SlideShare une entreprise Scribd logo

COVERT app

Télécharger en tant que PPTX, PDF
I
itba9

Compositional Analysis for Android application

Ingénierie
1  sur  23
M.Tech (CSE) 1st semester
ABSTRACT • Problem: Enforcement of the permissions in Android is at the level of individual apps, allowing multiple malicious apps to collude and combine their permissions or to trick vulnerable apps to perform actions on their behalf that are beyond their individual privileges. • Research efforts are subject to a common limitation: they are intended to detect and mitigate vulnerabilities in a single app. • COVERT’s analysis is modular and it statically analyzes the reverse engineered source code of each individual app, and extracts relevant security specifications in a format suitable for formal verification. • Using COVERT to examine over 500 real-world apps corroborates its ability to find inter-app vulnerabilities in bundles of some of the most popular apps on the market.
INTRODUCTION• Previous techniques failed to identify vulnerabilities due to the interaction of multiple apps, such as collusion attacks and privilege escalation chaining, which cannot be detected by analyzing a single app in isolation. • COVERT increases the scope of application analysis This enables reasoning about the overall security posture of a system. • The main objective of COVERT is to automatically – identify such vulnerabilities that occur due to the interaction of apps comprising a system – by inferring the security properties from individual apps and checking them as a whole by means of formal analysis – determine whether it is safe for a bundle of apps, requiring certain permissions and interacting with each other, to be installed together. • COVERT extracts essential information and captures them in an analyzable formal specification language and uses Alloy as a specification language, and the Alloy Analyzer as the analysis engine.
Android Overview Application Components Components are basic logical building blocks of Android applications. There are four types of components: • Activity • Service • Broadcast Receiver • Content Provider IPC Android depends app insulation to protect apps requires interactions to occur through a message passing mechanism, called inter- process communication. IPC is conducted by means of Intent messages. Application Configuration Each Android application must declare upfront its configuration. Component capabilities are specified as a set of Intent Filters that represent the kinds of requests a given component can respond to. Permissions Each application must declare as part of its manifest the permissions it requires, and the Android system prompts the user for consent during the application installation. Android platform provides over 130 pre- defined permissions, and apps can also define their own permissions. Intent Messages Intent message is an event for an action to be performed along with the data that supports that action. Sandboxing Sandboxing is a computer security term referring to when a program is set aside from other programs in a separate environment so that if errors or security issues occur, those issues will not spread to other areas on the computer.
Literature survey • Main focus of work is on performing program analysis over Android applications for security and Android’s permissions and their use across applications. All the research work have never been evaluated over real-world applications. • FlowDroid introduces a precise approach for static taint flow analysis for each app component. SCanDroid statically analyzes data flows to detect permission inconsistencies between apps that could possibly allow malicious access to sensitive information. It requires the source code of applications. • TaintDroid detects information leak vulnerabilities using dynamic taint flow analysis at the system level. IPC Inspection prevents privilege escalation at OS level. Whyper is a tool that checks the app’s requested permissions against its description, enabling the user to determine if certain requested permissions are suspicious. • Pscout is used to extract the permission specification from the Android OS source code using static analysis, leading to a comprehensive set of permission maps.
Architecture COVERT Parts Model Extractor Formal Analyzer Models App model Android Framework spec.
Example scenario A malicious app exploits the vulnerabilities of two other apps to send the device location data to the desirable phone number
Entity Extraction and Resolution Control Flow Augmentation Vulnerable Path Identification Static analysis technique • Input as APK and app byte code • Generate app models (build on top of Soot and Dexpler) Check for vulnerability • Combine with formal spec of app framework • Alloy as specification language • Report of list of vulnerabilities Method of Implementation 1. MODEL EXTRACTOR We first need a model of each app to determine the inter-process communications and the security properties. A model for an Android application is a tuple A = <C, I, F, P,S >, where •C is a set of components, set of Intent messages, Intent filters, permissions and set of sensitive paths •I is a set of event messages that can be used for both inter- and intra-app communications. •If component is non-empty, the Intent is called an explicit Intent, as the recipient is given explicitly. •F is a set of Intent Filters, describes an interface of c in terms of Intents that it can handle. •P is a union of required (Preq) and enforced permissions(Penf) •S is a finite set of vulnerable paths
Model Extractor
Formal Analyzer Alloy Overview Formal Model of Android Framework Formal Model of Apps Checking Android Application models There are four main reasons for choosing Alloy: 1. Its comprehensible, object-oriented- like syntax, makes it useful for declarative specification of both apps and properties to be checked. 2. Ability to automatically analyze specifications with no custom programming is useful as an automation mechanism. 3. Effective module system allows us to split the overall, complicated system model among several tractable modules. 4. The extraction approach to generate bundle specifications is incremental. Once an app model is extracted, it can be reused for analysis within several bundles of apps.
Formal Model of Android Framework The analyzer provides two types of analysis: Simulation, in which the analyzer demonstrates consistency of model specifications by generating a satisfying model instance; Model Checking, which involves finding a counterexample a model instance that violates a particular assertion. There are six top-level signatures to model the basic element types: Application, Component, Intent Filter, Intent, Path, and Permission. These signatures are defined as abstract, meaning that they cannot have an instance object without explicitly extending them.
Formal model of apps Three pieces of Alloy specifications are conjoined in the process of modeling various parts of Android apps extracted from their APK files. 1. Specification module called appDeclaration 2. App model, represented in a separate Alloy module for each app. 3. Inter-process communication module that models all Intent messages created within app.
Checking Android Application models Considering the privilege escalation, Davi et al state it as follows: “An application with less permissions (a nonprivileged caller) is not restricted to access components of a more privileged application (a privileged callee).” The assertion states that the dst component (victim) has access to a permission (uses Permission) that is missing in the src component (malicious), and that permission is not being enforced in the source code of the victim component, nor by the application embodying the victim component.
Benefits • COVERT can effectively detect inter-app vulnerabilities in few minutes. •Our prototype implementation of the approach only requires the availability of Android executable files, and not the original source code. •COVERT, can be used not only by developers, but also by end-users as well as third-party reviewers. •COVERT is implemented as a publicly available tool. We have built a prototype implementation of the model extractor component on top of the Soot static analysis tools for analyzing Java byte code. We use Dexpler transformer to translate Android’s dalvik bytecode into the Soot’s intermediate representation language, called Jimple. •All the research work have never been evaluated over real-world applications.
Mobile and Web-based applications These work together to analyze the installed apps in a mobile device and generate the vulnerability report. Applications
Desktop Client Desktop Client is a JavaFX application that provides a graphical user interface and enables end-users to analyze a set of APK files, which could be downloaded from online app stores such as Google Play.
Result Analysis To assess the effectiveness of our approach in revealing Android inter-app vulnerabilities, we have conducted an evaluation that addresses the following research questions: RQ1. What is the importance of this research? To what extent are Android apps over privileged and unsafe due to usage of permission-required APIs? RQ2. How well does COVERT perform? Does it enable compositional analysis of real-world Android apps? How much manual effort is involved in the analysis process? RQ3. What is the overall accuracy of COVERT in detecting inter-app vulnerabilities? RQ4. How does compositional analysis compare to single app analysis? RQ5. What is the performance of our prototype tool implemented atop SAT solving technologies and static analyzers?
Scatter plot for analysis time for model extraction of Android apps.
COVERT, a tool that analyzes Android applications in a compositional manner to detect inter-app and inter- component security vulnerabilities. COVERT comes with desktop, mobile and web-based front-end applications that facilitate the end-user interactions with the analysis engine. The experimental results corroborated its ability to reveal inter app vulnerabilities in real-world Android apps, many of which were previously unknown. Conclusion •COVERT can be extended, and significant components of it reused, for detecting other types of inter-app vulnerabilities, like application collusion and information leakage. For this, COVERT’s program analysis needs to be extended to take information flow into account for Android apps. •COVERT can be extended with dynamic analysis techniques which can be used to address vulnerabilities in native code. Android Apps may include native code in addition to Java code, in the form of a Java Native Interface (JNI) library, which cannot be sufficiently addressed through static analysis techniques. future work
1. H. Bagheri, A. Sadeghi, J. Garcia, and S. Malek, “Covert: Compositional analysis of android inter-app vulnerabilities,” George Mason University, Tech. Rep. 2. K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “Pscout: Analyzing the android permission specification,” in Proceedings of CCS, 2012. 3. D. Jackson, “Alloy: a lightweight object modelling notation,” TOSEM,vol. 11, no. 2 4. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, “Analyzing inter-application communication in android,” in Proc. 9th Int.Conf. Mobile Syst., Appl. Services, 2011 5. L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy, “Privilege escalation attacks on android,” in Proc. 13th Int. Conf. Inf. Security, 2010 6. R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie, “Whyper: Towards automating risk assessment of mobile applications,” USENIX Conf. Security, 2013 7. J. Woodcock, P. G. Larsen, J. Bicarregui, and J. Fitzgerald, “Formal methods: Practice and experience,” ACM Comput. Surv., vol. 41 8. D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden,J. Klein, Y. L. Traon, Effective Inter-Component Communication Mapping in Android with Epicc:An Essential Step Towards Holistic Security Analysis, in: Proceedings of the 22nd USENIX Security Symposium, Washington, DC, 2013. references
Vulnerability is not weakness. And that myth is profoundly dangerous. Vulnerability is the birthplace of innovtion, creativity and change. -Brene Brown

Recommandé

Androinspector a system for
Androinspector a system forAndroinspector a system for
Androinspector a system forIJNSA Journal
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidFraunhofer AISEC
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...IOSR Journals
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...IJNSA Journal
 
Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Krisshhna Daasaarii
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportVinoth Kanna
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Auditsijseajournal
 
Mobile application security
Mobile application securityMobile application security
Mobile application securityShubhneet Goel
 

Recommandé

Androinspector a system for
Androinspector a system forAndroinspector a system for
Androinspector a system forIJNSA Journal
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidFraunhofer AISEC
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...IOSR Journals
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...IJNSA Journal
 
Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Krisshhna Daasaarii
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportVinoth Kanna
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Auditsijseajournal
 
Mobile application security
Mobile application securityMobile application security
Mobile application securityShubhneet Goel
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITTekRevol LLC
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Rabish kumar singh QA Engineer 3 years experience
Rabish kumar singh QA Engineer 3 years experienceRabish kumar singh QA Engineer 3 years experience
Rabish kumar singh QA Engineer 3 years experienceRavish Singh
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareTyler Shields
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET Journal
 
Software Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
Software Birthmark Based Theft/Similarity Comparisons of JavaScript ProgramsSoftware Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
Software Birthmark Based Theft/Similarity Comparisons of JavaScript ProgramsSwati Patel
 
Permission use analysis for vetting undesirable behavior in
Permission use analysis for vetting undesirable behavior inPermission use analysis for vetting undesirable behavior in
Permission use analysis for vetting undesirable behavior inchaitrabhat777
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Carlos Laorden
 
100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your Testing100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your TestingBugRaptors
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Securitycclark_isec
 
IRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of CodeIRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of CodeIRJET Journal
 
Android malware overview, status and dilemmas
Android malware overview, status and dilemmasAndroid malware overview, status and dilemmas
Android malware overview, status and dilemmasTech and Law Center
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSIJNSA Journal
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperHarsimran Walia
 
Narasimhamurthy
NarasimhamurthyNarasimhamurthy
Narasimhamurthymurthy032
 
Final_Presentation_FlowDroid
Final_Presentation_FlowDroidFinal_Presentation_FlowDroid
Final_Presentation_FlowDroidKruti Sharma
 
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
IRJET - Research on Data Mining of Permission-Induced Risk for Android DevicesIRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
IRJET - Research on Data Mining of Permission-Induced Risk for Android DevicesIRJET Journal
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersPVS-Studio
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 
Mediating Applications on the Android System
Mediating Applications on the Android SystemMediating Applications on the Android System
Mediating Applications on the Android SystemNizar Maan
 

Contenu connexe

Tendances

WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITTekRevol LLC
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Rabish kumar singh QA Engineer 3 years experience
Rabish kumar singh QA Engineer 3 years experienceRabish kumar singh QA Engineer 3 years experience
Rabish kumar singh QA Engineer 3 years experienceRavish Singh
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareTyler Shields
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET Journal
 
Software Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
Software Birthmark Based Theft/Similarity Comparisons of JavaScript ProgramsSoftware Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
Software Birthmark Based Theft/Similarity Comparisons of JavaScript ProgramsSwati Patel
 
Permission use analysis for vetting undesirable behavior in
Permission use analysis for vetting undesirable behavior inPermission use analysis for vetting undesirable behavior in
Permission use analysis for vetting undesirable behavior inchaitrabhat777
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Carlos Laorden
 
100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your Testing100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your TestingBugRaptors
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Securitycclark_isec
 
IRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of CodeIRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of CodeIRJET Journal
 
Android malware overview, status and dilemmas
Android malware overview, status and dilemmasAndroid malware overview, status and dilemmas
Android malware overview, status and dilemmasTech and Law Center
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSIJNSA Journal
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperHarsimran Walia
 
Narasimhamurthy
NarasimhamurthyNarasimhamurthy
Narasimhamurthymurthy032
 
Final_Presentation_FlowDroid
Final_Presentation_FlowDroidFinal_Presentation_FlowDroid
Final_Presentation_FlowDroidKruti Sharma
 
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
IRJET - Research on Data Mining of Permission-Induced Risk for Android DevicesIRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
IRJET - Research on Data Mining of Permission-Induced Risk for Android DevicesIRJET Journal
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersPVS-Studio
 

Tendances (20)

WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android Security
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Rabish kumar singh QA Engineer 3 years experience
Rabish kumar singh QA Engineer 3 years experienceRabish kumar singh QA Engineer 3 years experience
Rabish kumar singh QA Engineer 3 years experience
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection System
 
Software Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
Software Birthmark Based Theft/Similarity Comparisons of JavaScript ProgramsSoftware Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
Software Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
 
Permission use analysis for vetting undesirable behavior in
Permission use analysis for vetting undesirable behavior inPermission use analysis for vetting undesirable behavior in
Permission use analysis for vetting undesirable behavior in
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
 
100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your Testing100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your Testing
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
IRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of CodeIRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of Code
 
Android malware overview, status and dilemmas
Android malware overview, status and dilemmasAndroid malware overview, status and dilemmas
Android malware overview, status and dilemmas
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaper
 
Narasimhamurthy
NarasimhamurthyNarasimhamurthy
Narasimhamurthy
 
Final_Presentation_FlowDroid
Final_Presentation_FlowDroidFinal_Presentation_FlowDroid
Final_Presentation_FlowDroid
 
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
IRJET - Research on Data Mining of Permission-Induced Risk for Android DevicesIRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzers
 

Similaire à COVERT app

Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 
Mediating Applications on the Android System
Mediating Applications on the Android SystemMediating Applications on the Android System
Mediating Applications on the Android SystemNizar Maan
 
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...csandit
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSIJNSA Journal
 
IRJET- Android Malware Detection using Deep Learning
IRJET- Android Malware Detection using Deep LearningIRJET- Android Malware Detection using Deep Learning
IRJET- Android Malware Detection using Deep LearningIRJET Journal
 
Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Mohammed Adam
 
A case study of malware detection and removal in android apps
A case study of malware detection and removal in android appsA case study of malware detection and removal in android apps
A case study of malware detection and removal in android appsijmnct
 
IRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET Journal
 
Security on android
Security on androidSecurity on android
Security on androidpk464312
 
2.Android App Development_ Types of Automated Unit Tests.pdf
2.Android App Development_ Types of Automated Unit Tests.pdf2.Android App Development_ Types of Automated Unit Tests.pdf
2.Android App Development_ Types of Automated Unit Tests.pdfBelayet Hossain
 
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...IJNSA Journal
 
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIAnti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIArash Ramez
 
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROIDMACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROIDIRJET Journal
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisIRJET Journal
 
Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsJPINFOTECH JAYAPRAKASH
 
Getting started with android
Getting started with androidGetting started with android
Getting started with androidVandana Verma
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentestingMinali Arora
 
Droidcon mobile security
Droidcon mobile securityDroidcon mobile security
Droidcon mobile securityJudy Ngure
 

Similaire à COVERT app (20)

Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Mediating Applications on the Android System
Mediating Applications on the Android SystemMediating Applications on the Android System
Mediating Applications on the Android System
 
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
 
Android Security
Android SecurityAndroid Security
Android Security
 
IRJET- Android Malware Detection using Deep Learning
IRJET- Android Malware Detection using Deep LearningIRJET- Android Malware Detection using Deep Learning
IRJET- Android Malware Detection using Deep Learning
 
Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Android Penetration Testing - Day 1
Android Penetration Testing - Day 1
 
A case study of malware detection and removal in android apps
A case study of malware detection and removal in android appsA case study of malware detection and removal in android apps
A case study of malware detection and removal in android apps
 
IRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine Learning
 
Security on android
Security on androidSecurity on android
Security on android
 
2.Android App Development_ Types of Automated Unit Tests.pdf
2.Android App Development_ Types of Automated Unit Tests.pdf2.Android App Development_ Types of Automated Unit Tests.pdf
2.Android App Development_ Types of Automated Unit Tests.pdf
 
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
 
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIAnti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
 
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROIDMACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault Analysis
 
Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applications
 
Getting started with android
Getting started with androidGetting started with android
Getting started with android
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentesting
 
Droidcon mobile security
Droidcon mobile securityDroidcon mobile security
Droidcon mobile security
 

Dernier

Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxRomil Mishra
 
A brief look at visionOS - How to develop app on Apple's Vision Pro
A brief look at visionOS - How to develop app on Apple's Vision ProA brief look at visionOS - How to develop app on Apple's Vision Pro
A brief look at visionOS - How to develop app on Apple's Vision ProRay Yuan Liu
 
multiple access in wireless communication
multiple access in wireless communicationmultiple access in wireless communication
multiple access in wireless communicationpanditadesh123
 
Curve setting (Basic Mine Surveying)_MI10412MI.pptx
Curve setting (Basic Mine Surveying)_MI10412MI.pptxCurve setting (Basic Mine Surveying)_MI10412MI.pptx
Curve setting (Basic Mine Surveying)_MI10412MI.pptxRomil Mishra
 
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...Stork
 
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTESCME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTESkarthi keyan
 
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.pptROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.pptJohnWilliam111370
 
List of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdfList of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdfisabel213075
 
Theory of Machine Notes / Lecture Material .pdf
Theory of Machine Notes / Lecture Material .pdfTheory of Machine Notes / Lecture Material .pdf
Theory of Machine Notes / Lecture Material .pdfShreyas Pandit
 
Energy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxEnergy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxsiddharthjain2303
 
Novel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsNovel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsResearcher Researcher
 
Prach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism CommunityPrach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism Communityprachaibot
 
Secure Key Crypto - Tech Paper JET Tech Labs
Secure Key Crypto - Tech Paper JET Tech LabsSecure Key Crypto - Tech Paper JET Tech Labs
Secure Key Crypto - Tech Paper JET Tech Labsamber724300
 
Input Output Management in Operating System
Input Output Management in Operating SystemInput Output Management in Operating System
Input Output Management in Operating SystemRashmi Bhat
 
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACHTEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACHSneha Padhiar
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating SystemRashmi Bhat
 
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENTFUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENTSneha Padhiar
 
Cost estimation approach: FP to COCOMO scenario based question
Cost estimation approach: FP to COCOMO scenario based questionCost estimation approach: FP to COCOMO scenario based question
Cost estimation approach: FP to COCOMO scenario based questionSneha Padhiar
 
"Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ..."Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ...Erbil Polytechnic University
 

Dernier (20)

Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptx
 
A brief look at visionOS - How to develop app on Apple's Vision Pro
A brief look at visionOS - How to develop app on Apple's Vision ProA brief look at visionOS - How to develop app on Apple's Vision Pro
A brief look at visionOS - How to develop app on Apple's Vision Pro
 
multiple access in wireless communication
multiple access in wireless communicationmultiple access in wireless communication
multiple access in wireless communication
 
Curve setting (Basic Mine Surveying)_MI10412MI.pptx
Curve setting (Basic Mine Surveying)_MI10412MI.pptxCurve setting (Basic Mine Surveying)_MI10412MI.pptx
Curve setting (Basic Mine Surveying)_MI10412MI.pptx
 
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
 
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTESCME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
 
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.pptROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
 
List of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdfList of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdf
 
Theory of Machine Notes / Lecture Material .pdf
Theory of Machine Notes / Lecture Material .pdfTheory of Machine Notes / Lecture Material .pdf
Theory of Machine Notes / Lecture Material .pdf
 
Energy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxEnergy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptx
 
Novel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsNovel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending Actuators
 
Prach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism CommunityPrach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism Community
 
Secure Key Crypto - Tech Paper JET Tech Labs
Secure Key Crypto - Tech Paper JET Tech LabsSecure Key Crypto - Tech Paper JET Tech Labs
Secure Key Crypto - Tech Paper JET Tech Labs
 
Input Output Management in Operating System
Input Output Management in Operating SystemInput Output Management in Operating System
Input Output Management in Operating System
 
Designing pile caps according to ACI 318-19.pptx
Designing pile caps according to ACI 318-19.pptxDesigning pile caps according to ACI 318-19.pptx
Designing pile caps according to ACI 318-19.pptx
 
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACHTEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating System
 
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENTFUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
 
Cost estimation approach: FP to COCOMO scenario based question
Cost estimation approach: FP to COCOMO scenario based questionCost estimation approach: FP to COCOMO scenario based question
Cost estimation approach: FP to COCOMO scenario based question
 
"Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ..."Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ...
 

COVERT app

  • 1. M.Tech (CSE) 1st semester
  • 2. ABSTRACT • Problem: Enforcement of the permissions in Android is at the level of individual apps, allowing multiple malicious apps to collude and combine their permissions or to trick vulnerable apps to perform actions on their behalf that are beyond their individual privileges. • Research efforts are subject to a common limitation: they are intended to detect and mitigate vulnerabilities in a single app. • COVERT’s analysis is modular and it statically analyzes the reverse engineered source code of each individual app, and extracts relevant security specifications in a format suitable for formal verification. • Using COVERT to examine over 500 real-world apps corroborates its ability to find inter-app vulnerabilities in bundles of some of the most popular apps on the market.
  • 3. INTRODUCTION• Previous techniques failed to identify vulnerabilities due to the interaction of multiple apps, such as collusion attacks and privilege escalation chaining, which cannot be detected by analyzing a single app in isolation. • COVERT increases the scope of application analysis This enables reasoning about the overall security posture of a system. • The main objective of COVERT is to automatically – identify such vulnerabilities that occur due to the interaction of apps comprising a system – by inferring the security properties from individual apps and checking them as a whole by means of formal analysis – determine whether it is safe for a bundle of apps, requiring certain permissions and interacting with each other, to be installed together. • COVERT extracts essential information and captures them in an analyzable formal specification language and uses Alloy as a specification language, and the Alloy Analyzer as the analysis engine.
  • 4. Android Overview Application Components Components are basic logical building blocks of Android applications. There are four types of components: • Activity • Service • Broadcast Receiver • Content Provider IPC Android depends app insulation to protect apps requires interactions to occur through a message passing mechanism, called inter- process communication. IPC is conducted by means of Intent messages. Application Configuration Each Android application must declare upfront its configuration. Component capabilities are specified as a set of Intent Filters that represent the kinds of requests a given component can respond to. Permissions Each application must declare as part of its manifest the permissions it requires, and the Android system prompts the user for consent during the application installation. Android platform provides over 130 pre- defined permissions, and apps can also define their own permissions. Intent Messages Intent message is an event for an action to be performed along with the data that supports that action. Sandboxing Sandboxing is a computer security term referring to when a program is set aside from other programs in a separate environment so that if errors or security issues occur, those issues will not spread to other areas on the computer.
  • 5. Literature survey • Main focus of work is on performing program analysis over Android applications for security and Android’s permissions and their use across applications. All the research work have never been evaluated over real-world applications. • FlowDroid introduces a precise approach for static taint flow analysis for each app component. SCanDroid statically analyzes data flows to detect permission inconsistencies between apps that could possibly allow malicious access to sensitive information. It requires the source code of applications. • TaintDroid detects information leak vulnerabilities using dynamic taint flow analysis at the system level. IPC Inspection prevents privilege escalation at OS level. Whyper is a tool that checks the app’s requested permissions against its description, enabling the user to determine if certain requested permissions are suspicious. • Pscout is used to extract the permission specification from the Android OS source code using static analysis, leading to a comprehensive set of permission maps.
  • 7. Example scenario A malicious app exploits the vulnerabilities of two other apps to send the device location data to the desirable phone number
  • 8.
  • 9. Entity Extraction and Resolution Control Flow Augmentation Vulnerable Path Identification Static analysis technique • Input as APK and app byte code • Generate app models (build on top of Soot and Dexpler) Check for vulnerability • Combine with formal spec of app framework • Alloy as specification language • Report of list of vulnerabilities Method of Implementation 1. MODEL EXTRACTOR We first need a model of each app to determine the inter-process communications and the security properties. A model for an Android application is a tuple A = <C, I, F, P,S >, where •C is a set of components, set of Intent messages, Intent filters, permissions and set of sensitive paths •I is a set of event messages that can be used for both inter- and intra-app communications. •If component is non-empty, the Intent is called an explicit Intent, as the recipient is given explicitly. •F is a set of Intent Filters, describes an interface of c in terms of Intents that it can handle. •P is a union of required (Preq) and enforced permissions(Penf) •S is a finite set of vulnerable paths
  • 11.
  • 12. Formal Analyzer Alloy Overview Formal Model of Android Framework Formal Model of Apps Checking Android Application models There are four main reasons for choosing Alloy: 1. Its comprehensible, object-oriented- like syntax, makes it useful for declarative specification of both apps and properties to be checked. 2. Ability to automatically analyze specifications with no custom programming is useful as an automation mechanism. 3. Effective module system allows us to split the overall, complicated system model among several tractable modules. 4. The extraction approach to generate bundle specifications is incremental. Once an app model is extracted, it can be reused for analysis within several bundles of apps.
  • 13. Formal Model of Android Framework The analyzer provides two types of analysis: Simulation, in which the analyzer demonstrates consistency of model specifications by generating a satisfying model instance; Model Checking, which involves finding a counterexample a model instance that violates a particular assertion. There are six top-level signatures to model the basic element types: Application, Component, Intent Filter, Intent, Path, and Permission. These signatures are defined as abstract, meaning that they cannot have an instance object without explicitly extending them.
  • 14. Formal model of apps Three pieces of Alloy specifications are conjoined in the process of modeling various parts of Android apps extracted from their APK files. 1. Specification module called appDeclaration 2. App model, represented in a separate Alloy module for each app. 3. Inter-process communication module that models all Intent messages created within app.
  • 15. Checking Android Application models Considering the privilege escalation, Davi et al state it as follows: “An application with less permissions (a nonprivileged caller) is not restricted to access components of a more privileged application (a privileged callee).” The assertion states that the dst component (victim) has access to a permission (uses Permission) that is missing in the src component (malicious), and that permission is not being enforced in the source code of the victim component, nor by the application embodying the victim component.
  • 16. Benefits • COVERT can effectively detect inter-app vulnerabilities in few minutes. •Our prototype implementation of the approach only requires the availability of Android executable files, and not the original source code. •COVERT, can be used not only by developers, but also by end-users as well as third-party reviewers. •COVERT is implemented as a publicly available tool. We have built a prototype implementation of the model extractor component on top of the Soot static analysis tools for analyzing Java byte code. We use Dexpler transformer to translate Android’s dalvik bytecode into the Soot’s intermediate representation language, called Jimple. •All the research work have never been evaluated over real-world applications.
  • 17. Mobile and Web-based applications These work together to analyze the installed apps in a mobile device and generate the vulnerability report. Applications
  • 18. Desktop Client Desktop Client is a JavaFX application that provides a graphical user interface and enables end-users to analyze a set of APK files, which could be downloaded from online app stores such as Google Play.
  • 19. Result Analysis To assess the effectiveness of our approach in revealing Android inter-app vulnerabilities, we have conducted an evaluation that addresses the following research questions: RQ1. What is the importance of this research? To what extent are Android apps over privileged and unsafe due to usage of permission-required APIs? RQ2. How well does COVERT perform? Does it enable compositional analysis of real-world Android apps? How much manual effort is involved in the analysis process? RQ3. What is the overall accuracy of COVERT in detecting inter-app vulnerabilities? RQ4. How does compositional analysis compare to single app analysis? RQ5. What is the performance of our prototype tool implemented atop SAT solving technologies and static analyzers?
  • 20. Scatter plot for analysis time for model extraction of Android apps.
  • 21. COVERT, a tool that analyzes Android applications in a compositional manner to detect inter-app and inter- component security vulnerabilities. COVERT comes with desktop, mobile and web-based front-end applications that facilitate the end-user interactions with the analysis engine. The experimental results corroborated its ability to reveal inter app vulnerabilities in real-world Android apps, many of which were previously unknown. Conclusion •COVERT can be extended, and significant components of it reused, for detecting other types of inter-app vulnerabilities, like application collusion and information leakage. For this, COVERT’s program analysis needs to be extended to take information flow into account for Android apps. •COVERT can be extended with dynamic analysis techniques which can be used to address vulnerabilities in native code. Android Apps may include native code in addition to Java code, in the form of a Java Native Interface (JNI) library, which cannot be sufficiently addressed through static analysis techniques. future work
  • 22. 1. H. Bagheri, A. Sadeghi, J. Garcia, and S. Malek, “Covert: Compositional analysis of android inter-app vulnerabilities,” George Mason University, Tech. Rep. 2. K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “Pscout: Analyzing the android permission specification,” in Proceedings of CCS, 2012. 3. D. Jackson, “Alloy: a lightweight object modelling notation,” TOSEM,vol. 11, no. 2 4. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, “Analyzing inter-application communication in android,” in Proc. 9th Int.Conf. Mobile Syst., Appl. Services, 2011 5. L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy, “Privilege escalation attacks on android,” in Proc. 13th Int. Conf. Inf. Security, 2010 6. R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie, “Whyper: Towards automating risk assessment of mobile applications,” USENIX Conf. Security, 2013 7. J. Woodcock, P. G. Larsen, J. Bicarregui, and J. Fitzgerald, “Formal methods: Practice and experience,” ACM Comput. Surv., vol. 41 8. D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden,J. Klein, Y. L. Traon, Effective Inter-Component Communication Mapping in Android with Epicc:An Essential Step Towards Holistic Security Analysis, in: Proceedings of the 22nd USENIX Security Symposium, Washington, DC, 2013. references
  • 23. Vulnerability is not weakness. And that myth is profoundly dangerous. Vulnerability is the birthplace of innovtion, creativity and change. -Brene Brown