Using Provenance Patterns to Vet Sensitive Behaviors in Android Apps

@inproceedings{Yang2015UsingPP,
  title={Using Provenance Patterns to Vet Sensitive Behaviors in Android Apps},
  author={Chao Yang and Guangliang Yang and Ashish Gehani and Vinod Yegneswaran and Dawood Tariq and Guofei Gu},
  booktitle={SecureComm},
  year={2015}
}
We propose Dagger, a lightweight system to dynamically vet sensitive behaviors in Android apps. Dagger avoids costly instrumentation of virtual machines or modifications to the Android kernel. Instead, Dagger reconstructs the program semantics by tracking provenance relationships and observing apps’ runtime interactions with the phone platform. More specifically, Dagger uses three types of low-level execution information at runtime: system calls, Android Binder transactions, and app process… Expand
Precise and Comprehensive Provenance Tracking for Android Devices
TLDR
A new system, ClearScope, is presented that tracks, at the level of individual bytes, the complete paths that data follow through Android systems, and includes compiler optimizations that enable efficient provenance tracking within applications. Expand
Lprov: Practical Library-aware Provenance Tracing
TLDR
Lprov is developed, a novel provenance tracking system which combines library tracing and syscall tracing which can precisely identify attack provenance involving libraries, including malicious library attack and library vulnerability exploitation, while syscalls-based provenance tools fail to identify. Expand
SARRE: Semantics-Aware Rule Recommendation and Enforcement for Event Paths on Android
TLDR
It is demonstrated that by enforcing the recommended security rules through a camouflage engine, SARRE can effectively prevent information leakage and enable fine-grained protection over private data with very small performance overhead. Expand
ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation
TLDR
Although ALchemist does not require instrumentation, it is highly effective in partitioning execution to autonomous tasks (in order to avoid bogus dependencies) and deriving precise attack provenance graphs, with very small overhead. Expand
Efficient Permission-Aware Analysis of Android Apps
TLDR
PATDroid, the last proposed approach in this dissertation, is intended to help app developers with this challenge and can significantly reduce the testing effort by performing a hybrid program analysis that determines which tests should be executed on what permission combinations. Expand
A Dynamic Taint Analysis Tool for Android App Forensics
TLDR
An automated mobile app analysis tool to analyze an app and discover what types of and where forensic evidentiary data that app generate and store locally on the mobile device or remotely on external 3rd-party server(s). Expand
Malware detection in android based on dynamic analysis
  • T. Bhatia, R. Kaushal
  • Computer Science
  • 2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)
  • 2017
TLDR
A syscall-capture system is developed which collects and extracts the system call traces of all the applications during their run-time interactions with the phone platform and achieves acceptable levels of accuracy in correctly classifying the application as malicious or benign using the J48 Decision Tree algorithm and the Random Forest algorithm. Expand
IDPC-XML: Integrated Data Provenance Capture in XML
TLDR
A tool-based PROV-DM for collecting provenance data in the XML file and visualizing it as directed graph and an approach named IDPC-XML for processing and managing the internal data using XML file are proposed. Expand
Adaptive Unpacking of Android Apps
TLDR
The results show that PackerGrind can successfully reveal the packers' protection mechanisms and recover the Dex files with low overhead, showing that the approach can effectively handle the evolution of packers. Expand
X-Prcaf : Xposed Based Protecting Cache File from Leaks in Android Social Applications
  • Qi Tang, Wen Zhang, Xiaoyong Li, Bin Wang
  • Computer Science
  • 2016 Third International Conference on Trustworthy Systems and their Applications (TSA)
  • 2016
TLDR
A cache file privacy protection framework, X-Prcaf (Xposed-based-Protecting-Cache-File), is proposed, which can make social applications avoid privacy data leaks in running process and aims to protect the entire life cycle of the social applications cache files by strategy pre-generation, real-time monitoring and security reinforcement. Expand
...
1
2
...

References

SHOWING 1-10 OF 57 REFERENCES
Scippa: system-centric IPC provenance on Android
TLDR
This work presents an extension to the Android IPC mechanism, called Scippa, that establishes IPC call-chains across application processes and provides provenance information required to effectively prevent recent attacks such as confused deputy attacks. Expand
Contextual Policy Enforcement in Android Applications with Permission Event Graphs
TLDR
This work centres around a new abstraction of Android applications, called a Permission Event Graph, which is constructed with static analysis, and query using model checking, and can detect, or prove the absence of malicious behaviour beyond the reach of existing techniques. Expand
Vetting undesirable behaviors in android apps with permission use analysis
TLDR
VetDroid is presented, a dynamic analysis platform for reconstructing sensitive behaviors in Android apps from a novel permission use perspective and can assist in finding more information leaks than TaintDroid, a state-of-the-art technique. Expand
SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications
TLDR
This paper implements a prototype system SmartDroid, which can automatically and efficiently detect the UI-based trigger conditions required to expose the sensitive behavior of several Android malwares, which otherwise cannot be detected with existing techniques such as TaintDroid. Expand
CHEX: statically vetting Android apps for component hijacking vulnerabilities
TLDR
This paper proposes CHEX, a static analysis method to automatically vet Android apps for component hijacking vulnerabilities, and prototyped CHEX based on Dalysis, a generic static analysis framework that was built to support many types of analysis on Android app bytecode. Expand
A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors
With more than 500 million of activations reported in Q3 2012, Android mobile devices are becoming ubiquitous and trends confirm this is unlikely to slow down. App stores, such as Google Play, driveExpand
DroidChecker: analyzing android applications for capability leak
TLDR
DroidChecker, an Android application analyzing tool which searches for the aforementioned vulnerability in Android applications and finds 6 previously unknown vulnerable applications including the re-nowned Adobe Photoshop Express application and develops a malicious application that exploits the previously unknown vulnerability found in the Adobe Photoshopexpress application. Expand
Android permissions demystified
TLDR
Stowaway, a tool that detects overprivilege in compiled Android applications, is built and finds that about one-third of applications are overprivileged. Expand
DroidMat: Android Malware Detection through Manifest and API Calls Tracing
TLDR
A static feature-based mechanism to provide a static analyst paradigm for detecting the Android malware and shows that the recall rate of the approach is better than one of well-known tool, Androguard, published in Black hat 2011, which focuses on Android malware analysis. Expand
QUIRE: Lightweight Provenance for Smart Phone Operating Systems
TLDR
Quire tracks the call chain of on-device IPCs, allowing an app the choice of operating with the reduced privileges of its callers or exercising its full privilege set by acting explicitly on its own behalf. Expand
...
1
2
3
4
5
...