Abstract
Inter-component communication (ICC) is commonly used in Android for information exchange among different components/apps. However, it also brings severe challenges to information flow security. When data is transferred and processed, the diversity of different security mechanisms in various apps make data more vulnerable to leakage. Although there are several analysis approaches on security verification on inter-component information flow, repetitive verification on the same component during complex interactions increases the overhead, which would affect task execution efficiency and consume more energy. Therefore, we propose a compositional information flow security verification approach, which improves efficiency by separating the intra-app and inter-app analysis and verification process. The experiment and analysis show that our method is more effective than traditional global approaches.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A., Shastry, B.: Towards taming privilege-escalation attacks on Android. In: NDSS 2012 (2012)
Li, L., et al.: Detecting inter-component privacy leaks in Android apps. In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 280–291 (2015)
Marforio, C., Ritzdorf, H., Francillon, A., Capkun, S.: Analysis of the communication between colluding applications on modern smartphones. In: ACSAC 2012 (2012)
Arzt, S., et al.: FlowDroid: precise context, flow, field, object sensitive and lifecycle-aware taint analysis for Android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)
Rasthofer, S., et al.: A machine-learning approach for classifying and categorizing Android sources and sinks. In: Proceedings of 14th Network and Distributed System Securit (NDSS) (2014)
Enck, W., et al.: TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM (2014)
Bagheri, H., Sadeghi, A., Garcia, J., Malek, S.: Covert: compositional analysis of Android inter-app permission leakage. IEEE TSE 41(9), 866–886 (2015)
Bohluli, Z., Shahriari, H.R.: Detecting privacy leaks in Android apps using inter-component information flow control analysis. In: Proceedings of 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), pp. 1–6 (2018)
Chen, H., Leung, H.-F., Han, B., Su, J.: Automatic privacy leakage detection for massive Android apps via a novel hybrid approach. In: 2017 IEEE International Conference on Communications (ICC), pp. 1–7 (2017)
Gordon, M.I., Kim, D., Perkins, J.H., Gilham, L., Nguyen, N., Rinard, M.C.: Information flow analysis of Android applications in DroidSafe. In: NDSS (2015)
Bosu, A., Liu, F., Yao, D., Wang, G.: Collusive data leak and more: large-scale threat analysis of inter-app communications. In: ASIACCS (2017)
Fuchs, A.P., Chaudhuri, A., Foster, J.S.: ScanDroid: automated security certification of Android applications. Technical report, Department of Computer Science, University of Maryland, College Park (2009)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symposium on Security and Privacy, pp. 11–20. IEEE (1982)
Bagheri, H., Sadeghi, A., Jabbarvand, R., Malek, S.: Automated dynamic enforcement of synthesized security policies in Android. Technical report (2015)
Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! Analyzing unsafe and malicious dynamic code loading in Android applications. In: NDSS 2014, no. February, pp. 23–26 (2014)
Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., Hoffmann, J.: Mobile-sandbox: having a deeper look into android applications. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing, pp. 1808–1815. ACM, Coimbra (2013)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE (2012)
Jing, Y., Ahn, G.-J., Doupe, A., Yi, J.H.: Checking intent-based communication in Android with intent space analysis. In: ASIACCS (2016)
Liu, F., Cai, H., Wang, G., Yao, D., Elish, K.O., Ryder, B.G.: MR-Droid: a scalable and prioritized analysis of inter-app communication risks. In: 2017 IEEE Security and Privacy Workshops (SPW), pp. 189–198 (2017). 10.11999JEIT140902
Xi, N., Ma, J., Sun, C., Shen, Y., Zhang, T.: Distributed information flow verification framework for the composition of service chain in wireless sensor network. Int. J. Distrib. Sens. Netw. 2013, 10 (2013)
Li, L., Bartel, A., Bissyandé, T.F., Klein, J., Traon, Y.L.: ApkCombiner: combining multiple Android apps to support inter-app analysis. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 513–527. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18467-8_34
Harrison, R.: Investigating the effectiveness of obfuscation against Android application reverse engineering. Royal Holloway University of London, RHUL-ISG-2015-7 (2015)
Ghosh, S., Tandan, S.R., Lahre, K.: Shielding Android application against reverse engineering. Int. J. Eng. Res. Technol. 2(6), 2635–2643 (2013)
Protsenko, M., Mller, T.: Protecting Android apps against reverse engineering by the use of the native code. In: 12th International Conference on Trust and Privacy in Digital Business, Valencia, Spain, pp. 99–110 (2015)
Strazzere, T.: DEX education 201: anti-emulation. In: HITCON 2013 (2013)
Wolfe, B., Elish, K.O., Yao, D.D.: Comprehensive behavior profiling for proactive Android malware detection. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 328–344. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13257-0_19
Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: DroidMat: Android malware detection through manifest and API calls tracing. In: Proceedings of the Asia Joint Conference on Information Security (Asia JCIS), pp. 62–69 (2012). https://doi.org/10.1109/AsiaJCIS.2012.18
Gascon, H., Yamaguchi, F., Arp, D., Rieck, K.: Structural detection of Android malware using embedded call graphs. In: Proceedings of the ACM Workshop on Artificial Intelligence and Security (AISEC), pp. 45–54 (2013). https://doi.org/10.1145/2517312.2517315
Chakradeo, S., Reaves, B., Traynor, P., Enck, W.: MAST: triage for market-scale mobile malware analysis. In: Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WISEC), pp. 13–24 (2013). https://doi.org/10.1145/2462096.2462100
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-04283-1_6
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of Android malware in your pocket. In: Proceedings of the 21th Annual Symposium on Network and Distributed System Security (NDSS 2014) (2014). https://doi.org/10.14722/ndss.2014.23247
Zhang, X.Y., Zhang, G., Shen, L.W., Peng, X., Zhao, W.Y.: Similarity analysis of multi-dimension features of Android application. Comput. Sci. 43(3), 199–205, 219 (2016). (in Chinese with English abstract). https://doi.org/10.11896/j.issn.1002-137X.2016.03.037
Kong, D.G., Cen, L., Jin, H.X.: AUTOREB: automatically understanding the review-to-behavior fidelity in Android applications. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS 2015), pp. 530–541 (2015). https://doi.org/10.1145/2810103.2813689
Zhang, M., Duan, Y., Feng, Q., Yin, H.: Towards automatic generation of security-centric descriptions for Android apps. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS 2015), pp. 518–529 (2015). https://doi.org/10.1145/2810103.2813669
Wang, R., Feng, D.G., Yang, Y., Su, P.R.: Semantics-based malware behavior signature extraction and detection method. Ruanjian Xuebao/J. Softw. 23(2), 378–393 (2012). https://doi.org/10.3724/SP.J.1001.2012.03953. (in Chinese with English abstract), http://www.jos.org.cn/1000-9825/3953.htm
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Rao, X., Xi, N., Lv, J., Feng, P. (2019). Compositional Information Flow Verification for Inter Application Communications in Android System. In: Chen, X., Huang, X., Zhang, J. (eds) Machine Learning for Cyber Security. ML4CS 2019. Lecture Notes in Computer Science(), vol 11806. Springer, Cham. https://doi.org/10.1007/978-3-030-30619-9_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-30619-9_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30618-2
Online ISBN: 978-3-030-30619-9
eBook Packages: Computer ScienceComputer Science (R0)