File Download
  Links for fulltext
     (May Require Subscription)
Supplementary

Conference Paper: WeChecker: Efficient and precise detection of privilege escalation vulnerabilities in Android apps

TitleWeChecker: Efficient and precise detection of privilege escalation vulnerabilities in Android apps
Authors
KeywordsAndroid
Privilege Escalation Attack
Taint Analysis
Control Flow
Data Flow Checking
Issue Date2015
PublisherACM.
Citation
The 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2015), New York City, NY., 22-26 June 2015. In Conference Proceedings, 2015 How to Cite?
AbstractDue to the rapid increase of Android apps and their wide usage to handle personal data, a precise and large-scaling checker is in need to validate the apps' permission flow before they are listed on the market. Several tools have been proposed to detect sensitive data leaks in Android apps. But these tools are not applicable to large-scale analysis since they fail to deal with the arbitrary execution orders of different event handlers smartly. Event handlers are invoked by the framework based on the system state, therefore we cannot pre-determine their order of execution. Besides, since all exported components can be invoked by an external app, the execution orders of these components are also arbitrary. A naive way to simulate these two types of arbitrary execution orders yields a permutation of all event handlers in an app. The time complexity is O(n!) where n is the number of event handlers in an app. This leads to a high analysis overhead when n is big. To give an illustration, CHEX [10] found 50.73 entry points of 44 unique class types in an app on average. In this paper we propose an improved static taint analysis to deal with the challenge brought by the arbitrary execution orders without sacrificing the high precision. Our analysis does not need to make permutations and achieves a polynomial time complexity. We also propose to unify the array and map access with object reference by propagating access paths to reduce the number of false positives due to field-insensitivity and over approximation of array access and map access. We implement a tool, WeChecker, to detect privilege escalation vulnerabilities [7] in Android apps. WeChecker achieves 96% precision and 96% recall in the state-of-the-art test suite DriodBench (for comparison, the precision and re- call of FlowDroid [1] are 86% and 93%, respectively). The evaluation of WeChecker on real apps shows that it is efficient (average analysis time of each app: 29.985s) and fits for large-scale checking.
Persistent Identifierhttp://hdl.handle.net/10722/216517

 

DC FieldValueLanguage
dc.contributor.authorCui, X-
dc.contributor.authorWang, J-
dc.contributor.authorHui, LCK-
dc.contributor.authorXie, Z-
dc.contributor.authorZeng, T-
dc.contributor.authorYiu, SM-
dc.date.accessioned2015-09-18T05:30:14Z-
dc.date.available2015-09-18T05:30:14Z-
dc.date.issued2015-
dc.identifier.citationThe 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2015), New York City, NY., 22-26 June 2015. In Conference Proceedings, 2015-
dc.identifier.urihttp://hdl.handle.net/10722/216517-
dc.description.abstractDue to the rapid increase of Android apps and their wide usage to handle personal data, a precise and large-scaling checker is in need to validate the apps' permission flow before they are listed on the market. Several tools have been proposed to detect sensitive data leaks in Android apps. But these tools are not applicable to large-scale analysis since they fail to deal with the arbitrary execution orders of different event handlers smartly. Event handlers are invoked by the framework based on the system state, therefore we cannot pre-determine their order of execution. Besides, since all exported components can be invoked by an external app, the execution orders of these components are also arbitrary. A naive way to simulate these two types of arbitrary execution orders yields a permutation of all event handlers in an app. The time complexity is O(n!) where n is the number of event handlers in an app. This leads to a high analysis overhead when n is big. To give an illustration, CHEX [10] found 50.73 entry points of 44 unique class types in an app on average. In this paper we propose an improved static taint analysis to deal with the challenge brought by the arbitrary execution orders without sacrificing the high precision. Our analysis does not need to make permutations and achieves a polynomial time complexity. We also propose to unify the array and map access with object reference by propagating access paths to reduce the number of false positives due to field-insensitivity and over approximation of array access and map access. We implement a tool, WeChecker, to detect privilege escalation vulnerabilities [7] in Android apps. WeChecker achieves 96% precision and 96% recall in the state-of-the-art test suite DriodBench (for comparison, the precision and re- call of FlowDroid [1] are 86% and 93%, respectively). The evaluation of WeChecker on real apps shows that it is efficient (average analysis time of each app: 29.985s) and fits for large-scale checking.-
dc.languageeng-
dc.publisherACM.-
dc.relation.ispartofProceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec '15)-
dc.subjectAndroid-
dc.subjectPrivilege Escalation Attack-
dc.subjectTaint Analysis-
dc.subjectControl Flow-
dc.subjectData Flow Checking-
dc.titleWeChecker: Efficient and precise detection of privilege escalation vulnerabilities in Android apps-
dc.typeConference_Paper-
dc.identifier.emailHui, LCK: hui@cs.hku.hk-
dc.identifier.emailYiu, SM: smyiu@cs.hku.hk-
dc.identifier.authorityHui, LCK=rp00120-
dc.identifier.authorityYiu, SM=rp00207-
dc.description.naturelink_to_OA_fulltext-
dc.identifier.doi10.1145/2766498.2766509-
dc.identifier.hkuros251336-
dc.identifier.hkuros978-1-4503-3623-9-
dc.publisher.placeUnited States-
dc.customcontrol.immutablesml 151211-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats