RAICC: Revealing Atypical Inter-Component Communication in Android Apps

[en] Inter-Component Communication (ICC) is a key mechanism in Android. It enables developers to compose rich functionalities and explore reuse within and across apps. Unfortunately, as reported by a large body of literature, ICC is rather "complex and largely unconstrained", leaving room to a lack of precision in apps modeling. To address the challenge of tracking ICCs within apps, state of the art static approaches such as Epicc, IccTA and Amandroid have focused on the documented framework ICC methods (e.g., startActivity) to build their approaches. In this work we show that ICC models inferred in these state of the art tools may actually be incomplete: the framework provides other atypical ways of performing ICCs. To address this limitation in the state of the art, we propose RAICC a static approach for modeling new ICC links and thus boosting previous analysis tasks such as ICC vulnerability detection, privacy leaks detection, malware detection, etc. We have evaluated RAICC on 20 benchmark apps, demonstrating that it improves the precision and recall of uncovered leaks in state of the art tools. We have also performed a large empirical investigation showing that Atypical ICC methods are largely used in Android apps, although not necessarily for data transfer. We also show that RAICC increases the number of ICC links found by 61.6% on a dataset of real-world malicious apps, and that RAICC enables the detection of new ICC vulnerabilities.

Centre de recherche :

- Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Other

Disciplines :

Sciences informatiques

Auteur, co-auteur :

SAMHI, Jordan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

BARTEL, Alexandre ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal

BISSYANDE, Tegawendé François D Assise ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

KLEIN, Jacques ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

Co-auteurs externes :

Langue du document :

Anglais

Titre :

RAICC: Revealing Atypical Inter-Component Communication in Android Apps

Date de publication/diffusion :

mai 2021

Nom de la manifestation :

43rd International Conference on Software Engineering (ICSE)

Lieu de la manifestation :

Madrid, Espagne

Date de la manifestation :

May 2021

Manifestation à portée :

International

Titre de l'ouvrage principal :

43rd International Conference on Software Engineering (ICSE)

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

URL complémentaire :

https://ieeexplore.ieee.org/document/9402001

Projet FnR :

FNR14596679 - Dissecting Android Applications Using Static Analysis, 2020 (01/03/2020-31/10/2023) - Jordan Samhi

Organisme subsidiant :

FNR - Fonds National de la Recherche

Disponible sur ORBilu :

depuis le 04 février 2021

Statistiques

Nombre de vues

266 (dont 45 Unilu)

Nombre de téléchargements

145 (dont 15 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

citations OpenAlex

citations WoS^™

Bibliographie

E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, "Analyzing interapplication communication in android," in Proceedings of the 9th international conference on Mobile systems, applications, and services, 2011, pp. 239-252.
L. Li, D. Li, T. F. Bissyande, J. Klein, Y. Le Traon, D. Lo, and L. Cavallaro, "Understanding android app piggybacking: A systematic study of malicious code grafting," IEEE Transactions on Information Forensics and Security, vol. 12, no. 6, pp. 1269-1284, 2017.
M. I. Gordon, D. Kim, J. H. Perkins, L. Gilham, N. Nguyen, and M. C. Rinard, "Information flow analysis of android applications in droidsafe." in NDSS, vol. 15, no. 201, 2015, p. 110.
F. Wei, S. Roy, and X. Ou, "Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps," in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014, pp. 1329-1341.
L. Li, A. Bartel, T. F. Bissyande, J. Klein, Y. Le Traon, S. Arzt, S. Rasthofer, E. Bodden, D. Octeau, and P. McDaniel, "Iccta: Detecting inter-component privacy leaks in android apps," in 2015 IEEE International Conference on Software Engineering. IEEE, 2015, pp. 280-291.
F. I. Abro, M. Rajarajan, T. M. Chen, and Y. Rahulamathavan, "Android application collusion demystified," in International Conference on Future Network Systems and Security. Springer, 2017, pp. 176-187.
K. Xu, Y. Li, and R. H. Deng, "Iccdetector: Icc-based malware detection on android," IEEE Transactions on Information Forensics and Security, vol. 11, no. 6, pp. 1252-1264, 2016.
D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. Le Traon, "Effective inter-component communication mapping in android: An essential step towards holistic security analysis," in Presented as part of the 22nd {USENIX} Security Symposium, 2013, pp. 543-558.
D. Octeau, D. Luchaup, M. Dering, S. Jha, and P. McDaniel, "Composite constant propagation: Application to android inter-component communication analysis," in 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, vol. 1. IEEE, 2015, pp. 77-88.
P. Barros, R. Just, S. Millstein, P. Vines, W. Dietl, M. D. Ernst et al., "Static analysis of implicit control flow: Resolving java reflection and android intents (t)," in 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 2015, pp. 669-679.
L. Li, T. F. Bissyande, D. Octeau, and J. Klein, "Droidra: Taming reflection to support whole-program analysis of android apps," in Proceedings of the International Symposium on Software Testing and Analysis, 2016, pp. 318-329.
F. Allen, "Control flow analysis," ACM Sigplan Notices, pp. 1-19, 1970.
Google. (2020) Services documentation. [Online]. Available: https: //developer.android.com/guide/components/services
-. (2020) Components fundamentals documentation. [Online]. Available: https://developer.android.com/guide/components/fundamentals
-. (2020) Intents documentation. [Online]. Available: https: //developer.android.com/training/basics/intents
S. S. Engineering. (2020) Droidbench: Open-source test suite. [Online]. Available: https://github.com/secure-software-engineering
S. Grob, A. Tiwari, and C. Hammer, "Pianalyzer: A precise approach for pendingintent vulnerability analysis," in European Symposium on Research in Computer Security. Springer, 2018, pp. 41-59.
Google. (2020) Pendingintent documentation. [Online]. Available: https://developer.android.com/reference/android/app/PendingIntent
-. (2020) Intentsender documentation. [Online]. Available: https: //developer.android.com/reference/android/content/IntentSender
S. Arzt, S. Rasthofer, and E. Bodden, "Instrumenting android and Java applications as easy as abc," in International Conference on Runtime Verification. Springer, 2013, pp. 364-381.
R. Vallee-Rai and L. J. Hendren, "Jimple: Simplifying Java bytecode for analyses and transformations," 1998.
R. Vallee-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, and V. Sundaresan, "Soot: A Java bytecode optimization framework," in CASCON First Decade High Impact Papers, ser. CASCON '10. USA: IBM Corp., 2010, p. 214-224. [Online]. Available: https://doi.org/10.1145/1925805.1925818
A. Bartel, J. Klein, Y. Le Traon, and M. Monperrus, "Dexpler: converting android dalvik bytecode to jimple for static analysis with soot," in Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis, 2012, pp. 27-38.
K. Allix, T. F. Bissyande, J. Klein, and Y. Le Traon, "Androzoo: Collecting millions of android apps for the research community," in 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR). IEEE, 2016, pp. 468-471.
V. Total. (2020) Virus total free online virus, malware and url scanner. [Online]. Available: https://www.virustotal.com/en
L. Li, T. F. Bissyande, J. Klein, and Y. L. Traon, "An investigation into the use of common libraries in android apps," in 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), vol. 1, 2016, pp. 403-414.
S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel, "Flowdroid: Precise context flow, field, object-sensitive and lifecycle-aware taint analysis for android apps," Acm Sigplan Notices, vol. 49, no. 6, pp. 259-269, 2014.
E. Bodden, A. Sewe, J. Sinschek, H. Oueslati, and M. Mezini, "Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders," in International Conference on Software Engineering. IEEE, 2011, pp. 241-250.
L. Li, A. Bartel, T. F. Bissyande, J. Klein, and Y. Le Traon, "Apkcombiner: Combining multiple android apps to support inter-app analysis," in IFIP International Information Security and Privacy Conference. Springer, 2015, pp. 513-527.
M. Hammad, J. Garcia, and S. Malek, "A large-scale empirical study on the effects of code obfuscations on android apps and anti-malware products," in Proceedings of the 40th International Conference on Software Engineering, ser. ICSE '18. New York, NY, USA: Association for Computing Machinery, 2018, p. 421-431. [Online]. Available: https://doi.org/10.1145/3180155.3180228
M. Linares-Vasquez, A. Holtzhauer, C. Bernal-Cardenas, and D. Poshyvanyk, "Revisiting android reuse studies in the context of code obfuscation and library usages," in Proceedings of the 11th Working Conference on Mining Software Repositories, ser. MSR 2014. New York, NY, USA: Association for Computing Machinery, 2014, p. 242-251. [Online]. Available: https://doi.org/10.1145/2597073.2597109
L. Li, T. F. Bissyand, M. Papadakis, S. Rasthofer, A. Bartel, D. Octeau, J. Klein, and L. Traon, "Static analysis of android apps," Inf. Softw. Technol., vol. 88, no. C, p. 67-95, Aug. 2017. [Online]. Available: https://doi.org/10.1016/j.infsof.2017.04.001
C. Gibler, J. Crussell, J. Erickson, and H. Chen, "Androidleaks: automatically detecting potential privacy leaks in android applications on a large scale," in International Conference on Trust and Trustworthy Computing. Springer, 2012, pp. 291-307.
J. Kim, Y. Yoon, K. Yi, J. Shin, and S. Center, "Scandal: Static analyzer for detecting privacy leaks in android applications," MoST, vol. 12, no. 110, p. 1, 2012.
C. Mann and A. Starostin, "A framework for static detection of privacy leaks in android applications," in Proceedings of the 27th annual ACM symposium on applied computing, 2012, pp. 1457-1462.
Z. Yang and M. Yang, "Leakminer: Detect information leakage on android with static taint analysis," in 2012 Third World Congress on Software Engineering. IEEE, 2012, pp. 101-104.
L. Li, K. Allix, D. Li, A. Bartel, T. F. Bissyande, and J. Klein, "Potential component leaks in android apps: An investigation into a new feature set for malware detection," in 2015 IEEE International Conference on Software Quality, Reliability and Security. IEEE, 2015, pp. 195-200.
A. K. Jha, S. Lee, and W. J. Lee, "Modeling and test case generation of inter-component communication in android," in 2015 International Conference on Mobile Software Engineering and Systems. IEEE, 2015, pp. 113-116.
W. Enck, M. Ongtang, and P. McDaniel, "Understanding android security," IEEE security & privacy, vol. 7, no. 1, pp. 50-57, 2009.
K. Tam, S. J. Khan, A. Fattori, and L. Cavallaro, "Copperdroid: Automatic reconstruction of android malware behaviors." in NDSS, 2015.
W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, "Taintdroid: an informationflow tracking system for realtime privacy monitoring on smartphones," ACM Transactions on Computer Systems, vol. 32, no. 2, pp. 1-29, 2014.
M. Backes, S. Gerling, C. Hammer, M. Maffei, and P. von Styp- Rekowsky, "Appguard-enforcing user requirements on android apps," in International Conference on TOOLS and Algorithms for the Construction and Analysis of Systems. Springer, 2013, pp. 543-548.
P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall, "These aren't the droids you're looking for: retrofitting android to protect data from imperious applications," in Proceedings of the 18th ACM conference on Computer and communications security, 2011, pp. 639- 652.
R. Xu, H. Saldi, and R. Anderson, "Aurasium: Practical policy enforcement for android applications," in Presented as part of the 21st {USENIX} Security Symposium ({USENIX} Security 12), 2012, pp. 539-552.
A. Bartel, J. Klein, M. Monperrus, K. Allix, and Y. Le Traon, "Improving privacy on android smartphones through in-vivo bytecode instrumentation," 2012.
G. Sarwar, O. Mehani, R. Boreli, and M. A. Kaafar, "On the effectiveness of dynamic taint analysis for protecting against private information leaks on android-based devices." in SECRYPT, vol. 96435, 2013.
M. Hammad, J. Garcia, and S. Malek, "Self-protection of android systems from inter-component communication attacks," in Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ser. ASE 2018. New York, NY, USA: Association for Computing Machinery, 2018, p. 726-737. [Online]. Available: https://doi.org/10.1145/3238147.3238207
J. Garcia, M. Hammad, N. Ghorbani, and S. Malek, "Automatic generation of inter-component communication exploits for android applications," in Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ser. ESEC/FSE 2017. New York, NY, USA: Association for Computing Machinery, 2017, p. 661-671. [Online]. Available: https://doi.org/10.1145/3106237.3106286