stadyna addressing the problem of dynamic code updates in
play

StaDynA: Addressing the Problem of Dynamic Code Updates in the - PowerPoint PPT Presentation

Dec 17, 2023 •178 likes •427 views

StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Apps Yury Zhauniarovich, MaqsoodAhmad, Olga Gadyatskaya, Bruno Crispo, Fabio Massacci yury.zhauniarovich, maqsood.ahmad, bruno.crispo,

  1. StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Apps Yury Zhauniarovich, MaqsoodAhmad, Olga Gadyatskaya, Bruno Crispo, Fabio Massacci yury.zhauniarovich, maqsood.ahmad, bruno.crispo, fabio.massacci@unitn.it olga.gadyatskaya@uni.lu University of Trento SnT, University Of Luxembourg

  2. Analysis Types  Static analysis – is the analysis of applications which is performed without the actual execution of an application  Dynamic analysis – is the analysis which is performed by executing an application in real or emulated environments 2

  3. Dynamic Code Updates* Android Package (.apk) Dalvik VM .dex resources. files arsc uncompiled resources assets AndroidManifest.xml code files Method.invoke (jar, dex ,…) 1. Dynamic Class Loading (DCL) 2. Reflection DexFile.loadDex * S. Poeplau et al. “Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications”. In Proc. Of NDSS’14 3

  4. Motivation  In Android, code loaded dynamically has the same privileges as original  Static analyzers cannot fully inspect an app in the presence of dynamic code update features (AndroGuard, FlowDroid, etc.)  Heavily used by malware to conceal malicious behavior  Used in real applications to bypass Android limitations 4

  5. Reflection and DCL Usage  Google Play: – analyzed 13863 apps – 19% contain DCL calls – 88% use reflection  Third-party markets: – analyzed 14283 apps from 6 markets – 6% contain DCL calls (F-Droid: 1%) – 74% use reflection (F-Droid: 57%)  Malware dataset: – 1260 samples analyzed – 20% contain DCL calls – 81% use reflection 5

  6. Representative Example 6

  7. Problem: Dynamic Code Updates Issue: How to analyze Android apps in the presence of  reflection calls, – detect the name of the called function/class  dynamic class loading? – download and analyze the loaded code  Method Call Graph (MCG) is a directed graph showing the calling relationships between methods in a computer program 7

  8. StaDynA: Idea  Apps with Dynamic Code Update features expose their dynamic behavior at runtime  IDEA: combine static and dynamic analysis techniques to detect and explore Dynamic Code Update features 8

  9. StaDynA: Overview 9

  10. StaDynA: Approach  Find API calls responsible for reflection and DCL at static time (we name the methods calling these API functions as Methods of Interest (MOI) )  Analyze their behavior at runtime 10

  11. StaDynA: Workflow 11

  12. StaDynA: Features  Stores and analyzes the code loaded dynamically  Builds MCG of the app including the information obtained at runtime Tmp testMeth ()V Method.invoke  Discovers at runtime the qualifiers of the methods/constructors DexFile.loadDex called through reflection SmsManager sendDataMessage  Discovers suspicious behavior patterns SMS_SEND 12

  13. StaDynA: Evaluation  Dataset: – 5 benign (FlappyBird, Norton AV, Avast AV, Viber, Floating Image) – 5 malicious (FakeNotify.B, AnserverBot, BaseBridge, DroidKungFu4, SMSSend)  The dataset is small: – StaDynA requires manual triggering  Evaluation parameters: – the increase of the MCG – coverage of the MOI detected in the application – discovered suspicious patterns 13

  14. Evaluation: MCG Increase 14

  15. Evaluation: Coverage 15

  16. Evaluation: Suspicious Patterns  Access to the functionality protected with dangerous permissions from the loaded code  Ticks show that the usage of the corresponding permission has not been found in the initial app file (over-privileged apps) 16

  17. FakeNotify.B before StaDynA 17

  18. FakeNotify.B after StaDynA 18

  19. StaDynA: Issues  Manual triggering  Resolution of all reflection targets is done at runtime  The information obtained during different runs is not merged  No separation according to the name of the package (UID is used instead)  Not all types of dynamic code updates have been covered 19

  20. StaDynA: Summary  Dynamic code updates is a serious problem for Android – the code loaded dynamically has the same privileges as the original application  We proposed an approach that facilitates the analysis of apps in the presence of reflection and DCL – discovers at runtime the qualifiers of the methods/constructors called through reflection – stores and analyzes code loaded dynamically – builds MCG of the app including the information obtained at runtime – discovers suspicious behavior patterns  Open-source: https://github.com/zyrikby/StaDynA 20

  21. BACKGROUND SLIDES 21

  22. StaDynA: Main Function 22

  23. Analysis of Invoke Event 23

  24. Analysis of DCL Event 24

Recommend

Program Code Analyzers Agenda The Problem Dynamic and Static Tools Examples of

Program Code Analyzers Agenda The Problem Dynamic and Static Tools Examples of

Generic Programming and Library Development The Problems Presentation on Program Code Analyzers Dynamic and Static Tools May 18 th 2007 Examples of Tools Program Code Analyzers Agenda The Problem Dynamic and Static Tools

388 views • 13 slides
Hot code is faster code Addressing JVM warm-up Mark Price LMAX Exchange The JVM warm-up

Hot code is faster code Addressing JVM warm-up Mark Price LMAX Exchange The JVM warm-up

Hot code is faster code Addressing JVM warm-up Mark Price LMAX Exchange The JVM warm-up problem? The JVM warm-up feature! In the beginning Bytecode JVM Images from Wikipedia What does the JVM run? THE INTERPRETER An example (source)

703 views • 54 slides
The Problem(s) with the Browser Collin Jackson collin.jackson@sv.cmu.edu Web: The OS of the

The Problem(s) with the Browser Collin Jackson collin.jackson@sv.cmu.edu Web: The OS of the

The Problem(s) with the Browser Collin Jackson collin.jackson@sv.cmu.edu Web: The OS of the Future? Ubiquitous Dynamic Instant updates Interactive Programs Pages Web Applications Remote code? Are you crazy?? Integrity Compromise

509 views • 48 slides
20. Dynamic Programming II Subset sum problem, knapsack problem, greedy algorithm vs dynamic

20. Dynamic Programming II Subset sum problem, knapsack problem, greedy algorithm vs dynamic

20. Dynamic Programming II Subset sum problem, knapsack problem, greedy algorithm vs dynamic programming [Ottman/Widmayer, Kap. 7.2, 7.3, 5.7, Cormen et al, Kap. 15,35.5] 550 Quiz Solution n n Table Entry at row i and column j : height of

1.8k views • 71 slides
Mat 3770 Problem Bin Packing Dynamic Programming Basic Problem or Algorithm Problem

Mat 3770 Problem Bin Packing Dynamic Programming Basic Problem or Algorithm Problem

Mat 3770 Bin Packing or The Knapsack Mat 3770 Problem Bin Packing Dynamic Programming Basic Problem or Algorithm Problem Variation The Knapsack Problem Exhaustive Search Greedy Dynamic Pgmg Hierarchical Math Pgmg Spring 2014

479 views • 27 slides
Immediate Multi-Threaded Dynamic Software Updates Using Stack Reconstruction Kristis Makris

Immediate Multi-Threaded Dynamic Software Updates Using Stack Reconstruction Kristis Makris

Immediate Multi-Threaded Dynamic Software Updates Using Stack Reconstruction Kristis Makris Rida A. Bazzi {makristis,bazzi}@asu.edu 1 Motivation Software update problem: replace old version with new version Traditional

584 views • 42 slides
A Dynamic Programming Approach to the Multiple-Choice Multi-Period Knapsack Problem and the

A Dynamic Programming Approach to the Multiple-Choice Multi-Period Knapsack Problem and the

A Dynamic Programming Approach to the Multiple-Choice Multi-Period Knapsack Problem and the Recursive APL2 Code Edward Yu-Hsien Lin line@ntut.edu.tw Department of Business Management National Taipei University of Technology Taipei, Taiwan

473 views • 22 slides
Dynamic Programming Dynamic Programming Steps. 9 View the problem solution as the result of a

Dynamic Programming Dynamic Programming Steps. 9 View the problem solution as the result of a

Dynamic Programming Dynamic Programming Steps. 9 View the problem solution as the result of a sequence When solving the dynamic programming of decisions. recurrence recursively, be sure to avoid the 9 Obtain a formulation for the

194 views • 7 slides
29 Illinois Administrative Code 301 Updates Currently in Effect 29 Illinois Administrative Code

29 Illinois Administrative Code 301 Updates Currently in Effect 29 Illinois Administrative Code

29 Illinois Administrative Code 301 Updates Currently in Effect 29 Illinois Administrative Code 301 Title 29: Emergency Services, Disasters, and Civil Defense Chapter 1: Emergency Management Agency SubChapter C: Administration and

848 views • 59 slides
Dynamic Scheduling of Network Updates Xin Jin Hongqiang Harry

Dynamic Scheduling of Network Updates Xin Jin Hongqiang Harry

Dynamic Scheduling of Network Updates Xin Jin Hongqiang Harry Liu, Rohan Gandhi, Srikanth Kandula, Ratul Mahajan, Ming Zhang, Jennifer Rexford, Roger

616 views • 44 slides
Dynamic programming 1 Dynamic programming also solve a problem by combining the solutions to

Dynamic programming 1 Dynamic programming also solve a problem by combining the solutions to

Chapter 3 Dynamic programming 1 Dynamic programming also solve a problem by combining the solutions to subproblems. But dynamic programming considers the situation that some subproblems will be called repeatedly an thus need to avoid

1.54k views • 77 slides
Dynamic Code Evaluation & Taint Analysis Prof. Tom Austin San Jos State University

Dynamic Code Evaluation & Taint Analysis Prof. Tom Austin San Jos State University

CS 152: Programming Language Paradigms Dynamic Code Evaluation & Taint Analysis Prof. Tom Austin San Jos State University Dynamic code evaluation eval Executes dynamically Typically, eval takes a string: eval "puts

462 views • 23 slides
Dynamic Software Updates for C Applications Sebastian Hahn Friday 27 th June, 2014 Software

Dynamic Software Updates for C Applications Sebastian Hahn Friday 27 th June, 2014 Software

Dynamic Software Updates for C Applications Sebastian Hahn Friday 27 th June, 2014 Software Update There are two ways to write error-free programs; only the third one works. Alan Perlis sh DSU for C (AKSS SS 2014) Dynamic

507 views • 31 slides
Dynamic provenance for SPARQL Updates using Named Graphs Harry

Dynamic provenance for SPARQL Updates using Named Graphs Harry

Dynamic provenance for SPARQL Updates using Named Graphs Harry Halpin (W3C) James Cheney* (UoE) * supported by Royal Society University Research Fellowship

555 views • 12 slides
Dynamic Neural Turing Machine with Continuous and Discrete Addressing Schemes arXiv:1607.00036v2

Dynamic Neural Turing Machine with Continuous and Discrete Addressing Schemes arXiv:1607.00036v2

1 Dynamic Neural Turing Machine with Continuous and Discrete Addressing Schemes arXiv:1607.00036v2 [cs.LG] 17 Mar 2017 Caglar Gulcehre 1 , Sarath Chandar 1 , Kyunghyun Cho 2 , Yoshua Bengio 1 1 University of Montreal, name.lastname@umontreal.ca

497 views • 24 slides
Dynamic Programming Modan Dynamic programming? Recursion? What is DP? The

Dynamic Programming Modan Dynamic programming? Recursion? What is DP? The

Dynamic Programming Modan Dynamic programming? Recursion? What is DP? The hardest of the 4 common problem solving paradigms? The easiest of the 4 common problem solving paradigms? Problem DAG Paths Given a directed

934 views • 70 slides
DYNAMIC PATIENT ADMISSION SCHEDULING PROBLEM CS 365: Artificial Intelligence Instructor :

DYNAMIC PATIENT ADMISSION SCHEDULING PROBLEM CS 365: Artificial Intelligence Instructor :

DYNAMIC PATIENT ADMISSION SCHEDULING PROBLEM CS 365: Artificial Intelligence Instructor : Amitabha Mukerjee Students : Rohitangsu Das Xavier Valcarcel S UMMARY Presentation of the problem Motivations Problem constraints Work

533 views • 14 slides
Dynamic Code Evaluation & Taint Analysis Prof. Tom Austin San Jos State University

Dynamic Code Evaluation & Taint Analysis Prof. Tom Austin San Jos State University

CS 152: Programming Language Paradigms Dynamic Code Evaluation & Taint Analysis Prof. Tom Austin San Jos State University Parsing JSON (in-class) Review: additional Ruby eval methods instance_eval evaluates code within the body of an

689 views • 43 slides
DIADS: Addressing the My-Problem- or-Yours Syndrome with Integrated SAN and Database

DIADS: Addressing the My-Problem- or-Yours Syndrome with Integrated SAN and Database

DIADS: Addressing the My-Problem- or-Yours Syndrome with Integrated SAN and Database Diagnosis Nedyalko Borisov Duke University Shivnath Babu, Duke Sandeep Uttamchandani, IBM Ramani Routray, IBM Aameek Singh, IBM Current State

482 views • 36 slides
Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay Brain T2-Hyperintensity Sachs Stem Pelizaeus- B12 Metabolism U-Fibres Merzbacher Hypomyelination T1-Hypointensity CSF Salla LEUKODYSTROPHY

918 views • 62 slides
11/19/12 The Problem: Distributed Methods for Finding P aths in Networks 4 L2 L0 B D 19 L1

11/19/12 The Problem: Distributed Methods for Finding P aths in Networks 4 L2 L0 B D 19 L1

11/19/12 The Problem: Distributed Methods for Finding P aths in Networks 4 L2 L0 B D 19 L1 15 11 13 A Link costs 7 C E 5 6.02 Fall 2012 Addressing (how to name nodes?) Lecture #19 Unique identifier for global addressing

442 views • 6 slides
Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

I NTELLI D ROID A Targeted Input Generator for the Dynamic Analysis of Android Malware Michelle Y. Wong and David Lie University of Toronto Department of Electrical and Computer Engineering NDSS Symposium 2016 ! ! ! B ACKGROUND Static vs.

1.02k views • 32 slides
Zerocash: addressing Bitcoin's privacy problem Alessandro Chiesa UC Berkeley 1 Bitcoin's

Zerocash: addressing Bitcoin's privacy problem Alessandro Chiesa UC Berkeley 1 Bitcoin's

Zerocash: addressing Bitcoin's privacy problem Alessandro Chiesa UC Berkeley 1 Bitcoin's Privacy Problem 2 Would you like a new credit card? You will pay almost no fees! Sure! Any fine print? We will publicly broadcast every payment that

473 views • 34 slides
Dynamic programming Solves a complex problem by breaking it down into subproblems Each

Dynamic programming Solves a complex problem by breaking it down into subproblems Each

Dynamic programming Solves a complex problem by breaking it down into subproblems Each subproblem is broken down recursively until a trivial problem is reached Computation itself is not recursive: problems are solved from simple to

472 views • 30 slides

More recommend