Results 1 - 10
of
19
Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps
- in CCS. ACM
"... We propose a new approach to conduct static analysis for security vetting of Android apps, and built a general frame-work, called Amandroid for determining points-to informa-tion for all objects in an Android app in a flow and context-sensitive way across Android apps components. We show that: (a) t ..."
Abstract
-
Cited by 7 (1 self)
- Add to MetaCart
(Show Context)
We propose a new approach to conduct static analysis for security vetting of Android apps, and built a general frame-work, called Amandroid for determining points-to informa-tion for all objects in an Android app in a flow and context-sensitive way across Android apps components. We show that: (a) this type of comprehensive analysis is completely feasible in terms of computing resources needed with mod-ern hardware, (b) one can easily leverage the results from this general analysis to build various types of specialized se-curity analyses – in many cases the amount of additional coding needed is around 100 lines of code, and (c) the re-sult of those specialized analyses leveraging Amandroid is at least on par and often exceeds prior works designed for the specific problems, which we demonstrate by comparing Amandroid’s results with those of prior works whenever we can obtain the executable of those tools. Since Amandroid’s analysis directly handles inter-component control and data flows, it can be used to address security problems that re-sult from interactions among multiple components from ei-ther the same or different apps. Amandroid’s analysis is sound in that it can provide assurance of the absence of the specified security problems in an app with well-specified and reasonable assumptions on Android runtime system and its library.
Why does cryptographic software fail? A case study and open problems
"... Mistakes in cryptographic software implementations of-ten undermine the strong security guarantees offered by cryptography. This paper presents a systematic study of cryptographic vulnerabilities in practice, an examination of state-of-the-art techniques to prevent such vulnerabil-ities, and a discu ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
(Show Context)
Mistakes in cryptographic software implementations of-ten undermine the strong security guarantees offered by cryptography. This paper presents a systematic study of cryptographic vulnerabilities in practice, an examination of state-of-the-art techniques to prevent such vulnerabil-ities, and a discussion of open problems and possible future research directions. Our study covers 269 cryp-tographic vulnerabilities reported in the CVE database from January 2011 to May 2014. The results show that just 17 % of the bugs are in cryptographic libraries (which often have devastating consequences), and the remaining 83 % are misuses of cryptographic libraries by individual applications. We observe that preventing bugs in different parts of a system requires different techniques, and that no effective techniques exist to deal with certain classes of mistakes, such as weak key generation. 1
Surreptitiously weakening cryptographic systems
, 2015
"... Revelations over the past couple of years highlight the importance of understanding malicious and surreptitious weakening of cryptographic systems. We provide an overview of this domain, using a number of historical examples to drive development of a weaknesses taxonomy. This allows comparing differ ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
Revelations over the past couple of years highlight the importance of understanding malicious and surreptitious weakening of cryptographic systems. We provide an overview of this domain, using a number of historical examples to drive development of a weaknesses taxonomy. This allows comparing different approaches to sabotage. We categorize a broader set of potential avenues for weakening systems using this taxonomy, and discuss what future research is needed to provide sabotage-resilient cryptography.
Brahmastra: Driving apps to test the security of third-party components.
- In USENIX Security,
, 2014
"... Abstract We present an app automation tool called Brahmastra for helping app stores and security researchers to test thirdparty components in mobile apps at runtime. The main challenge is that call sites that invoke third-party code may be deeply embedded in the app, beyond the reach of traditional ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Abstract We present an app automation tool called Brahmastra for helping app stores and security researchers to test thirdparty components in mobile apps at runtime. The main challenge is that call sites that invoke third-party code may be deeply embedded in the app, beyond the reach of traditional GUI testing tools. Our approach uses static analysis to construct a page transition graph and discover execution paths to invoke third-party code. We then perform binary rewriting to "jump start" the third-party code by following the execution path, efficiently pruning out undesired executions. Compared with the state-of-theart GUI testing tools, Brahmastra is able to successfully analyse third-party code in 2.7× more apps and decrease test duration by a factor of 7. We use Brahmastra to uncover interesting results for two use cases: 175 out of 220 children's apps we tested display ads that point to web pages that attempt to collect personal information, which is a potential violation of the Children's Online Privacy Protection Act (COPPA); and 13 of the 200 apps with the Facebook SDK that we tested are vulnerable to a known access token attack.
CLAPP: Characterizing Loops in Android Applications
"... When performing program analysis, loops are one of the most important aspects that needs to be taken into account. In the past, many approaches have been proposed to analyze loops to perform different tasks, ranging from compiler optimizations to Worst-Case Execution Time (WCET) analysis. While thes ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
When performing program analysis, loops are one of the most important aspects that needs to be taken into account. In the past, many approaches have been proposed to analyze loops to perform different tasks, ranging from compiler optimizations to Worst-Case Execution Time (WCET) analysis. While these approaches are powerful, they focus on tackling very specic categories of loops and known loop patterns, such as the ones for which the number of iterations can be statically determined. In this work, we developed a static analysis framework to characterize and analyze generic loops, without relying on techniques based on pattern matching. For this work, we focus on the Android platform, and we implemented a prototype, called Clapp, that we used to perform the rst large-scale empirical study of the usage of loops in Android applications. In particular, we used our tool to analyze a total of 4,110,510 loops found in 11,823 Android applications. As part of our evaluation, we provide the detailed results of our empirical study, we show how our analysis was able to de-termine that the execution of 63.28 % of the loops is bounded, and we discuss several interesting insights related to the per-formance issues and security aspects associated with loops.
What the app is that? deception and countermeasures in the android user interface
- In Symposium on Security and Privacy (SP
, 2015
"... Abstract-Mobile applications are part of the everyday lives of billions of people, who often trust them with sensitive information. These users identify the currently focused app solely by its visual appearance, since the GUIs of the most popular mobile OSes do not show any trusted indication of th ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Abstract-Mobile applications are part of the everyday lives of billions of people, who often trust them with sensitive information. These users identify the currently focused app solely by its visual appearance, since the GUIs of the most popular mobile OSes do not show any trusted indication of the app origin. In this paper, we analyze in detail the many ways in which Android users can be confused into misidentifying an app, thus, for instance, being deceived into giving sensitive information to a malicious app. Our analysis of the Android platform APIs, assisted by an automated state-exploration tool, led us to identify and categorize a variety of attack vectors (some previously known, others novel, such as a non-escapable fullscreen overlay) that allow a malicious app to surreptitiously replace or mimic the GUI of other apps and mount phishing and click-jacking attacks. Limitations in the system GUI make these attacks significantly harder to notice than on a desktop machine, leaving users completely defenseless against them. To mitigate GUI attacks, we have developed a two-layer defense. To detect malicious apps at the market level, we developed a tool that uses static analysis to identify code that could launch GUI confusion attacks. We show how this tool detects apps that might launch GUI attacks, such as ransomware programs. Since these attacks are meant to confuse humans, we have also designed and implemented an on-device defense that addresses the underlying issue of the lack of a security indicator in the Android GUI. We add such an indicator to the system navigation bar; this indicator securely informs users about the origin of the app with which they are interacting (e.g., the PayPal app is backed by "PayPal, Inc."). We demonstrate the effectiveness of our attacks and the proposed on-device defense with a user study involving 308 human subjects, whose ability to detect the attacks increased significantly when using a system equipped with our defense.
Automatic Detection of Information Leakage Vulnerabilities in Browser Extensions
"... A large number of extensions exist in browser vendors ’ on-line stores for millions of users to download and use. Many of those extensions process sensitive information from user inputs and webpages; however, it remains a big question whether those extensions may accidentally leak such sensi-tive in ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
A large number of extensions exist in browser vendors ’ on-line stores for millions of users to download and use. Many of those extensions process sensitive information from user inputs and webpages; however, it remains a big question whether those extensions may accidentally leak such sensi-tive information out of the browsers without protection. In this paper, we present a framework, LvDetector, that com-bines static and dynamic program analysis techniques for automatic detection of information leakage vulnerabilities in legitimate browser extensions. Extension developers can use LvDetector to locate and fix the vulnerabilities in their code; browser vendors can use LvDetector to decide whether the corresponding extensions can be hosted in their online stores; advanced users can also use LvDetector to determine if certain extensions are safe to use. The design of LvDetec-tor is not bound to specific browsers or JavaScript engines, and can adopt other program analysis techniques. We im-plemented LvDetector and evaluated it on 28 popular Fire-fox and Google Chrome extensions. LvDetector identified 18 previously unknown information leakage vulnerabilities in 13 extensions with a 87 % accuracy rate. The evalua-tion results and the feedback to our responsible disclosure demonstrate that LvDetector is useful and effective.
Demo: Zero Interaction Private Messaging with ZIPR
"... Messaging app developers are beginning to take the security and privacy of their users ’ communication more seriously [3]. Unfortunately, a recent study has shown that the develop-ers of many popular apps incorrectly use cryptography [2]. As a result, they make mistakes that may result in trivially ..."
Abstract
- Add to MetaCart
(Show Context)
Messaging app developers are beginning to take the security and privacy of their users ’ communication more seriously [3]. Unfortunately, a recent study has shown that the develop-ers of many popular apps incorrectly use cryptography [2]. As a result, they make mistakes that may result in trivially broken encryption schemes. For example, the developers of Snapchat use a constant symmetric encryption key hard-coded into the app and it only takes 12 lines of Ruby to crack the encryption [1]. In this work, we propose ZIPR (Zero-Interaction PRi-vacy), a system that relieves developers from the task of using cryptography correctly. Designed for text-messaging apps, ZIPR automatically negotiates shared secret keys, and encrypts and decrypts messages as users of these apps chat
Towards Security Program Comprehension with Design by Contract and Slicing
"... Abstract—Over the last years, the field of software security has made much progress. More and more software vendors employ static code analyzers as well as dynamic application security testing; at the architectural level techniques such as Threat Modeling are used. However, given that deep software ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—Over the last years, the field of software security has made much progress. More and more software vendors employ static code analyzers as well as dynamic application security testing; at the architectural level techniques such as Threat Modeling are used. However, given that deep software security knowledge is still rare in industry, tools are needed that support software vendors in better understanding the implemented secu-rity architecture of their applications. In this work, we present an approach to software security comprehension based on principles of Design by Contract (DBC). In particular, we reconstruct parts of an application’s security architecture with the help of program slicing and specification inference in form of code annotations by utilizing knowledge on software frameworks and Security APIs. The inferred annotations can then be analyzed by Extended Static Checkers. Our proposed methodology can be seen as a first step towards more systematic security code audits. I.
Towards Secure Integration of Cryptographic Software
"... While cryptography is now readily available to everyone and can, provably, protect private information from attack-ers, we still frequently hear about major data leakages, many of which are due to improper use of cryptographic mecha-nisms. The problem is that many application developers are not cryp ..."
Abstract
- Add to MetaCart
(Show Context)
While cryptography is now readily available to everyone and can, provably, protect private information from attack-ers, we still frequently hear about major data leakages, many of which are due to improper use of cryptographic mecha-nisms. The problem is that many application developers are not cryptographic experts. Even though high-quality crypto-graphic APIs are widely available, programmers often select the wrong algorithms or misuse APIs due to a lack of un-derstanding. Such issues arise with both simple operations such as encryption as well as with complex secure commu-nication protocols such as SSL. In this paper, we provide a long-term solution that helps application developers inte-grate cryptographic components correctly and securely by bridging the gap between cryptographers and application de-velopers. Our solution consists of a software product line (with an underlying feature model) that automatically identifies the correct cryptographic algorithms to use, based on the de-veloper’s answers to high-level questions in non-expert ter-minology. Each feature (i.e., cryptographic algorithm) maps into corresponding Java code and a usage protocol describ-ing API restrictions. By composing the user’s selected fea-tures, we automatically synthesize a secure code blueprint and a usage protocol that corresponds to the selected us-age scenario. Since the developer may change the applica-tion code over time, we use the usage protocols to statically analyze the program and ensure that the correct use of the API is not violated over time. [Copyright notice will appear here once ’preprint ’ option is removed.]
