Home > Documents > Droid Checker

Droid Checker

Date post: 03-Jan-2016
Author: sarker-tanveer-ahmed
View: 93 times
Download: 0 times
Share this document with a friend
Droid checker summary
Embed Size (px)
Popular Tags:
of 23 /23
DroidChecker: analyzing android applications for capability leak Patrick P.F. Chan, Lucas C.K. Hui and S. M. Yiu WISEC '12 Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks

Slide 1

DroidChecker: analyzing android applications for capability leak

Patrick P.F. Chan, Lucas C.K. Hui and S. M. Yiu

WISEC '12Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks

ContributionA novel approach to automatically detect capability leak in Android applications.

5/16/20132Capability LeakAn application with less permissions (a non-privileged caller) gain access to the components of a more privileged application (a privileged callee).

Then the lower privileged application can do things through the capability of the higher privileged application.5/16/20133Four Major Android ComponentsActivityAnactivityrepresents a single screen with a user interfaceServicesruns in the background to perform long-running operations, does not provide a user interface. For example, a service might play music in the background while the user is in a different application, or it might fetch data over the network without blocking user interaction with an activity.

5/16/20134Android Components (contd..)Content ProvidersAcontent providermanages a shared set of application data. Data stored in the file system, an SQLite database, on the web etc.BroadCast Receiversresponds to system-wide broadcast announcements. For example, a broadcast announcing that the screen has turned off, the battery is low etc.

5/16/20135How one application can communicate with the Other?Through ICC (Inter Component communication). Either intra or inter application.

To be specific, through special kind of message called Intents. [Exception : Content Provider]

Content providers are addressed through a special content Uniform Resource Indentifier (URI).Format : content:////[]

5/16/20136Passing of intents (Example)

Ref: http://www.mertkavi.com/tag/android-programlama5/16/20137System DesignAPK File JAR Source FilesParseManifest FileList of potential ComponentsResultDecompileConvertGet ManifestRisky Components ?Note : Drawn using the idea from [1]Capability leak Detection5/16/20138Two Main StepsManifest File Parsing to find risky components for further review.

Capability Leak Detection Find the vulnerable applications/components from the candidates. 5/16/20139Manifest Parsing (1)At first checks the Android Manifest file to see:

Whether the application uses at least one permission , if no, the parsing process terminates. [It has no capability]

Then it checks whether the application is guarded by any permission in tag, then the application is safe.5/16/201310Manifest Parsing (2)

Note : Drawn using the idea from [1]For components not found safe in earlier check5/16/201311Capability Leak DetectionAfter finding vulnerable components Examine the source code of those components

Tries to find the data paths leading to capability leak through inter-procedural control flow graph and following taint propagation5/16/201312Capability Leak DetectionTwo kinds of data path are of interest: Involving API calls that result in a sensitive operation to be called.

Involving API calls that returns the result of a sensitive operation.

5/16/201313Taint propagationTwo kinds of variables are tainted Appearing in the parameter of a sensitive call

Variables holding return value of sensitive operation5/16/201314Example

Example taken from [1]5/16/201315Example

Example taken from [1]5/16/201316LimitationsStatic analysis technique, so lot of false positives (FP).

Only detect capability leaks through Activity and Services, does not work for Content Providers

Not practical to be used by user himself.

Did not handle one case in the Manifest File parsing module.The protection level of the permission by which an application is protected was not considered

5/16/201317Question 2 Do you have any idea to stop applications from leaking capability? Please justify and explain your you idea if there is any.

5/16/201318Idea for Capability Leak DetectionExisting mechanism does not restrict access to a publicly exported (explicitly or implicitly) component, even if the application hosting those components owns certain permsisions.

Here, lies opportunity of capability leak detection.5/16/201319ExampleApp1 Components can access the components of App2, which can access component 1 of App3. So, App1 can now indirectly access component 1 of App3.

Note : Drawn using the idea from [1]5/16/20132020ProposalLet suppose, AppX uses permissions PX ={ Px1,..,Pxn} and it has unguarded components.

AppY has permissios PY = {Py1,,Pyn} and it wants to access components of AppX.

The proposal is to have this access, it must be that: Px PY

5/16/20132121References[1] Chan, Patrick PF, Lucas CK Hui, and S. M. Yiu. "Droidchecker: analyzing android applications for capability leak."Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. ACM, 2012.

5/16/201322Questions and Comments??5/16/201323