Interactively Verifying Absence of Explicit Information Flows in Android Apps
|
|
- Robyn Lucas
- 5 years ago
- Views:
Transcription
1 Interactively Verifying Absence of Explicit Information Flows in Android Apps Osbert Bastani, Saswat Anand, and Alex Aiken Stanford University OOPSLA 2015
2 Problem Google Play Store > 1 million apps on the store Lots of malware submitted Information leaks SMS Fraud Ransomware 2
3 Information Flow Analysis Finding Android malware using source to sink flows Information leak: location flows to Internet SMS Fraud: phone # used in SMS send Ransomware: network packets encrypt files 3
4 Standard Audits Nostatic information flow Too many false positives Light-weight static analysis Dynamic code loading Calls to undocumented APIs Dynamic analysis Information flows
5 Standard Audits Android App Light Static + Dynamic Analysis FNs Google Play
6 Dead Code Dead code can cause false positive information flows Global property (e.g., method with no caller) Examples Leaks in 3 rd party libraries Conservative assumptions about potential callbacks 6
7 Key Issue Hard to understand someone else s code No source code! Obfuscation Can we shift work to developer? 7
8 Developer Queries Program static analysis dead code points-to information flow sound, imprecise results 8
9 Developer Queries Program static analysis dead code points-to information flow sound, imprecise results potential dead code 9
10 Developer Queries Program static analysis dead code points-to information flow sound, imprecise results yes/no potential dead code 10
11 Developer Queries Program static analysis dead code points-to information flow sound, precise results yes/no potential dead code 11
12 Problem Developer may be adversarial Solution: Enforce response 12
13 Developer Queries Program static analysis dead code points-to information flow sound, imprecise results potential dead code 13
14 Developer Queries Program static analysis dead code points-to information flow sound, imprecise results yes potential dead code 14
15 Developer Queries Program static analysis dead code points-to information flow sound, precise results yes potential dead code 15
16 Developer Queries Program static analysis dead code points-to information flow sound, precise results delete confirmed dead code Program yes potential dead code 16
17 Developer Queries Program static analysis dead code points-to information flow sound, precise results potential dead code 17
18 Developer Queries Program static analysis dead code points-to information flow sound, precise results no potential dead code 18
19 Developer Queries Program static analysis dead code points-to information flow sound, precise results test case + no potential dead code 19
20 Developer Queries Program static analysis dead code points-to information flow no queries filter false positives sound, precise results test case + no potential dead code 20
21 Developer Queries: Cuts Cut Code that is (potentially) dead Removing the code breaks (potential) information flows Valid cut: Developer confirms that the cut is dead 21
22 Developer Queries: Cuts Android Framework getlatitude() sendhttp( ) App 22
23 Developer Queries: Cuts Android Framework getlatitude() sendhttp( ) App Potential Dead Code 23
24 Developer Queries: Cuts Android Framework getlatitude() sendhttp( ) not a cut App Potential Dead Code 24
25 Developer Queries: Cuts Android Framework getlatitude() sendhttp( ) cut App Potential Dead Code 25
26 Developer Queries: Cuts Android Framework getlatitude() sendhttp( ) min cut App Potential Dead Code 26
27 Developer Queries: Cuts Android Framework getlatitude() sendhttp( ) Invalid! min cut App Potential Dead Code 27
28 Developer Queries: Cuts Android Framework getlatitude() sendhttp( ) App Potential Dead Code 28
29 Developer Queries: Cuts Android Framework getlatitude() sendhttp( ) min cut App Potential Dead Code 29
30 Developer Queries: Cuts Android Framework getlatitude() sendhttp( ) Valid! min cut App Potential Dead Code 30
31 Developer Queries: Cuts Android Framework getlatitude() sendhttp( ) App Potential Dead Code 31
32 Developer Queries Developer query List of statements in cut Developer response Test case that executes reachable statements in the cut Why tests? Verifiable Developers routinely write tests Can seed with dynamic analysis Aid auditor 32
33 Interactive Verification Step 1: Sound static analysis Step 2: Find cut and query developer Step 3: Update potential dead code and repeat Step 4: Delete valid cut 33
34 Our Audits Android App Light Static + Dynamic Analysis + Cuts no cut Google Play
35 Finding Valid Cuts 35
36 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); 36
37 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION SrcRef RefSink getlatitude.return sendhttp.arg INTERNET 37
38 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION SrcRef Assign RefSink getlatitude.return lat sendhttp.arg INTERNET 38
39 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION SrcRef Assign Assign RefSink getlatitude.return lat sendhttp.arg INTERNET 39
40 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION SrcRef Assign Assign RefSink getlatitude.return lat sendhttp.arg INTERNET SrcSink 40
41 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION SrcRef Assign Assign RefSink getlatitude.return lat sendhttp.arg INTERNET SrcSink 41
42 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION SrcRef Assign Assign RefSink getlatitude.return lat sendhttp.arg INTERNET SrcSink 42
43 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); potentially dead LOCATION SrcRef Assign Assign RefSink getlatitude.return lat sendhttp.arg INTERNET SrcSink 43
44 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); potentially dead LOCATION getlatitude.return 1 lat 1 sendhttp.arg SrcRef Assign Assign RefSink INTERNET SrcSink 44
45 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION getlatitude.return 1 lat 1 sendhttp.arg SrcRef Assign Assign RefSink INTERNET SrcSink 45
46 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); Invalid! LOCATION getlatitude.return 1 lat 1 sendhttp.arg SrcRef Assign Assign RefSink INTERNET SrcSink 46
47 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION getlatitude.return 1 lat 1 sendhttp.arg SrcRef Assign Assign RefSink INTERNET SrcSink 47
48 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION getlatitude.return lat 1 sendhttp.arg SrcRef Assign Assign RefSink INTERNET SrcSink 48
49 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION getlatitude.return lat 1 sendhttp.arg SrcRef Assign Assign RefSink INTERNET SrcSink 49
50 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); Valid! LOCATION getlatitude.return lat 1 sendhttp.arg SrcRef Assign Assign RefSink INTERNET SrcSink 50
51 Finding Valid Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { throw new Error(); sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); 51
52 Multiple Cuts 52
53 Multiple Cuts What if a developer mistakenly answers yes? Might delete important code! 53
54 Multiple Cuts What if a developer mistakenly answers yes? Might delete important code! Solution: Multiple independent cuts Developer only needs to be right once! 54
55 Multiple Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION getlatitude.return 1 lat 1 sendhttp.arg SrcRef Assign Assign RefSink INTERNET SrcSink 55
56 Multiple Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION getlatitude.return 1 lat 1 sendhttp.arg SrcRef Assign Assign RefSink INTERNET SrcSink 56
57 Multiple Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION getlatitude.return lat 1 sendhttp.arg SrcRef Assign Assign RefSink INTERNET SrcSink 57
58 Multiple Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); LOCATION getlatitude.return lat 1 sendhttp.arg SrcRef Assign Assign RefSink INTERNET SrcSink 58
59 Multiple Cuts 1. String lat = getlatitude(); 2. Runnable runmalice = 3. new Runnable() { 4. void run() { sendhttp(lat); } 5. }; 6. Runnable runbenign = 7. new Runnable() { 8. void run() {} 9. }; 10. runbenign.run(); Valid! LOCATION getlatitude.return lat 1 sendhttp.arg SrcRef Assign Assign RefSink INTERNET SrcSink 59
60 Multiple Cuts Program correct if any cut is valid Terminate only if every cut is reached 60
61 Experiments Ran tool on corpus of 78 Android apps Experiment 1: Recorded cut sizes Experiment 2: Interactively verified cuts
62 Cut sizes # Statements <5 kloc (16 Apps) 5-50 kloc (26 Apps) >50 kloc (36 Apps) All (78 Apps) Cut 1 Cut 2 62
63 Cut sizes # Statements <5 kloc (16 Apps) 5-50 kloc (26 Apps) >50 kloc (36 Apps) All (78 Apps) Cut 1 Cut 2 63
64 Cut sizes # Statements <5 kloc (16 Apps) 5-50 kloc (26 Apps) >50 kloc (36 Apps) All (78 Apps) Cut 1 Cut 2 64
65 Interactive Verification # Unverified Apps Remaining Cut 1 Cut 2 Cut 1 Cut 2 65
66 Interactive Verification # Unverified Apps Remaining Cut 1 Cut 2 Cut 1 Cut 2 Input 66
67 Interactive Verification # Unverified Apps Remaining Cut 1 Cut 2 Cut 1 Cut 2 Input Gen. cuts 67
68 Interactive Verification # Unverified Apps Remaining Input Gen. cuts Cut 1 Cut 2 Cut 1 Cut 2 Query developer (Iteration 1) 68
69 Interactive Verification # Unverified Apps Remaining Cut 1 Cut 2 Cut 1 Cut 2 Input Gen. cuts Query developer (Iteration 1) Gen. cuts 69
70 Interactive Verification # Unverified Apps Remaining Cut 1 Cut 2 Cut 1 Cut 2 Input Gen. cuts Query developer (Iteration 1) Gen. cuts Query developer (Iteration 2) 70
71 Interactive Verification # Unverified Apps Remaining Cut 1 Cut 2 Cut 1 Cut 2 Input Gen. cuts Query developer (Iteration 1) Gen. cuts Query developer (Iteration 2) Output 71
72 Summary Remove dead code with adversarial developer Step 1: Sound static analysis Step 2: Find cut and query developer Step 3: Update knowledge and repeat Step 4: Delete valid cut Experiments Discharged 11 out of 12 false positives Only 2 iterations needed 72
73 Conclusions Manual labor in automatic static analysis Filter false positives A little interaction goes a long way Discharged 11 out of 12 false positives due to dead code 73
74 Future Work Other sources of false positives Reflective method calls Implicit flows More complex security policies 74
75 References S. Arzt, et al. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In PLDI, Y. Feng, S. Anand, I. Dillig, A. Aiken. Apposcopy: semantics based detection of Android malware through static analysis. In FSE, M. D. Ernst et al. Collaborative verification of information flow for a high-assurance app store. In CCS, I. Dillig, T. Dillig, A. Aiken. Automated error diagnosis using abductive inference. In PLDI, H. Zhu, T. Dillig, I. Dillig. Automated inference of library specifications for source-sink property verification. In APLAS, 2013.
76 Thanks!
BEYOND DEDUCTIVE INFERENCE IN PROGRAM ANALYSIS
BEYOND DEDUCTIVE INFERENCE IN PROGRAM ANALYSIS A DISSERTATION SUBMITTED TO THE DEPARTMENT OF COMPUTER SCIENCE AND THE COMMITTEE ON GRADUATE STUDIES OF STANFORD UNIVERSITY IN PARTIAL FULFILLMENT OF THE
More informationCollaborative Verification of Information Flow for a High-Assurance App Store
Collaborative Verification of Information Flow for a High-Assurance App Store Michael D. Ernst, René Just, Suzanne Millstein, Werner Dietl*, Stuart Pernsteiner, Franziska Roesner, Karl Koscher, Paulo Barros,
More informationRipple: Reflection Analysis for Android Apps in Incomplete Information Environments
Ripple: Reflection Analysis for Android Apps in Incomplete Information Environments Yifei Zhang, Tian Tan, Yue Li and Jingling Xue Programming Languages and Compilers Group University of New South Wales
More informationThe Checker Framework: pluggable static analysis for Java
The Checker Framework: pluggable static analysis for Java http://checkerframework.org/ Werner Dietl University of Waterloo https://ece.uwaterloo.ca/~wdietl/ Joint work with Michael D. Ernst and many others.
More informationAFRL-RI-RS-TR
AFRL-RI-RS-TR-2017-032 STATIC ANALYSIS OF MOBILE PROGRAMS STANFORD UNIVERSITY FEBRUARY 2017 FINAL TECHNICAL REPORT APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED STINFO COPY AIR FORCE RESEARCH LABORATORY
More informationBuilding a Next- Generation App Store. Jason Franklin Ph.D. Research Associate Stanford University
Building a Next- Generation App Store Jason Franklin Ph.D. jfrankli@cs.stanford.edu Research Associate Stanford University App Store: Promise Safe, Trusted, Centralized??! :)??! App Stores: Reality "Permissions
More informationInformation-Flow Analysis of Android Applications in DroidSafe
Information-Flow Analysis of Android Applications in DroidSafe Michael I. Gordon, Deokhwan Kim, Jeff Perkins, and Martin Rinard MIT CSAIL Limei Gilham Kestrel Institute Nguyen Nguyen Global InfoTek, Inc.
More informationSimplifying Loop Invariant Generation Using Splitter Predicates. Rahul Sharma Işil Dillig, Thomas Dillig, and Alex Aiken Stanford University
Simplifying Loop Invariant Generation Using Splitter Predicates Rahul Sharma Işil Dillig, Thomas Dillig, and Alex Aiken Stanford University Loops and Loop Invariants Loop Head x = 0; while( x
More informationProgram Analysis for Security
CS 155 Spring 2016 Program Analysis for Security John Mitchell Acknowledgments: Lecture slides are from the Computer Security course thought by Dan Boneh at Stanford University. When slides are obtained
More informationSafety Checks and Semantic Understanding via Program Analysis Techniques
Safety Checks and Semantic Understanding via Program Analysis Techniques Nurit Dor Joint Work: EranYahav, Inbal Ronen, Sara Porat Goal Find properties of a program Anti-patterns that indicate potential
More informationFormal Security Analysis of Android Apps
Formal Security Analysis of Android Apps Matteo Maffei S&P Security and Privacy Group Exploits extremely slow patching process Exploits OS vulnerabilities Breaks sandbox separation logic by notifications
More informationa bayesian approach to privacy enforcement in smartphones
USENIX Security, 2014 a bayesian approach to privacy enforcement in smartphones Omer Tripp!! IBM Research, NY!! Julia Rubin!! IBM Research, Haifa 1 motivation * http://hackread.com/android-malware-steals-credit-card-information/
More informationDetecting Advanced Android Malware by Data Flow Analysis Engine. Xu Hao & pll
Detecting Advanced Android Malware by Data Flow Analysis Engine Xu Hao & pll 2013.09 Content Background adfaer - Android Data Flow Analyzer Janus - Detect Reflection Experiment Future Work Android Security
More informationPrograms that write themselves: Program synthesis for the masses. Yu Feng UT Austin
Programs that write themselves: Program synthesis for the masses Yu Feng UT Austin New platforms impose demand for programming 2 New platforms impose demand for programming 2 New platforms impose demand
More informationFinding Clues For Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps
Finding Clues For Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps Yuhong Nan, Zhemin Yang, Yuan Zhang, Donglai Zhu and Min Yang Fudan University Xiaofeng Wang Indiana University
More informationModule: Future of Secure Programming
Module: Future of Secure Programming Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Programmer s Little Survey Problem What does program for
More informationWanted: Students to participate in a user study
Wanted: Students to participate in a user study Requirements: Know how to use the Eclipse IDE Knowledge in Java development Knowledge of static analysis is not required, but it is a plus Time: 2-3 hours
More informationCSCE 548 Building Secure Software Software Analysis Basics
CSCE 548 Building Secure Software Software Analysis Basics Professor Lisa Luo Spring 2018 Previous Class Ø Android Background Ø Two Android Security Problems: 1. Android App Repackaging o Very easy to
More informationLooking Forward: Challenges in Mobile Security. John Mitchell Stanford University
Looking Forward: Challenges in Mobile Security John Mitchell Stanford University Outline Mobile platform security SessionJuggler Using phone as authentication token SelectiveAuth Protecting resources on
More informationAmandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps
Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps FENGGUO WEI, University of South Florida SANKARDAS ROY, Bowling Green State University
More informationModule: Future of Secure Programming
Module: Future of Secure Programming Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Programmer s Little Survey Problem What does program for
More informationAmandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps
1 Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps FENGGUO WEI, University of South Florida SANKARDAS ROY, Bowling Green State University
More informationUsing DidFail to Analyze Flow of Sensitive Information in Sets of Android Apps
Using DidFail to Analyze Flow of Sensitive Information in Sets of Android Apps Will Klieber*, Lori Flynn*, Amar Bhosale, Limin Jia, and Lujo Bauer *presenting June 2015 Copyright 2015 Carnegie Mellon University
More informationFinding Errors in Multithreaded GUI Applications
Finding Errors in Multithreaded GUI Applications Sai Zhang University of Washington Joint work with: Hao Lu, Michael D. Ernst GUIs are everywhere in modern software 2 Multithreading in GUI applications
More informationSecure Programming Lecture 15: Information Leakage
Secure Programming Lecture 15: Information Leakage David Aspinall 21st March 2017 Outline Overview Language Based Security Taint tracking Information flow security by type-checking Summary Recap We have
More informationModelgen: Mining Explicit Information Flow Specifications from Concrete Executions
Modelgen: Mining Explicit Information Flow Specifications from Concrete Executions Lazaro Clapp, Saswat Anand, Alex Aiken Stanford University, USA Abstract We present a technique to mine explicit information
More informationCertificate reputation. Dorottya Papp
Certificate reputation Dorottya Papp Motivation Verification on a digital certificate does not reveal important factors Is it a fake certificate? (Hash collision) Was it mistakenly issued? (Comodo scandal)
More informationGaps in Static Analysis Tool Capabilities. Providing World-Class Services for World-Class Competitiveness
Gaps in Static Analysis Tool Capabilities 1 Overview Gaps in Static Analysis tools as identified during the evaluation of five (5) commercially available static analysis tools Collaborative effort between
More informationX-Rays, not Passport Checks Information Flow Control Using JOANA
X-Rays, not Passport Checks Information Flow Control Using JOANA Gregor Snelting Presentation at SAP, 14.5.2014 KIT Universita t des Landes Baden-Wu rttemberg und nationales Großforschungszentrum in der
More informationFinal report: Non-Interactive Zero Knowledge Protocol for Verifiable Computing
Final report: Non-Interactive Zero Knowledge Protocol for Verifiable Computing Part A abstract description of the project: In this project we implemented a zero knowledge protocol for verifiable computing.
More informationLessons Learned in Static Analysis Tool Evaluation. Providing World-Class Services for World-Class Competitiveness
Lessons Learned in Static Analysis Tool Evaluation 1 Overview Lessons learned in the evaluation of five (5) commercially available static analysis tools Topics Licensing Performance Measurement Limitations
More informationVerifying the Safety of Security-Critical Applications
Verifying the Safety of Security-Critical Applications Thomas Dillig Stanford University Thomas Dillig 1 of 31 Why Program Verification? Reliability and security of software is a huge problem. Thomas Dillig
More informationReDroid: Prioritizing Data Flows and Sinks for App Security Transformation
FEAST 2017 ReDroid: Prioritizing Data Flows and Sinks for App Security Transformation Ke Tian*, Gang Tan^, Daphne Yao*, Barbara Ryder* *Department of Computer Science Virginia Tech ^Department of CSE Penn
More informationCMSC436: Fall 2013 Week 4 Lab
CMSC436: Fall 2013 Week 4 Lab Objectives: Familiarize yourself with Android Permission and with the Fragment class. Create simple applications using different Permissions and Fragments. Once you ve completed
More informationDesigning Robust Classes
Designing Robust Classes Learning Goals You must be able to:! specify a robust data abstraction! implement a robust class! design robust software! use Java exceptions Specifications and Implementations
More informationStatic Analysis for Android: GUIs, Callbacks, and Beyond
Static Analysis for Android: GUIs, Callbacks, and Beyond Atanas (Nasko) Rountev Joint work with Dacong Yan Shengqian Yang Haowei Wu Yan Wang Hailong Zhang Ohio State University PRESTO: Program Analyses
More informationBottom-up Context-Sensitive Pointer Analysis for Java
Bottom-up Context-Sensitive Pointer Analysis for Java Yu Feng, Xinyu Wang, Isil Dillig and Thomas Dillig UT Austin 1 What is this talk about? Pointer analysis Given a program variable v, what are the heap
More informationTackling Lack of Software Specifications A Sustained, Sustainability and Productivity Crisis
Tackling Lack of Software Specifications A Sustained, Sustainability and Productivity Crisis Hridesh Rajan Collaboration with Hoan A. Nguyen, Tien Nguyen, Gary Leavens, Samantha Khairunnesa, John Singleton,
More informationObfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel,
More informationCollusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications. Amiangshu Bosu, Fang Liu, Danfeng (Daphne) Yao, & Gang Wang
Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications Amiangshu Bosu, Fang Liu, Danfeng (Daphne) Yao, & Gang Wang http://mashable.com/2013/10/30/department-of-defense-app-store/#ijubpfyljaq4
More informationFinding Architectural Flaws in Android Apps Is Easy
Finding Architectural Flaws in Android Apps Is Easy By Radu Vanciu and Marwan Abi-Antoun Department of Computer Science Wayne State University Detroit, Michigan, USA This work was supported in part by
More informationStatic Analysis in C/C++ code with Polyspace
1 Static Analysis in C/C++ code with Polyspace Yongchool Ryu Application Engineer gary.ryu@mathworks.com 2016 The MathWorks, Inc. 2 Agenda Efficient way to find problems in Software Category of Static
More informationUnit 6 - Software Design and Development LESSON 8 QUALITY ASSURANCE
Unit 6 - Software Design and Development LESSON 8 QUALITY ASSURANCE Previously Key features of programming languages Software Development Lifecycle Design models Some software structures functions, procedures,
More informationA Gentle Introduction to Program Analysis
A Gentle Introduction to Program Analysis Işıl Dillig University of Texas, Austin January 21, 2014 Programming Languages Mentoring Workshop 1 / 24 What is Program Analysis? Very broad topic, but generally
More informationA Characterization of State Spill in Modern OSes
A Characterization of State Spill in Modern OSes Kevin Boos Emilio Del Vecchio Lin Zhong ECE Department, Rice University EuroSys 2017 How do we deal with complexity? 2 Modularization 1234 complex system
More informationVerification & Validation of Open Source
Verification & Validation of Open Source 2011 WORKSHOP ON SPACECRAFT FLIGHT SOFTWARE Gordon Uchenick Coverity, Inc Open Source is Ubiquitous Most commercial and proprietary software systems have some open
More informationScaling CQUAL to millions of lines of code and millions of users p.1
Scaling CQUAL to millions of lines of code and millions of users Jeff Foster, Rob Johnson, John Kodumal and David Wagner {jfoster,rtjohnso,jkodumal,daw}@cs.berkeley.edu. UC Berkeley Scaling CQUAL to millions
More informationAnalysis/Bug-finding/Verification for Security
Analysis/Bug-finding/Verification for Security VIJAY GANESH University of Waterloo Winter 2013 Analysis/Test/Verify for Security Instrument code for testing Heap memory: Purify Perl tainting (information
More informationMoving Fast with High Reliability: Program Analysis at Uber
Moving Fast with High Reliability: Program Analysis at Uber Manu Sridharan Software Reliability Workshop ETH Zurich OCTOBER 14, 2017 Uber Apps Rider Driver Eats ios and Android Uber Apps Rider Driver Eats
More informationUranine: Real-time Privacy Leakage Monitoring without System Modification for Android
Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android Vaibhav Rastogi 1, Zhengyang Qu 2, Jedidiah McClurg 3, Yinzhi Cao 4, and Yan Chen 2 1 University of Wisconsin and Pennsylvania
More informationOn Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis
On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis Michael Backes, Sven Bugiel, Erik Derr, Patrick McDaniel, Damien Octeau, and Sebastian Weisgerber
More informationCSCE 813 Internet Security Final Exam Preview
CSCE 813 Internet Security Final Exam Preview Professor Lisa Luo Fall 2017 Coverage All contents! Week1 ~ Week 15 The nature of the exam: 12 questions: 3 multiple choices questions 1 true or false question
More informationUnderstanding and Detecting Wake Lock Misuses for Android Applications
Understanding and Detecting Wake Lock Misuses for Android Applications Artifact Evaluated by FSE 2016 Yepang Liu, Chang Xu, Shing-Chi Cheung, and Valerio Terragni Code Analysis, Testing and Learning Research
More informationUnderstanding and Detecting Wake Lock Misuses for Android Applications
Understanding and Detecting Wake Lock Misuses for Android Applications Artifact Evaluated Yepang Liu, Chang Xu, Shing-Chi Cheung, and Valerio Terragni Code Analysis, Testing and Learning Research Group
More informationSOFTWARE MAINTENANCE AND EVOLUTION --- REFACTORING FOR ASYNC --- CS563 WEEK 3 - THU
SOFTWARE MAINTENANCE AND EVOLUTION --- REFACTORING FOR ASYNC --- CS563 WEEK 3 - THU Danny Dig Course Objectives: Project Practice a research or novel-industrial project through all its stages: - formulate
More informationCemetery Navigation and Information Query System Based on Android and Java Web
2017 3rd International Conference on Computational Systems and Communications (ICCSC 2017) Cemetery Navigation and Information Query System Based on Android and Java Web Chao Ding1, a, Yongjie Yang1, b,
More informationAverroes: Letting go of the library!
Workshop on WALA - PLDI 15 June 13th, 2015 public class HelloWorld { public static void main(string[] args) { System.out.println("Hello, World!"); 2 public class HelloWorld { public static void main(string[]
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationState of Office 365 Adoption & Risk A Dive into the Data. Jim Reavis, CEO, Cloud Security Alliance Brandon Cook, VP, Marketing, Skyhigh Networks
State of Office 365 Adoption & Risk A Dive into the Data Jim Reavis, CEO, Cloud Security Alliance Brandon Cook, VP, Marketing, Skyhigh Networks Q4 2016 Office 365 Usage and Risk Report Brandon Cook, Skyhigh
More informationTowards Verifying Android Apps for the Absence of No-Sleep Energy Bugs
Towards Verifying Android Apps for the Absence of No-Sleep Energy Bugs Panagiotis Vekris Ranjit Jhala, Sorin Lerner, Yuvraj Agarwal University of California, San Diego 1 2 Software Energy Bugs 3 Software
More informationHonours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui
Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui Projects 1 Information flow analysis for mobile applications 2 2 Machine-learning-guide typestate analysis for UAF vulnerabilities 3 3 Preventing
More informationStatic Taint Analysis Applied to Detecting Bad Programming Practices in Android
Static Taint Analysis Applied to Detecting Bad Programming Practices in Android Gonzalo Winniczuk Universidad de Buenos Aires Departamento de Computación Buenos Aires, Argentina Sergio Yovine CONICET-Universidad
More informationOutline. iterator review iterator implementation the Java foreach statement testing
Outline iterator review iterator implementation the Java foreach statement testing review: Iterator methods a Java iterator only provides two or three operations: E next(), which returns the next element,
More informationAP Computer Science Principles
2017 AP Computer Science Principles Sample Student Responses Commentary Inside: RR Performance Task Create RR Guideline RR Commentary Student Samples provided separately College Board, Advanced Placement
More informationAutomated Generation of Event-Oriented Exploits in Android Hybrid Apps
Automated Generation of Event-Oriented Exploits in Android Hybrid Apps Guangliang Yang, Jeff Huang, and Guofei Gu *Secure Communication and Computer Systems Lab Texas A&M University In Android, the hybrid
More informationMicro Focus Security Fortify Audit Assistant
White Paper Security Micro Focus Security Fortify Audit Assistant Table of Contents page Introduction... 1 Why Static Application Security Testing?............................................. 1 Confirmation
More informationTHE ART OF SECURING 100 PRODUCTS. Nir
THE ART OF SECURING 100 PRODUCTS Nir Valtman @ValtmaNir I work for as the Application Security 1st time speaking publicly, except at Mmmm OH, AND Neither of my previous startups succeeded!
More informationClasses, interfaces, & documentation. Review of basic building blocks
Classes, interfaces, & documentation Review of basic building blocks Objects Data structures literally, storage containers for data constitute object knowledge or state Operations an object can perform
More informationLecture Outline. COOL operational semantics. Operational Semantics of Cool. Motivation. Notation. The rules. Evaluation Rules So Far.
Lecture Outline Operational Semantics of Cool COOL operational semantics Motivation Adapted from Lectures by Profs. Alex Aiken and George Necula (UCB) Notation The rules CS781(Prasad) L24CG 1 CS781(Prasad)
More informationAvanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.
Avanan for G Suite Technical Overview Contents Intro 1 How Avanan Works 2 Email Security for Gmail 3 Data Security for Google Drive 4 Policy Automation 5 Workflows and Notifications 6 Authentication 7
More informationLecture 6. Abstract Interpretation
Lecture 6. Abstract Interpretation Wei Le 2014.10 Outline Motivation History What it is: an intuitive understanding An example Steps of abstract interpretation Galois connection Narrowing and Widening
More informationPrivacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cloud Computing
S.NO PROJECT CODE IEEE JAVA PROJECT TITLES DOMAIN 1 NEO1501 A Hybrid Cloud Approach for Secure Authorized Deduplication 2 NEO1502 A Profit Maximization Scheme with Guaranteed Quality of Service in Cloud
More information2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions
2 Lecture Embedded System Security A.-R. Sadeghi, @TU Darmstadt, 2011-2014 Android Security Extensions App A Perm. P 1 App B Perm. P 2 Perm. P 3 Kirin [2009] Reference Monitor Prevents the installation
More informationAndromeda: XSS Accurate and Scalable Security Analysis of Web Applications. OWASP* Top Ten Security Vulnerabilities. SQL Injection.
Andromeda: XSS Accurate and Scalable Security Analysis of Web Applications Attacker s evil script ... Omer Tripp Marco Pistoia Tel Aviv University & IBM IBM T. J. Watson Research Center
More informationSection 1: Definition of Fraud / Fraud Analysis Coderre Chapters 1 6, 8, & 9
Page 1 of 13 Section 1: Definition of Fraud / Fraud Analysis Coderre Chapters 1 6, 8, & 9 1. True or false, is ALL theft fraud? a. True b. False 2. True or false, are ALL deceptive statements examples
More informationStatic Analysis of Embedded C Code
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider Relevant features of C code for MCUs Interrupt-driven concurrency Direct hardware access Whole program
More informationCloning-Based Context-Sensitive Pointer Alias Analysis using BDDs
More Pointer Analysis Last time Flow-Insensitive Pointer Analysis Inclusion-based analysis (Andersen) Today Class projects Context-Sensitive analysis March 3, 2014 Flow-Insensitive Pointer Analysis 1 John
More informationCSCI 420: Mobile Application Security. Lecture 15. Prof. Adwait Nadkarni
CSCI 420: Mobile Application Security Lecture 15 Prof. Adwait Nadkarni 1 Running scripts from home apktool instructions: Move both files (apktool.jar & apktool) to /usr/local/bin (root needed) No-root
More informationOn the Unsoundness of Static Analysis for Android GUIs
On the Unsoundness of Static Analysis for Android GUIs Yan Wang Hailong Zhang Atanas Rountev Ohio State University, USA Abstract Android software presents exciting new challenges for the static analysis
More informationFlowFence: Practical Data Protection for Emerging IoT Application Frameworks
FlowFence: Practical Data Protection for Emerging IoT Application Frameworks Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, Atul Prakash USENIX Security Symposium 11 August
More informationUser Manual. Smart Lock. Please read this manual before operating your Smart Lock, and keep it for further reference. 40
User Manual Smart Lock Please read this manual before operating your Smart Lock, and keep it for further reference. 40 I. Introduction Thank you for choosing the AKASO Smart Lock. The new Smart Lock uses
More informationNote-Taking Guide. Numbered t. Colored t. Insert i. Insert t. Insert a l. L s. Paint f. Course: Google s Document App Episode: Word Processing Basics
Course: Googles Document App Episode: Word Processing Basics Note-Taking Guide Make sure you are logged into Google Drive. Click on the red box with the word Create in the upper-left corner and select
More informationThe Impact of Third-party Code on Android App Security. Erik Derr
The Impact of Third-party Code on Android App Security Erik Derr Third-party Code A Double-edged Sword Eases software development Code re-use Faster development, less costs Increases apps attack surface
More informationESP Egocentric Social Platform
ESP Egocentric Social Platform T. J. Purtell, Ian Vo, Monica S. Lam With: Kanak Biscuitwala, Willem Bult, Dan Boneh, Ben Dodson, Steve Fan, and Frank Wang, Global Social Platforms Ideal for Meeting strangers
More informationAppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager
APPLICATION SECURITY SERVICES AppScan Deployment Colin Bell Applications Security Senior Practice Manager Copyright 2017 HCL Products & Platforms www.hcltech.com The Evolution of Devops 2001 - Continuous
More informationStatic Detection of Brittle Parameter Typing
Static Detection of Brittle Parameter Typing Michael Pradel, Severin Heiniger, and Thomas R. Gross Department of Computer Science ETH Zurich 1 Motivation void m(a a) {... } Object A.. B C D E F 2 Motivation
More informationCrypto tidbits: misuse, side channels. Slides from Dave Levin 414-spring2016
Crypto tidbits: misuse, side channels Slides from Dave Levin 414-spring2016 A paper from 2013 that looked at how Android apps use crypto, as a function of 6 rules that reflect the bare minimum a secure
More informationFinding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More informationID: Sample Name: com.cleanmaster.mguard_ apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:32:59 Date: 27/02/2018 Version: 22.0.
ID: 48100 Sample Name: com.cleanmaster.mguard_2018-02-12.apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:32:59 Date: 27/02/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report
More informationAndroid Application Development using Kotlin
Android Application Development using Kotlin 1. Introduction to Kotlin a. Kotlin History b. Kotlin Advantages c. How Kotlin Program Work? d. Kotlin software Prerequisites i. Installing Java JDK and JRE
More informationSarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX) Introduction The Sarbanes-Oxley (SOX) Act was introduced in 2002 to protect shareholders and the general public from fraudulent accounting activities by bringing greater accountability
More informationModelgen: Mining Explicit Information Flow Specifications from Concrete Executions
Modelgen: Mining Explicit Information Flow Specifications from Concrete Executions ISSTA * * Artifact Consistent * Complete * Well Documented * Easy to Reuse * Evaluated * AEC * Lazaro Clapp Stanford University,
More informationSoftware Security: Vulnerability Analysis
Computer Security Course. Software Security: Vulnerability Analysis Program Verification Program Verification How to prove a program free of buffer overflows? Precondition Postcondition Loop invariants
More informationAutomated Error Diagnosis Using Abductive Inference
Automated Error Diagnosis Using Abductive Inference Isil Dillig Department of Computer Science College of William & Mary idillig@cs.wm.edu Thomas Dillig Department of Computer Science College of William
More informationSymbolic Inference of Partial Specifications to Augment Regression Testing
Symbolic Inference of Partial Specifications to Augment Regression Testing Koen Wermer Utrecht University Student number: 3705951 April 21, 2017 1 1 Introduction A large part of the costs (50-80% [17])
More informationPliny and Fixr Meeting. September 15, 2014
Pliny and Fixr Meeting September 15, 2014 Fixr: Mining and Understanding Bug Fixes for App-Framework Protocol Defects (TA2) University of Colorado Boulder September 15, 2014 Fixr: Mining and Understanding
More informationProgram-Analysis-Supported Identification of Applications in Large Networks
Program-Analysis-Supported Identification of Applications in Large Networks Christopher Kruegel Computer Security Group ARO MURI Meeting Arizona State University, October 28, 2013 Correlation Engine COAs
More informationSARBANES-OXLEY (SOX) ACT
SARBANES-OXLEY (SOX) ACT Table of Contents Introduction 03 Who is affected by SOX? 05 Why should my organization 05 comply with SOX? What does SOX require for email 06 compliance? How can my organization
More informationThe next step in IT security after Snowden
The next step in IT security after Snowden Prof. Dr. (TU NN) Norbert Pohlmann Institute for Internet Security - if(is) Westphalian University of Applied Sciences Gelsenkirchen, Germany www.internet-sicherheit.de
More informationStatic and Dynamic Program Analysis: Synergies and Applications
Static and Dynamic Program Analysis: Synergies and Applications Mayur Naik Intel Labs, Berkeley CS 243, Stanford University March 9, 2011 Today s Computing Platforms Trends: parallel cloud mobile Traits:
More information