from dalvik bytecode analysis to leak detection in
play

From Dalvik Bytecode Analysis to Leak Detection in Android - PowerPoint PPT Presentation

Jan 17, 2023 •166 likes •620 views

FlowDroid Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware T aint Analysis for Android Apps From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric Bodden, Steven Artz, Siegfried

  1. FlowDroid Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware T aint Analysis for Android Apps From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric Bodden, Steven Artz, Siegfried Rasthofer 1st ICFEM Workshop on Default Privacy Thursday 6 November 2014 Luxembourg, Luxembourg 1

  2. Evolution of Phones 1985 1995 2005 2015 10,000 100,000 1,000,000 10,000,000 loc 2

  3. “Smart”Phone = Computer + Sensors + Apps 3

  4. Smartphone Penetration 4

  5. Personal Information Stored on Smartphones 5

  6. Android Market Share > 80%! 6

  7. Why Analyze Android Apps? 7

  8. Overview Dalvik Bytecode Leak detection Sources/Sinks 8

  9. How to Analyze Dalvik Bytecode? 9

  10. Problem: Type Information is Missing 10

  11. Solution: Find the Missing Information! 11

  12. 99.4% of the Apps have Numerical Constants 12

  13. Evaluation: Do we Correctly Type the Code? Set of 27,846 Android applications l l Total of 135,289,314 methods Our algorithm correctly types 99% of the analyzed methods 13

  14. Future Work l Unresolved reference l Jump to code in array l Multiple types for a single variable Bartel, A., Klein, J., Le Traon, Y., & Monperrus, M. (2012, June). Dexpler: converting android dalvik bytecode to jimple for static analysis with soot. In Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis (pp. 27-38). ACM. 14

  15. Overview Dalvik Bytecode Leak detection Sources/Sinks 15

  16. Detecting Privacy Leaks l Dynamic Approaches: l TaintDroid [OSDI’10], l Aurasium [USENIX’12], l “Dr. Android and Mr. Hide“[SPSM’12], l etc. l Static Approaches: l ScanDroid [TR 09], l DeD [SEC’11], l CHEX [CCS’12], l LeakMiner [WCSE’12], l ScanDal [Most’12], l AndroidLeaks [TRUST’12], l SAAF [SAC’13], l FlowDroid [PLDI’14], l etc. 16

  17. Detecting Privacy Leaks: Generic Approach 17

  18. But... 18

  19. Complete List Available? 19

  20. Machine Learning with Code Features 20

  21. Evaluation on Android Versions 21

  22. Top Source/Sink Methods in Malware Rasthofer, Siegfried, Steven Arzt, and Eric Bodden. "A machine-learning approach for classifying and categorizing android sources and sinks." 2014 Network and Distributed System Security Symposium (NDSS). 2014. 22

  23. Overview Dalvik Bytecode Leak detection Sources/Sinks 23

  24. FlowDroid • Challenges in the Android World • Highly Precise Taint Analysis • The Principles • Aliasing for Highly Precise Analyses • Experiments • The DroidBench Micro Benchmark Suite 24

  25. Challenges in the Android World publ i c cl ass M ai n { publ i c stati c voi d m ai n(Stri ng[] args) { … } } 25

  26. Modeling The Android Lifecycle • Model Lifecycle Through Dummy Main Method • Use Opaque Predicates and Jumps • All paths allowed in spec must be possible in method • Lots of paths, but doesn’t matter (see later) 26

  27. Modeling The Android Lifecycle i = 0; l 1: i f ( i = = 0) got o l 9; / / Ski p t he act i vi t y Act i vi t y1 act 1 = new com . ext . Act i vi t y1( ) ; act 1. onCr eat e( … ) ; act 1. onSt ar t ; l 2: act . onResum e( ) ; … act 1. onPause( … ) ; l 1: i f ( i = = 1) got o l 2; act 1. onSt op( ) ; act 1. onD est r oy( ) ; i f ( i = = 2) got o l 1; / / Run act i vi t y agai n 27

  28. Challenges in the Android World 28

  29. Challenges in the Android World onLocationChanged onLowMemory onGpsStatusChanged onGesture onSensorChanged onZoomChange 29

  30. Modeling Callbacks • Same Technique as for Lifecycle • Call callback methods in dummy main method • Simplification: Callbacks never die • Registered from app start till termination • Not as Easy as it Sounds • Callbacks that register new callbacks • Callbacks defined in XML files 30

  31. Modeling Callbacks Create Dummy Get Reachable Look for New Main Method Methods Callback New Callbacks Found Else Add XML Done Callbacks 31

  32. Challenges in the Android World • Many Sources and Sinks • API methods from the SuSi list (NDSS’14) • User Interface Controls (e.g., Password Fields) • Scalability Issue When Running With All Sources/Sinks • Piggybacking source on taint abstraction won’t scale • The Android Framework is Huge • Analyzing the framework with every app doesn’t scale • Need library abstractions 32

  33. Dissecting Android Apps: Layout Files Resource Table ID ID Code Layout XML Files 33

  34. Dissecting Android Apps: Layout Files 1.Parse The Global Resource Table 2.Parse The Layout XML Files 3.For every Layout File: 1.Scan the code for registrations of the component ID 2.Lookup the method ID to get the name 3.Add the handler to the dummy main method 34

  35. Highly Precise Taint Tracking • Based on the IFDS Framework by Reps and Horwitz • Idea: Data flow programs reduced to graph reachability • Field-Sensitive • Object-Sensitive • Flow-Sensitive And what about aliasing? • Context-Sensitive • Unlimited Depth! • Fix-Point iteration until no new callee-side contexts 35

  36. Highly Precise Taint Tracking • Need an Alias Analysis With Same Precision • Upfront Analysis Does Not Scale • Solution: On-Demand Alias Analysis • Idea: Re-use same IFDS-based analysis • Two interleaved solvers • Technique adapted from Andromeda by Tripp et al. (in: Fundamental Approaches to Software Engineering) 36

  37. Highly Precise Taint Tracking d main() { voi a = new A(); a.g.f a.g.f b = a.g; d foo(z) { voi z.g.f foo(a); b.f x = z.g; sink(b.f); w = source(); x.f w } x.f = w; x.f return; Flow Sensitivity? } 37

  38. Highly Precise Taint Tracking d main() { voi w = source(); z.f z = x; w x.f leak(z.f); Need to remember when taint x.f = w; becomes “live” x.f return; } We call it “Activation Statement” 38

  39. DroidBench – Benchmarks for Android • Compare Static/Dynamic Analysis Tools for Android • Open Source • You’re Welcome to Contribute! 39

  40. DroidBench – Benchmarks for Android • 64 Test Cases So Far • Arrays and Lists • Callbacks • Field And Object Sensitivity • Inter-App Communcation • Lifecycle • General Java • Miscellaneous Android-Specific • Implicit Flows • Reflection 40

  41. FlowDroid vs. The Rest on DroidBench Recall AppScan Source Fortify FlowDroid Precision 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 41

  42. Future Work • Native Code • Currently under-approximated by default • NativeCallHandler interface for custom implementations • Library Functions • TaintPropagationHandler interface • Default implementation: Simple rules • More clever solution under submission • More Efficient Callgraph Algorithms 42

  43. Future Work • Inter-Component Communication • 320 different activities in Facebook app • Support for static fields Activity • Communication using intents possible • Solution under submission Service Broadcast Content Receiver Provider Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., ... & McDaniel, P. (2014, June). Flowdroid: Precise context, flow, field, object- sensitive and lifecycle-aware taint analysis for android apps. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (p. 29). ACM. 43

  44. Overview Dalvik Bytecode Leak detection Sources/Sinks 44

  45. The End Dexpler http://www.abartel.net/dexpler/ Soot https://github.com/Sable/soot SuSi http://sseblog.ec-spride.de/tools/susi/ FlowDroid http://sseblog.ec-spride.de/tools/flowdroid/ Epicc http://siis.cse.psu.edu/epicc/ IccTA https://sites.google.com/site/icctawebpage/ DroidForce https://github.com/secure-software-engineering/DroidForce Alexandre Bartel Center for Advanced Security Research Darmstadt (CASED) Secure Software Engineering Group (EC-SPRIDE) Email: alexandre.bartel@cased.de 45

Recommend

www.thomas-leak-detection.com Leak Detection Class I Presentation EN 2014-02-19 Part1.docx ABOUT

www.thomas-leak-detection.com Leak Detection Class I Presentation EN 2014-02-19 Part1.docx ABOUT

Class I Leak Detection Systems - Highest level of monitoring and prevention of double walled tanks and pipes, according EU Standard EN 13160-2 Advantages Working Principle Product Overview www.thomas-leak-detection.com Leak

206 views • 16 slides
Pipeline leak detection eLearning Part 1 of 2 Please turn on your speakers Historical

Pipeline leak detection eLearning Part 1 of 2 Please turn on your speakers Historical

Pipeline leak detection eLearning Part 1 of 2 Please turn on your speakers Historical development Leak detection system requirements Causes of leaks Leak detection options Non-continuous leak detection Continuous external leak detection

806 views • 49 slides
Soil Gas Sampling with a Helium Leak Detection Shroud Bruce Godfrey & Stefan DAngona

Soil Gas Sampling with a Helium Leak Detection Shroud Bruce Godfrey & Stefan DAngona

Soil Gas Sampling with a Helium Leak Detection Shroud Bruce Godfrey & Stefan DAngona Introduction a. Leak Detection Options b. Helium Leak Detection c. Leak Tracer System Design d. Use and experience Why Leak Check? Proof of Sample

569 views • 16 slides
Mitigation of BGP Route Leaks ietf-idr-route-leak-detection-mitigation-06 (Route leak definition:

Mitigation of BGP Route Leaks ietf-idr-route-leak-detection-mitigation-06 (Route leak definition:

Methods for Prevention, Detection and Mitigation of BGP Route Leaks ietf-idr-route-leak-detection-mitigation-06 (Route leak definition: RFC 7908) K. Sriram, D. Montgomery, B. Dickson, K. Patel, and A. Robachevsky IDR Working Group Meeting,

244 views • 9 slides
Direct Hydrocarbon Leak Detections based on Nanocomposite Sensors Private and Confidential

Direct Hydrocarbon Leak Detections based on Nanocomposite Sensors Private and Confidential

November 2017 Direct Hydrocarbon Leak Detections based on Nanocomposite Sensors Private and Confidential Contents Needs for Leak Detection Sensors Review of Leak Detection Systems Husky Leak N. Battleford, SK; July 2016 Platform

635 views • 24 slides
LEAK DETECTION AND REPAIR RECENT ENHANCEMENTS PRESENTED BY STEVE BANNISTER MANAGING DIRECTOR

LEAK DETECTION AND REPAIR RECENT ENHANCEMENTS PRESENTED BY STEVE BANNISTER MANAGING DIRECTOR

THE LEAK DETECTION SPECIALISTS LEAK DETECTION AND REPAIR RECENT ENHANCEMENTS PRESENTED BY STEVE BANNISTER MANAGING DIRECTOR ENSERVE ENGINEERING SERVICES THE LEAK DETECTION SPECIALISTS SERVICES PORTFOLIO VALVE REPAIR MANUAL , SAFETY

645 views • 19 slides
Evolution of Hydrostatic Leak Detection Ronnie Little, rlittle@rmudata.com , 281-743-2033 SPL

Evolution of Hydrostatic Leak Detection Ronnie Little, rlittle@rmudata.com , 281-743-2033 SPL

5/22/2018 Evolution of Hydrostatic Leak Detection Ronnie Little, rlittle@rmudata.com , 281-743-2033 SPL Leak Detection IN THE BEGINNING According to PHMSA, hydrostatic testing for pipelines began in the 1940s. MADE MANDATORY in

496 views • 12 slides
Optical Leak Testing Technology October 9th, 2014 Hermetic Leak Test Methods Helium Mass

Optical Leak Testing Technology October 9th, 2014 Hermetic Leak Test Methods Helium Mass

Optical Leak Testing Technology October 9th, 2014 Hermetic Leak Test Methods Helium Mass Spectrometry (Fine) Bubble Leak testing (Gross) Dye Penetrant (Gross) (Destructive) Residual Gas Analysis (Destructive) Cumulative Helium Leak Detection

326 views • 31 slides
Conco System s The Practical Application of Tracer Gas Leak Detection for Air Cooled Condensers

Conco System s The Practical Application of Tracer Gas Leak Detection for Air Cooled Condensers

Conco System s The Practical Application of Tracer Gas Leak Detection for Air Cooled Condensers Andrew H. Leavitt Conco Systems, Inc. Tracer Gas Leak Detection Focusing On: Air inleakage Impact on system Limitations of air removal

691 views • 31 slides
Rationale Conventional Computational Pipeline Monitoring (CPM) methods have very limited

Rationale Conventional Computational Pipeline Monitoring (CPM) methods have very limited

Liquid Pipeline Leak Detection - Ongoing Research to Evaluate Selected External Leak Detection Technologies Mark Stephens, C-FER Technologies Pipeline Safety Trust Conference, New Orleans LA October 20, 2016 www.cfertech.com 1 2016 Pipeline

182 views • 17 slides
Gas Leak Detection and Visualization www.dmda.biz Why Stop Leaks of Fugitive Emissions?

Gas Leak Detection and Visualization www.dmda.biz Why Stop Leaks of Fugitive Emissions?

Gas Leak Detection and Visualization www.dmda.biz Why Stop Leaks of Fugitive Emissions? Loss of Revenue Safety Environmental Our - Services Typical Large Refinery 130,000 valves 325,000 connectors 1,000 pump seals

509 views • 46 slides
AmSys Leak Detection Unit (amsys.no) Main features AmSys 1 Adaptive Measurement Systems AmSys

AmSys Leak Detection Unit (amsys.no) Main features AmSys 1 Adaptive Measurement Systems AmSys

AmSys Leak Detection Unit (amsys.no) Main features AmSys 1 Adaptive Measurement Systems AmSys 2 Adaptive Measurement Systems The AmSys solution for leak detection: Can be used in all systems where heat exchanger leakage may be detected as

545 views • 23 slides
Dalvik VM Internals Dan Bornstein Google Intro Memory CPU Advice Conclusion

Dalvik VM Internals Dan Bornstein Google Intro Memory CPU Advice Conclusion

Dalvik VM Internals Dan Bornstein Google Intro Memory CPU Advice Conclusion Dalvk, Iceland The Big Picture The Big Picture What is the Dalvik VM? It is a virtual machine to run on a slow CPU with relatively

924 views • 58 slides
RaySense Fiber Optic Distributed Acoustic Sensing for Pipeline Security and Leak Detection 1 P

RaySense Fiber Optic Distributed Acoustic Sensing for Pipeline Security and Leak Detection 1 P

RaySense Fiber Optic Distributed Acoustic Sensing for Pipeline Security and Leak Detection 1 P IPELINE M ONITORING AND S ECURITY The oil & gas industry is currently facing a serious challenge in assuring spill and accident free operations

1.07k views • 18 slides
8/10/10 A Fiber-Optic Sensor for Leak Detection in a Space Environment John Sinko Valentin

8/10/10 A Fiber-Optic Sensor for Leak Detection in a Space Environment John Sinko Valentin

8/10/10 A Fiber-Optic Sensor for Leak Detection in a Space Environment John Sinko Valentin Korman Adam Hendrickson Madison Research Kurt A. Polzin NASA, Marshall Space Flight Center AIAA/ASME/SAE/ASEE Joint Propulsion Conference, Aug. 3-5,

209 views • 4 slides
Effective interprocedural resource leak detection Emina Torlak and Satish Chandra IBM T.J. Watson

Effective interprocedural resource leak detection Emina Torlak and Satish Chandra IBM T.J. Watson

Effective interprocedural resource leak detection Emina Torlak and Satish Chandra IBM T.J. Watson Research Center Hawthorne, NY Resource leaks in Java void test(File file, String enc) throws IOException { PrintWriter out = null; Unlike

502 views • 46 slides
Data Leak Detection As a Service Xiaokui Shu and Danfeng (Daphne) Yao Department of Computer

Data Leak Detection As a Service Xiaokui Shu and Danfeng (Daphne) Yao Department of Computer

Data Leak Detection As a Service Xiaokui Shu and Danfeng (Daphne) Yao Department of Computer Science Virginia Tech danfeng@cs.vt.ed u http://people.cs.vt.edu/~danfeng/ Xiaokui Shu (3 rd year PhD student) SECURECOMM 2012, Padua Italy 1 Data

445 views • 23 slides
Polygon Leak Detection Trace & Access Services Jamie Nash LD Director Polygon Trace &

Polygon Leak Detection Trace & Access Services Jamie Nash LD Director Polygon Trace &

Polygon Leak Detection Trace & Access Services Jamie Nash LD Director Polygon Trace & Access Agenda Introduction to LD How we find leaks Case study IOT Preventative Technology Questions Flaws in traditional

623 views • 18 slides
Welcome Wireless Water Leak Detection & Monitoring For HOAs The Problem Water damage is

Welcome Wireless Water Leak Detection & Monitoring For HOAs The Problem Water damage is

Welcome Wireless Water Leak Detection & Monitoring For HOAs The Problem Water damage is the #1 cause of insurance claims Larger than fire and theft combined Total water damage claims in US equal $8-10 billion/yr.

733 views • 14 slides
DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Yan Heng Yin August 10, 2012 1 Android Java Components System Services Native Components Apps 2 Android Java Components

631 views • 33 slides
Low-cost Lightweight Airborne Laser-based Sensors for Pipeline Leak Detection and Reporting M.B.

Low-cost Lightweight Airborne Laser-based Sensors for Pipeline Leak Detection and Reporting M.B.

Physical VG13-062 Sciences Inc. Low-cost Lightweight Airborne Laser-based Sensors for Pipeline Leak Detection and Reporting M.B. Frish , R.T. Wainner, M.C. Laderer, and M.G. Allen Physical Sciences Inc., 20 New England Business Center,

437 views • 18 slides
Using CLP Simplifications to Improve Java Bytecode Termination Analysis Fausto SPOTO, Lunjin LU,

Using CLP Simplifications to Improve Java Bytecode Termination Analysis Fausto SPOTO, Lunjin LU,

Using CLP Simplifications to Improve Java Bytecode Termination Analysis Fausto SPOTO, Lunjin LU, and Fred MESNARD Dipartimento di Informatica, Universit` a di Verona, Italy Oakland University, U.S.A. IREMIA, universit e de la R eunion,

216 views • 17 slides
Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications Amiangshu

Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications Amiangshu

Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications Amiangshu Bosu, Fang Liu, Danfeng (Daphne) Yao, & Gang Wang http://mashable.com/2013/10/30/department-of-defense-app-store/#iJuBpfyLJaq4

466 views • 29 slides
Hydrocarbon Leaks 2012 - 2017 Norwegian Oil and Gas Association - Project for Hydrocarbon Leak

Hydrocarbon Leaks 2012 - 2017 Norwegian Oil and Gas Association - Project for Hydrocarbon Leak

Cause Analysis Hydrocarbon Leaks 2012 - 2017 Norwegian Oil and Gas Association - Project for Hydrocarbon Leak Reduction Presentation Package 1 Background GaLeRe, later renamed to Gas Leak Reduction Project was established by OLF in 2003

631 views • 18 slides

More recommend