File Download
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1145/2766498.2766509
- Scopus: eid_2-s2.0-84962022124
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Conference Paper: WeChecker: Efficient and precise detection of privilege escalation vulnerabilities in Android apps
| Title | WeChecker: Efficient and precise detection of privilege escalation vulnerabilities in Android apps |
|---|---|
| Authors | |
| Keywords | Android Privilege Escalation Attack Taint Analysis Control Flow Data Flow Checking |
| Issue Date | 2015 |
| Publisher | ACM. |
| Citation | The 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2015), New York City, NY., 22-26 June 2015. In Conference Proceedings, 2015 How to Cite? |
| Abstract | Due to the rapid increase of Android apps and their wide usage to handle personal data, a precise and large-scaling checker is in need to validate the apps' permission flow before they are listed on the market. Several tools have been proposed to detect sensitive data leaks in Android apps. But these tools are not applicable to large-scale analysis since they fail to deal with the arbitrary execution orders of different event handlers smartly. Event handlers are invoked by the framework based on the system state, therefore we cannot pre-determine their order of execution. Besides, since all exported components can be invoked by an external app, the execution orders of these components are also arbitrary. A naive way to simulate these two types of arbitrary execution orders yields a permutation of all event handlers in an app. The time complexity is O(n!) where n is the number of event handlers in an app. This leads to a high analysis overhead when n is big. To give an illustration, CHEX [10] found 50.73 entry points of 44 unique class types in an app on average. In this paper we propose an improved static taint analysis to deal with the challenge brought by the arbitrary execution orders without sacrificing the high precision. Our analysis does not need to make permutations and achieves a polynomial time complexity. We also propose to unify the array and map access with object reference by propagating access paths to reduce the number of false positives due to field-insensitivity and over approximation of array access and map access. We implement a tool, WeChecker, to detect privilege escalation vulnerabilities [7] in Android apps. WeChecker achieves 96% precision and 96% recall in the state-of-the-art test suite DriodBench (for comparison, the precision and re- call of FlowDroid [1] are 86% and 93%, respectively). The evaluation of WeChecker on real apps shows that it is efficient (average analysis time of each app: 29.985s) and fits for large-scale checking. |
| Persistent Identifier | http://hdl.handle.net/10722/216517 |
| ISBN |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Cui, X | - |
| dc.contributor.author | Wang, J | - |
| dc.contributor.author | Hui, LCK | - |
| dc.contributor.author | Xie, Z | - |
| dc.contributor.author | Zeng, T | - |
| dc.contributor.author | Yiu, SM | - |
| dc.date.accessioned | 2015-09-18T05:30:14Z | - |
| dc.date.available | 2015-09-18T05:30:14Z | - |
| dc.date.issued | 2015 | - |
| dc.identifier.citation | The 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2015), New York City, NY., 22-26 June 2015. In Conference Proceedings, 2015 | - |
| dc.identifier.isbn | 978-1-4503-3623-9 | - |
| dc.identifier.uri | http://hdl.handle.net/10722/216517 | - |
| dc.description.abstract | Due to the rapid increase of Android apps and their wide usage to handle personal data, a precise and large-scaling checker is in need to validate the apps' permission flow before they are listed on the market. Several tools have been proposed to detect sensitive data leaks in Android apps. But these tools are not applicable to large-scale analysis since they fail to deal with the arbitrary execution orders of different event handlers smartly. Event handlers are invoked by the framework based on the system state, therefore we cannot pre-determine their order of execution. Besides, since all exported components can be invoked by an external app, the execution orders of these components are also arbitrary. A naive way to simulate these two types of arbitrary execution orders yields a permutation of all event handlers in an app. The time complexity is O(n!) where n is the number of event handlers in an app. This leads to a high analysis overhead when n is big. To give an illustration, CHEX [10] found 50.73 entry points of 44 unique class types in an app on average. In this paper we propose an improved static taint analysis to deal with the challenge brought by the arbitrary execution orders without sacrificing the high precision. Our analysis does not need to make permutations and achieves a polynomial time complexity. We also propose to unify the array and map access with object reference by propagating access paths to reduce the number of false positives due to field-insensitivity and over approximation of array access and map access. We implement a tool, WeChecker, to detect privilege escalation vulnerabilities [7] in Android apps. WeChecker achieves 96% precision and 96% recall in the state-of-the-art test suite DriodBench (for comparison, the precision and re- call of FlowDroid [1] are 86% and 93%, respectively). The evaluation of WeChecker on real apps shows that it is efficient (average analysis time of each app: 29.985s) and fits for large-scale checking. | - |
| dc.language | eng | - |
| dc.publisher | ACM. | - |
| dc.relation.ispartof | Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec '15) | - |
| dc.subject | Android | - |
| dc.subject | Privilege Escalation Attack | - |
| dc.subject | Taint Analysis | - |
| dc.subject | Control Flow | - |
| dc.subject | Data Flow Checking | - |
| dc.title | WeChecker: Efficient and precise detection of privilege escalation vulnerabilities in Android apps | - |
| dc.type | Conference_Paper | - |
| dc.identifier.email | Hui, LCK: hui@cs.hku.hk | - |
| dc.identifier.email | Yiu, SM: smyiu@cs.hku.hk | - |
| dc.identifier.authority | Hui, LCK=rp00120 | - |
| dc.identifier.authority | Yiu, SM=rp00207 | - |
| dc.description.nature | link_to_OA_fulltext | - |
| dc.identifier.doi | 10.1145/2766498.2766509 | - |
| dc.identifier.scopus | eid_2-s2.0-84962022124 | - |
| dc.identifier.hkuros | 251336 | - |
| dc.publisher.place | United States | - |
| dc.customcontrol.immutable | sml 151211 | - |