SAM: The Static Analysis Module of the MAVERIC Mobile App Security Verification Platform
The tremendous success of the mobile application paradigm is due to the ease with which new applications are uploaded by developers, distributed through the application markets (e.g. Google Play), and finally installed by the users. Yet, the very same model is causing serious security concerns, since users have no or little means to ascertain the trustworthiness of the applications they install on their devices. To protect their customers, Poste Italiane has defined the Mobile Application Verification Cluster (MAVERIC), a process for the systematic security analysis of third-party mobile apps that leverage the online services provided by the company (e.g. home banking, parcel tracking). We present SAM, a toolkit that supports this process by automating a number of operations including reverse engineering, privilege analysis, and automatic verification of security properties. We introduce the functionalities of SAM through a demonstration of the platform applied to real Android applications.
- 1.Aktug, I., Naliuka, K.: ConSpec – A formal language for policy specification. Science of Computer Programming 74(1-2), 2–12 (2008) Special Issue on Security and TrustGoogle Scholar
- 3.Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-Aware Malware Detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, SP 2005, pp. 32–46. IEEE Computer Society, Washington, DC (2005)Google Scholar
- 6.Idika, M.: A Survey of Malware Detection Techniques. Technical report, Purdue University (February 2007)Google Scholar
- 10.Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Tiwari, A., Yang, H., Zhou, S.: Specification-based Anomaly Detection: A New Approach for Detecting Network Intrusions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 265–274. ACM, New York (2002)Google Scholar