Efficient Permission-Aware Analysis of Android Apps
Total Page:16
File Type:pdf, Size:1020Kb
UNIVERSITY OF CALIFORNIA, IRVINE Efficient Permission-Aware Analysis of Android Apps DISSERTATION submitted in partial satisfaction of the requirements for the degree of DOCTOR OF PHILOSOPHY in Software Engineering by Alireza Sadeghi Dissertation Committee: Associate Professor Sam Malek, Chair Associate Professor James A. Jones Professor Cristina Videira Lopes 2017 c 2017 Alireza Sadeghi DEDICATION To my better half, Reyhan| The best friend, classmate, and colleague. ii TABLE OF CONTENTS Page LIST OF FIGURES vi LIST OF TABLES viii ACKNOWLEDGMENTS ix CURRICULUM VITAE x ABSTRACT OF THE DISSERTATION xiii 1 Introduction 1 1.1 Dissertation Overview . .2 1.2 Dissertation Structure . .4 2 Background and Related Work 7 2.1 Android Overview . .9 2.2 Related Surveys . 11 2.3 Research Method . 13 2.3.1 Research Tasks . 14 2.3.2 Literature Review Protocol . 16 2.3.3 Selected papers . 19 2.3.4 Threats to Validity . 21 2.4 Taxonomy . 23 2.4.1 Approach Positioning (Problem) . 24 2.4.2 Approach Characteristics (Solution) . 31 2.4.3 Assessment (Validation) . 36 2.5 Survey Results and Analysis . 37 2.5.1 Approach Positioning (Problem) . 38 2.5.2 Approach Characteristics (Solution) . 48 2.5.3 Assessment (Validation) . 62 2.5.4 Cross Analysis . 67 2.6 Discussion and Directions for Future Research . 72 2.7 Conclusion . 76 iii 3 Research Problem 78 3.1 Permission-Induced Security Attacks . 79 3.2 Permission-Induced Compatibility Defects . 80 4 Compositional Analysis of Permission-Induced Security Vulnerabilities 81 4.1 Introduction . 81 4.2 Motivating Example . 84 4.3 Approach Overview . 86 4.4 Model Extractor . 89 4.4.1 Entity Extraction and Resolution . 91 4.4.2 Control Flow Augmentation . 97 4.4.3 Vulnerable Paths Identification . 97 4.5 Formal Analyzer . 100 4.5.1 Alloy Overview . 102 4.5.2 Formal Model of Android Framework . 103 4.5.3 Formal Model of Apps . 107 4.5.4 Checking Android Application Models . 110 4.6 Empirical Evaluation . 113 4.6.1 Significance of Compositional Analysis . 115 4.6.2 Automated Analysis of Applications . 116 4.6.3 Manual Analysis . 119 4.6.4 Compositional vs. Single App Analysis . 121 4.6.5 Performance and Timing . 124 4.7 Discussion . 125 4.7.1 Other Types of Vulnerabilities . 127 4.8 Conclusion . 128 5 Automatic Enforcement of Permission-Based Security Policies 130 5.1 Introduction . 130 5.2 Motivating Example . 133 5.3 Approach Overview . 136 5.4 AME: Android Model Extractor . 138 5.5 ASE: Analysis and Synthesis Engine . 142 5.6 APE: Android Policy Enforcer . 151 5.7 Evaluation . 153 5.7.1 Results for RQ1 (Accuracy) . 154 5.7.2 Results for RQ2 (Separ and Real-World Apps) . 156 5.7.3 Results for RQ3 (Performance and Timing) . 158 5.7.4 Results for RQ4 (Policy Enforcement) . 159 5.8 Conclusion . 160 6 Incorporating Time in Permission Analysis and Enforcement 161 6.1 Introduction . 161 6.2 Permission-Induced Attacks . 164 6.2.1 Privilege Escalation . 164 iv 6.2.2 Unsafe PendingIntent . 166 6.2.3 Identical Custom Permission . 167 6.2.4 Passive Data Leak . 167 6.3 Temporal Permission . 168 6.3.1 Modeling the Android System . 168 6.3.2 Formulating Safety Rules . 170 6.3.3 Leasing Temporal Permissions . 174 6.4 TERMINATOR . 176 6.4.1 Approach Overview . 176 6.4.2 Analysis . 178 6.4.3 Enforcement . 181 6.5 Evaluation . 183 6.5.1 RQ1: Coverage . 183 6.5.2 RQ2: Disruption . 186 6.5.3 RQ3: Applicability & Reliability . 188 6.5.4 RQ4: Performance . 190 6.6 Conclusion . 191 7 Permission-Aware Testing of Android 193 7.1 Introduction . 193 7.2 Illustrative Example . 196 7.3 Approach Overview . 200 7.4 Dynamic Analysis . 202 7.5 Static Analysis of Test Harness App . 204 7.6 Static Analysis of App Under Test . 206 7.6.1 Permission Analysis . 208 7.6.2 Widget Analysis . 209 7.7 Building Permission Combinations . 212 7.8 Implementation . 214 7.9 Evaluation . 214 7.9.1 Experiment Setup . 215 7.9.2 Efficiency . 216 7.9.3 Coverage . 218 7.9.4 Effectiveness . 220 7.9.5 Performance . 221 7.10 Conclusion . 222 8 Conclusion 224 8.1 Research Contributions . 225 8.2 Future Work . 227 Bibliography 229 v LIST OF FIGURES Page 1.1 Dissertation Roadmap. .3 2.1 Research process flow and tasks. 13 2.2 Scope of this survey. 17 2.3 Word cloud of the titles of the selected papers. 20 2.4 Distribution of surveyed papers. 21 2.5 Proposed Taxonomy of Android Security Analysis, Problem Category. 24 2.6 Proposed Taxonomy of Android Security Analysis, Solution Category. 31 2.7 Proposed Taxonomy of Android Security Analysis, Assessment Category. 37 2.8 Distribution of research based on the type of analyzed code . 59 2.9 Distribution of surveyed papers based on the number of source of the apps used for empirical evaluation. 64 2.10 Comparison graph for the surveyed papers . 66 2.11 Dependency graph for the surveyed papers . 67 2.12 Cross Analysis 1 and 2 . 68 2.13 Cross Analysis 3 and 4 . 69 2.14 Cross Analysis 5 . ..