FixDroid is a plug-in of android studio, which help inexperienced developer to develop applications with less security problems (security and privacy). Many Android apps have poorly implemented security mechanisms resulting from developer who are inexperienced, distracted or overwhelmed. Android Lint has many disadvantages. This paper introduces several operators for automitically fixing android vulneribilities.
This paper studied two very simple vulnerabilities rooted in an unprotected Android component. To share data with other apps, the interface of content provider is open by default, which provides an opportunity for other apps to access its sensitive data or modify its configuration. This paper proposed to use static analysis (combining CFG and DFG) to find the potential vulnerabilities. They found 2% and 1.4% of apps they tested are susceptible to these two vulnerabilities.
test content
Software developers are entrusted by end users to not only care for their data, but disclose what exactly is being collected. So this paper proposes a semi-automated framework that consists of a policy terminology-API method map and information flow analysis to detect misalignments. Firstly, they extract the API Terminology manually, which is a map from API method to policy phrases. Secondly, extracting the privacy policy terminology of the app from related documents. Finally, detect the voilation between the privacy policy provided by the developers and real implementation.
Problems:The first problem is to design a language for specifying the event-driven behaviour of an Android application.The second problem is to construct an abstraction of the interaction between an Android application and the Android event system. The third problem is to check whether this abstraction satisfies a given policy. Challenges: (1)Model control-flow between the event system and application. (2)computing the abstraction of android event system Solution: (1)Defining malicious behavior using temporal logic -- general specification(like accessing GPS data) and application specific properties(defined by users) (2)Using PEG (Permission Event Graph) to representing the abstract between Android event system, permissions and APIs in an application. The vertex is program state (represented by a set of boolean variable, e.g. RecordEnabled) and edges capture the APIs and permission used in the transition.(3)Using model checking to check whether the properties satisfy the PEG or not.
Novelty: (1)PEG and its construction (2)Encoding user and malicious behaviors
The goal of IntelliDroid is to generate input that specifically exercises malicious path in an application. IntelliDroid combined static and dynamic analysis. Static phase: To find the malicious path, they targeted specific APIs and generated inputs to trigger them. Firstly, they identified the event handlers that invoke the targeted APIs, and find the call path to those APIs within the event. Then, extract the path constraints. Those path constraints may depend on heap variables that are set in other event handlers. So, IntelliDroid extracted a supporting event-chain. Dynamic phase: IntelliDroid will solve the path constraint just before input value injection and inject the input into the device-framework interface that calls the event handler.
Unit testing applies to the individual components of a software system. In practice, it is so hard and expensive to perform because it need a test driver and extral code to test function correctness, meanwhile, some software bugs depend on global field. DART first produced concolic execution.
The goal the this paper is to symbolic executing Android program in JPF(Java PathFinder). To symbolic execute android program, there are some chanlleges. Firstly, Android apps depend on a lot of libs that are not available outside the device or emulator. Secondly, Android programs have more path-divergence problems than traditional Java program, because of the multiple components and communication between them. Finally, Android is an event driven system and test inputs depend on user interaction. So this paper proposed a method to convert android program into java program that can be executed in JVM. First they developed a model to simulate the behaviors of actual Android lib. And secondly, they leveraged program analysis to correlate events with their handler for generating Android-specific drivers.
Manual crash relication is a labor-intensive task. Automated crash reproducation techniques have been proposed in the literature. Record-reply monitor software behavior via instrumentation to collect crash information when crash happend. Such technique suffer from practival limitation (performance, privacy issues). Post-failure approaches try to replicate crashes by exploiting data after crash. The problems of current techniques is practical limitation, such as environment dependencies, performance overhead and so on. This paper proposed EvoCrash, a novel guided genetic algorithm(GGA). It first gived a fitness function, which is related to the (1)distance between executed statements and target statement, (2)distance between generated stack and the expected trace (3)whether the target exception is thrown or not. Secondly, it will make a initial population by insert at least one method of the crash is inserted in each initial test. And then mutate or crossover original test suite, and choose K fittest individuals as the tests suite in next iterations. After finite number of iterations, the fittest test case will be directly given to developer as starting point for crash replication and debugging.
Edsger Dijkstra "program testing can at best show the presence of errors but never their absence"
Hard to make enforcement both secure and backwards compatible with unmodified legacy applications on Android| Tools | purpose | methodology | rely on |
|---|---|---|---|
| FlowDroid | flow analysis | static analysis | soot |
| dare | retargeting to java Bytecode | constraint solving and translate based on 9 rules | |
| MFFA | Media Fuzzing Framework for Android | FuzzBox | |
| Dynodroid | Input generation | observe-select-execute(dynamic and static analysis) | |
| IntelliDroid | Targeted Input Generator | Dynamic and static analysis | TaintDroid |
| Multi-Flows | malware detection | Analyze structure of information flow | soot |
| DroidSIFT | Semantics-aware malware detection | static analysis | soot |
| AppIntent | extract context information for malicious behavior detection | static analysis & dynamic analysis | DED, soot, JPF, InstrumentationTestRunner |
| AppContext | extract context information and use machine learning to detect malware | static analysis | soot |
| TriggerScope | detect logic bombs | Static analysis, symbolic execution, path predicate reconstruction and minimization | |
| appSealer | automatic generation of security-related patches | static analysis & slicing & dynamic analysis | Soot & TaintDroid |
| Automated Patching | self-healing smartphone software to avoid further crash | detection and bytecode rewriting | |
| Reference Hijacking | adopt enhancement on off-the-shelf devices | ||
| Pegasus | enforce API and permission use | static analysis & model checking & runtime monitoring | |
| POSTER | separate third-party lib with trusted code | ARTist | |
| Reliable Third-Party Library Detection | third party lib detection | Signature-based detection |