Enhancing the accuracy of static analysis for detecting sensitive data leakage in Android by using dynamic analysis

Article
  • 122 Downloads

Abstract

One approach of Android security is the analysis for detecting potential information leaks. The current technical analyses (as static analysis, dynamic analysis, hybrid of static and dynamic analysis) only focus on action within a single application, while the coordinated action of several applications for the malicious purpose is becoming popular. This study proposes a hybrid approach that combines static and dynamic analysis to detect information leak as a result of the coordinated action of multiple applications. In this text, we call it inter-application malware. The analysis takes place in two stages. The first stage uses static analysis to indicate the chains of sensitive actions on multiple applications. The second stage validates whether the chain of sensitive actions indeed leaks user’s data by using the dynamic analysis. In fact, the applications in question are forced to execute after the chains of sensitive actions detected in the first stage. The sensitive actions are monitored and analyzed to determine which actions are the causes of information leakage. And we have implemented an analysis tool, named eDSDroid. We have evaluated our tool on the famous Toyapps test case. The test result shows the correctness and effectiveness of our tool.

Keywords

Detecting inter-application information leak Hybrid analysis Data Flow analysis 

Notes

Acknowledgements

This research is funded by Vietnam National University HoChiMinh City (VNU-HCM) under Grant Number B2016-26-01.

References

  1. 1.
  2. 2.
    Sanz, B., Santos, I., Ugarte-Pedrero, X., Laorden, C., Nieves, J., Bringas, PG.: Instance-Based Anomaly Method for Android Malware Detection. In: SECRYPT, pp. 387–394. SciTe Press (2013)Google Scholar
  3. 3.
    Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R.: XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks. Technische Universitt Darmstadt Technical Report of Center for Advanced Security Research Darmstadt (2011)Google Scholar
  4. 4.
    CERT Division of the Software Engineering Institute (SEI), DidFail: Android Taint Flow Analysis. https://www.cert.org/secure-coding/tools/didfail.cfm
  5. 5.
    Zheng, C., Zhu, S., Dai, S., Gu, G., Gong, X., Han, X., Zou, W.: SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications, In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices (SPSM ’12), pp. 93–94 (2012)Google Scholar
  6. 6.
    Octeau, D., et al.: Effective inter-component communication mapping in Android with Epicc: an essential step towards hoslistic security analysis. USENIX Security (2013)Google Scholar
  7. 7.
    Bodden, E.: FlowDroid taint analysis, secure software engineering. In: European Center for Security and Privacy by Design. http://sseblog.ec-spride.de/tools/FlowDroid/
  8. 8.
    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys, vol. 11, p. 239252 (2011)Google Scholar
  9. 9.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)Google Scholar
  10. 10.
    Tchakounte, F., Dayang, P.: System call analysis of malwares on android. Int. J. Sci. Technol. 2(9) (2013)Google Scholar
  11. 11.
    Fuchs, A.P., Chaudhuri, A., Foster, J.S.: ScanDroid: automated security certification of Android applications. Technical Report. University of Maryland (2009)Google Scholar
  12. 12.
    Paul, I.: F-Secure says 99 percent of new mobile malware targets Android, but don’t worry too much. http://www.greenbot.com/article/2148521/99-percent-of-new-mobile-malware-is-on-android-but-good-luck-catching-it.html. Accessed September 2 (2014)
  13. 13.
    Hoffmann, J., Neumann, S., Holz, T.: Mobile malware detection based on energy fingerprints—a dead end? In: 16th International Symposium, pp. 348–368. RAID (2013)Google Scholar
  14. 14.
    Graa, M., Cuppens-Boulahia, N., Cuppens, F., Cavalli, A.: Detecting control flow in smartphones: combining static and dynamic analyses. In: Proceedings of the 4th International Conference on Cyberspace Safety and Security (2013)Google Scholar
  15. 15.
    Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps, PLDI (2014)Google Scholar
  16. 16.
    Schmidt, A.-D., Bye, R., Schmidt, H.-G., Clausen, J., Kiraz, O., Yuksel, K.A., Camtepe, S.A., Albayrak, S.: Static analysis of executables for collaborative malware detection on android. In: Communications, 2009. ICC’09. IEEE International Conference, pp. 1, 5, 14–18 (2009)Google Scholar
  17. 17.
    Nair, S.K., Simpson, P.N.D., Crispo, B., Tanenbaum, A.S.: A virtual machine based information flow control system for policy enforcement. Electronic Notes Theor. Comput. Sci. 197, 316 (2008)CrossRefGoogle Scholar
  18. 18.
    van der Veen, V., Rossow, C., Bos, H.: TraceDroid: a fast and complete android method tracer, hack in the box (HITB October 2013), Malaysia (2013)Google Scholar
  19. 19.
    Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI10, p. 16 (2010)Google Scholar
  20. 20.
    Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of Android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering ACM, pp. 576–587 (2014)Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2017

Authors and Affiliations

  • Ly Hoang Tuan
    • 1
  • Nguyen Tan Cam
    • 1
    • 2
  • Van-Hau Pham
    • 1
  1. 1.Information Security LabUniversity of Information Technology, Vietnam National UniversityHo Chi Minh CityVietnam
  2. 2.Faculty of Science and EngineeringHoa Sen UniversityHo Chi Minh CityVietnam

Personalised recommendations