Skip to main content
SpringerLink
Log in

Compositional Information Flow Verification for Inter Application Communications in Android System

  • Conference paper
  • First Online:
Machine Learning for Cyber Security (ML4CS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11806))

Included in the following conference series:

  • 1835 Accesses

Abstract

Inter-component communication (ICC) is commonly used in Android for information exchange among different components/apps. However, it also brings severe challenges to information flow security. When data is transferred and processed, the diversity of different security mechanisms in various apps make data more vulnerable to leakage. Although there are several analysis approaches on security verification on inter-component information flow, repetitive verification on the same component during complex interactions increases the overhead, which would affect task execution efficiency and consume more energy. Therefore, we propose a compositional information flow security verification approach, which improves efficiency by separating the intra-app and inter-app analysis and verification process. The experiment and analysis show that our method is more effective than traditional global approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A., Shastry, B.: Towards taming privilege-escalation attacks on Android. In: NDSS 2012 (2012)

    Google Scholar 

  2. Li, L., et al.: Detecting inter-component privacy leaks in Android apps. In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 280–291 (2015)

    Google Scholar 

  3. Marforio, C., Ritzdorf, H., Francillon, A., Capkun, S.: Analysis of the communication between colluding applications on modern smartphones. In: ACSAC 2012 (2012)

    Google Scholar 

  4. Arzt, S., et al.: FlowDroid: precise context, flow, field, object sensitive and lifecycle-aware taint analysis for Android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)

    Article  Google Scholar 

  5. Rasthofer, S., et al.: A machine-learning approach for classifying and categorizing Android sources and sinks. In: Proceedings of 14th Network and Distributed System Securit (NDSS) (2014)

    Google Scholar 

  6. Enck, W., et al.: TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM (2014)

    Google Scholar 

  7. Bagheri, H., Sadeghi, A., Garcia, J., Malek, S.: Covert: compositional analysis of Android inter-app permission leakage. IEEE TSE 41(9), 866–886 (2015)

    Google Scholar 

  8. Bohluli, Z., Shahriari, H.R.: Detecting privacy leaks in Android apps using inter-component information flow control analysis. In: Proceedings of 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), pp. 1–6 (2018)

    Google Scholar 

  9. Chen, H., Leung, H.-F., Han, B., Su, J.: Automatic privacy leakage detection for massive Android apps via a novel hybrid approach. In: 2017 IEEE International Conference on Communications (ICC), pp. 1–7 (2017)

    Google Scholar 

  10. Gordon, M.I., Kim, D., Perkins, J.H., Gilham, L., Nguyen, N., Rinard, M.C.: Information flow analysis of Android applications in DroidSafe. In: NDSS (2015)

    Google Scholar 

  11. Bosu, A., Liu, F., Yao, D., Wang, G.: Collusive data leak and more: large-scale threat analysis of inter-app communications. In: ASIACCS (2017)

    Google Scholar 

  12. Fuchs, A.P., Chaudhuri, A., Foster, J.S.: ScanDroid: automated security certification of Android applications. Technical report, Department of Computer Science, University of Maryland, College Park (2009)

    Google Scholar 

  13. Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symposium on Security and Privacy, pp. 11–20. IEEE (1982)

    Google Scholar 

  14. Bagheri, H., Sadeghi, A., Jabbarvand, R., Malek, S.: Automated dynamic enforcement of synthesized security policies in Android. Technical report (2015)

    Google Scholar 

  15. Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! Analyzing unsafe and malicious dynamic code loading in Android applications. In: NDSS 2014, no. February, pp. 23–26 (2014)

    Google Scholar 

  16. Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., Hoffmann, J.: Mobile-sandbox: having a deeper look into android applications. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing, pp. 1808–1815. ACM, Coimbra (2013)

    Google Scholar 

  17. Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE (2012)

    Google Scholar 

  18. Jing, Y., Ahn, G.-J., Doupe, A., Yi, J.H.: Checking intent-based communication in Android with intent space analysis. In: ASIACCS (2016)

    Google Scholar 

  19. Liu, F., Cai, H., Wang, G., Yao, D., Elish, K.O., Ryder, B.G.: MR-Droid: a scalable and prioritized analysis of inter-app communication risks. In: 2017 IEEE Security and Privacy Workshops (SPW), pp. 189–198 (2017). 10.11999JEIT140902

    Google Scholar 

  20. Xi, N., Ma, J., Sun, C., Shen, Y., Zhang, T.: Distributed information flow verification framework for the composition of service chain in wireless sensor network. Int. J. Distrib. Sens. Netw. 2013, 10 (2013)

    Google Scholar 

  21. Li, L., Bartel, A., Bissyandé, T.F., Klein, J., Traon, Y.L.: ApkCombiner: combining multiple Android apps to support inter-app analysis. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 513–527. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18467-8_34

    Chapter  Google Scholar 

  22. Harrison, R.: Investigating the effectiveness of obfuscation against Android application reverse engineering. Royal Holloway University of London, RHUL-ISG-2015-7 (2015)

    Google Scholar 

  23. Ghosh, S., Tandan, S.R., Lahre, K.: Shielding Android application against reverse engineering. Int. J. Eng. Res. Technol. 2(6), 2635–2643 (2013)

    Google Scholar 

  24. Protsenko, M., Mller, T.: Protecting Android apps against reverse engineering by the use of the native code. In: 12th International Conference on Trust and Privacy in Digital Business, Valencia, Spain, pp. 99–110 (2015)

    Google Scholar 

  25. Strazzere, T.: DEX education 201: anti-emulation. In: HITCON 2013 (2013)

    Google Scholar 

  26. Wolfe, B., Elish, K.O., Yao, D.D.: Comprehensive behavior profiling for proactive Android malware detection. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 328–344. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13257-0_19

    Chapter  Google Scholar 

  27. Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: DroidMat: Android malware detection through manifest and API calls tracing. In: Proceedings of the Asia Joint Conference on Information Security (Asia JCIS), pp. 62–69 (2012). https://doi.org/10.1109/AsiaJCIS.2012.18

  28. Gascon, H., Yamaguchi, F., Arp, D., Rieck, K.: Structural detection of Android malware using embedded call graphs. In: Proceedings of the ACM Workshop on Artificial Intelligence and Security (AISEC), pp. 45–54 (2013). https://doi.org/10.1145/2517312.2517315

  29. Chakradeo, S., Reaves, B., Traynor, P., Enck, W.: MAST: triage for market-scale mobile malware analysis. In: Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WISEC), pp. 13–24 (2013). https://doi.org/10.1145/2462096.2462100

  30. Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-04283-1_6

    Chapter  Google Scholar 

  31. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of Android malware in your pocket. In: Proceedings of the 21th Annual Symposium on Network and Distributed System Security (NDSS 2014) (2014). https://doi.org/10.14722/ndss.2014.23247

  32. Zhang, X.Y., Zhang, G., Shen, L.W., Peng, X., Zhao, W.Y.: Similarity analysis of multi-dimension features of Android application. Comput. Sci. 43(3), 199–205, 219 (2016). (in Chinese with English abstract). https://doi.org/10.11896/j.issn.1002-137X.2016.03.037

  33. Kong, D.G., Cen, L., Jin, H.X.: AUTOREB: automatically understanding the review-to-behavior fidelity in Android applications. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS 2015), pp. 530–541 (2015). https://doi.org/10.1145/2810103.2813689

  34. Zhang, M., Duan, Y., Feng, Q., Yin, H.: Towards automatic generation of security-centric descriptions for Android apps. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS 2015), pp. 518–529 (2015). https://doi.org/10.1145/2810103.2813669

  35. Wang, R., Feng, D.G., Yang, Y., Su, P.R.: Semantics-based malware behavior signature extraction and detection method. Ruanjian Xuebao/J. Softw. 23(2), 378–393 (2012). https://doi.org/10.3724/SP.J.1001.2012.03953. (in Chinese with English abstract), http://www.jos.org.cn/1000-9825/3953.htm

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Xidian University, Xi’an, China

    Xue Rao, Ning Xi, Jing Lv & Pengbin Feng

Authors
  1. Xue Rao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ning Xi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jing Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pengbin Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Xue Rao , Ning Xi , Jing Lv or Pengbin Feng .

Editor information

Editors and Affiliations

  1. Xidian University, Xi’an, China

    Xiaofeng Chen

  2. Fujian Normal University, Fuzhou, China

    Xinyi Huang

  3. Swinburne University of Technology, Hawthorn, VIC, Australia

    Jun Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rao, X., Xi, N., Lv, J., Feng, P. (2019). Compositional Information Flow Verification for Inter Application Communications in Android System. In: Chen, X., Huang, X., Zhang, J. (eds) Machine Learning for Cyber Security. ML4CS 2019. Lecture Notes in Computer Science(), vol 11806. Springer, Cham. https://doi.org/10.1007/978-3-030-30619-9_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-30619-9_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-30618-2

  • Online ISBN: 978-3-030-30619-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation