SCPlib.…”

Section: A Prototypementioning

confidence: 99%

“…In [12], authors propose a set of fine-grained permissions 14 www.smartcampuslab.it and present RefineDroid, a tool that automatically infers them from apps by means of static analysis techniques. Also the authors of [11] propose a refinement of the existing Android permissions. In particular, they focus on a subset of critical permissions and analyse the most common pattern involving them.…”

Section: Related Workmentioning

confidence: 99%

Android Permissions Unleashed

Armando

Carbone

Costa

et al. 2015

2015 IEEE 28th Computer Security Foundations Symposium

View full text Add to dashboard Cite

The Android Security Framework controls the executions of applications through permissions which are statically granted by the user during installation. However, the definition of security policies over permissions is not supported. Security policies must be therefore manually encoded into the application by the developer, which is a dangerous practice and may cause security breaches. We propose an improvement over the Android permission system that supports the specification and enforcement of fine-grained security policies. Enforcement is achieved by reducing policy decision problems to propositional satisfiability and leveraging a state-of-the-art SAT solver. Unlike alternative proposals, our approach does not require changes in the operating system and, therefore, it can be readily deployed in any commercial device

show abstract

Modeling and Enhancing Android's Permission System

Cited by 19 publications

References 10 publications

Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques

Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques

Fine-Grained Detection of Privilege Escalation Attacks on Browser Extensions

Android Permissions Unleashed

Contact Info

Product

Resources

About