Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges and Solutions for Analyzing Android

@article{Bartel2014StaticAF,
  title={Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges and Solutions for Analyzing Android},
  author={Alexandre Bartel and Jacques Klein and Monperrus Martin and Yves Le Traon},
  journal={IEEE Transactions on Software Engineering},
  year={2014},
  volume={40},
  pages={617-632}
}
A common security architecture is based on the protection of certain resources by permission checks (used e.g., in Android and Blackberry). It has some limitations, for instance, when applications are granted more permissions than they actually need, which facilitates all kinds of malicious usage (e.g., through code injection). The analysis of permission-based framework requires a precise mapping between API methods of the framework and the permissions they require. In this paper, we show that… 
Large-Scale Analysis of Remote Code Injection Attacks in Android Apps
TLDR
A static detection tool is designed and implemented that automatically identifies apps that meet general conditions for remote code injection attacks on these resources in Android, and 97 apps were found to be potentially vulnerable, with 53 confirmed as vulnerable to remote code injections.
Heap Memory Snapshot Assisted Program Analysis for Android Permission Specification
  • Lannan Luo
  • Computer Science
    2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER)
  • 2020
TLDR
The heap memory snapshot assisted program analysis that leverages the dynamic information stored in the heap of Android Framework execution to assist in generating a more precise call graph; then, further analysis is performed on the call graph to extract the permission specification.
Tainting-Assisted and Context-Migrated Symbolic Execution of Android Framework for Vulnerability Discovery and Exploit Generation
TLDR
Centaur is the first system, Centaur, that enables symbolic execution of Android Framework, and has been applied to discovering new vulnerability instances, which can be exploited by recently uncovered attacks against the framework, and to generating PoC exploits.
Efficient Permission-Aware Analysis of Android Apps
TLDR
PATDroid, the last proposed approach in this dissertation, is intended to help app developers with this challenge and can significantly reduce the testing effort by performing a hybrid program analysis that determines which tests should be executed on what permission combinations.
ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware
TLDR
This paper proposes Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks, and uses ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks.
Static analysis of android apps: A systematic literature review
TLDR
The research community is still facing a number of challenges for building approaches that are aware altogether of implicit-Flows, dynamic code loading features, reflective calls, native code and multi-threading, in order to implement sound and highly precise static analyzers.
Whole-system analysis for understanding publicly accessible functions in Android
TLDR
This paper performs whole-system analysis for different versions of Android by using both backward and forward static analysis of intra-procedural and inter-Procedural control-flow and data-flow graphs, which can collect information about functions in Android that can be invoked by applications, which are referred to as publicly accessible functions in this paper.
M-Perm: A Lightweight Detector for Android Permission Gaps
TLDR
A new detection tool, M-Perm, is created, which combines static and dynamic analysis in a computationally efficient manner compared to existing tools to assist with the discovery of misused permissions.
Method-Level Permission Analysis Based on Static Call Graph of Android Apps
TLDR
A method-level permission usage analysis, which is adopted to analyze the disassembled bytecode of an Android App, and model the behaviors of App code by its static call graph, which provides a clear view of the compact calling structure of permission-sensitive methods.
Analyses for specific defects in android applications: a survey
TLDR
An investigation of existing works on the analysis of Android apps finds that various program analysis approaches with techniques in other fields are applied in analyzing Android apps; however, they can be improved with more precise techniques to be more applicable.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 45 REFERENCES
Understanding the implemented access control policy of Android system services with slicing and extended static checking
  • T. Mustafa, K. Sohr
  • Computer Science
    International Journal of Information Security
  • 2014
TLDR
This work proposes to extract the implemented access control policy from the code for Android system services with the help of program slicing and uses the Java Modeling Language in conjunction with extended static checking for this purpose.
Automatically securing permission-based software by reducing the attack surface: an application to Android
TLDR
Using this tool on a dataset of Android applications, it is found that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare.
PScout: analyzing the Android permission specification
TLDR
An analysis of the permission system of the Android smartphone OS is performed and it is found that a trade-off exists between enabling least-privilege security with fine-grained permissions and maintaining stability of the permissions specification as the Android OS evolves.
Privilege Escalation Attacks on Android
TLDR
It is shown that a genuine application exploited at runtime or a malicious application can escalate granted permissions, implying that Android's security model cannot deal with a transitive permission usage attack and Android's sandbox model fails as a last resort against malware and sophisticated runtime attacks.
XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks
TLDR
The design and implementation of XManDroid (eXtended Monitoring on Android), a security framework that extends the monitoring mechanism of Android to detect and prevent application-level privilege escalation attacks at runtime based on a system-centric system policy is presented.
Android permissions demystified
TLDR
Stowaway, a tool that detects overprivilege in compiled Android applications, is built and finds that about one-third of applications are overprivileged.
Google Android: A State-of-the-Art Review of Security Mechanisms
TLDR
A comprehensive security assessment of the Android framework and the security mechanisms incorporated into it is provided and a list of applied and recommended defense mechanisms for hardening mobile devices in general and the Android in particular are proposed.
Apex: extending Android permission model and enforcement with user-defined runtime constraints
TLDR
A policy enforcement framework for Android that allows a user to selectively grant permissions to applications as well as impose constraints on the usage of resources and an extended package installer that allows the user to set these constraints through an easy-to-use interface is presented.
The Effectiveness of Application Permissions
TLDR
The results indicate that application permissions can have a positive impact on system security when applications' permission requirements are declared up-front by the developer, but can be improved.
Access rights analysis for Java
TLDR
A technique for computing the access rights requirements by using a context sensitive, flow sensitive, interprocedural data flow analysis, which compute at each program point the set of access rights required by the code.
...
1
2
3
4
5
...