Long lu zhichun li zhenyu wu wenke lee and guofei jiang
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

Long Lu, Zhichun Li , Zhenyu Wu , Wenke Lee and Guofei Jiang PowerPoint PPT Presentation


  • 88 Views
  • Uploaded on
  • Presentation posted in: General

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability. Long Lu, Zhichun Li , Zhenyu Wu , Wenke Lee and Guofei Jiang. V etting vulnerable apps in large scale. Accurate and scalable app vetting methods. Component hijacking vulnerability.

Download Presentation

Long Lu, Zhichun Li , Zhenyu Wu , Wenke Lee and Guofei Jiang

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Long lu zhichun li zhenyu wu wenke lee and guofei jiang

CHEX:

Statically Vetting Android Apps for

Component Hijacking Vulnerability

Long Lu, Zhichun Li, Zhenyu Wu, WenkeLee and Guofei Jiang


V etting vulnerable apps in large scale

Vetting vulnerable apps in large scale

Accurate and scalable app vetting methods

Component hijacking vulnerability

High volume of app submissions

Inexperienced developers

Large number of vulnerable apps

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Components in android apps

Components in Android apps

App1

App2

Android Framework

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


What can go wrong

What can go wrong?

Unauthorized access to protected resources

Contact Manager App

  • Enumerator

  • Service

Android Framework

Contacts

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


What can go wrong1

What can go wrong?

Unauthorized access to private resources

Contact Manager App

Private

Storage

Android Framework

  • Setting Update

  • Receiver

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Component hijacking attacks

Component hijacking attacks

A class of attacks that seek to

gain unauthorized access to protected or private resources

through exported components in vulnerable apps.

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Similar attacks and countermeasures

Similar attacks and countermeasures

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Chex component hijacking examiner

CHEX -- Component Hijacking Examiner

Goal: Vetting large volumes of apps for component hijacking vulnerabilities

CHEX

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Analysis approach

Analysis approach

App

Private

Android Framework

Protected

  • A data-flow perspective

    • Component hijacking 

      read/write protected or private data via exported components

    • Detecting component hijacking  finding “hijack-enabling flows”

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Challenges

Challenges

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Dalysis dalvik analysis framework

Dalysis: Dalvik Analysis Framework

Meta data

Parse

manifest

Point-to analysis

Constants

Instruction translation

Abstract interpretation

SSA conversion

Call graph builder

Disassemble

bytecode

(DexLib)

SSA IR

Class

hierarchy

SDG builder

Instructions

Backend

Frontend

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities

Consumes off-the-shelf Android app package (.apk)

Generates SSA IR (adopted from WALA)

Supports extensible backend for multiple types analysis tasks


Modeling android framework

Modeling Android Framework

App

Android Framework

System managers

Reflections

Mixed languages

Large codebase

Libraries

Runtime

  • Design choice: model the framework

  • For data-flow analysis, we model

    • Asynchronous entry points

    • Framework-assisted data-flows

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


App entry points

App entry points

Definition: App entry points are the methods that are defined by the app and intended to be called only by the framework.

  • Points through which control transfers to the app

    • Start point

    • Callbacks

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Entry point discovery

Entry point discovery

Unused methods overriding framework

Dead code

Entry points

  • How to distinguish?

    • Containing class is instantiated

    • Original interface is never called by app

Observation: only two ways to “register” entry points

  • Declaring them in the manifest file

  • Overriding/implementing the designated interfaces

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Entry point discovery1

Entry point discovery

Unused methodsoverriding framework

Entry points

Unused methodsoverriding framework

Entry points

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


App splitting

App splitting

Definition:

A split is a subset of the app code that is reachable from an entry point.

App

Android Framework

  • Modeling app execution by permuting split executions in all feasible orders

  • Why reasonable?

    • Most splits cannot be interleaved

    • Efficient pruning techniques

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Sds and pds

SDS and PDS

G1

Src1

  • Split Data-flow Summary (SDS)

    • Intra-split data-flows that start and end at

      • heapvariables, sources, or sinks.

Sink1

G1

Src1

G1

When permutation ends, all possible data-flows have been enumerated.

Sink1

Permutation Data-flow Summary (PDS)

  • Linking two adjacent SDSs in a feasible permutation

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Identifying hijack enabling flows

Identifying “hijack-enabling flows”

Input

Sensitive

Input

Sensitive

Input-specified

exit

Public

Critical

Using descriptive policies to specify flows of interests

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Evaluations

Evaluations

  • 5,486 apps from the official and alternative markets

  • Hardware spec: Intel Core i7-970 with 12GB RAM

Performance

Accuracy

254/5,486 flagged as vulnerable

True positive rate: 81%

  • Median processing time: 37sec

  • 22% apps took >5min

Insights

  • 50 entry points of 44 types per app

  • 99.7% apps contain inter-split data-flows

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Case study

Case study

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


Conclusion

Conclusion

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities


  • Login