On Shielding Android's Pending Intent from Malware Apps Using a Novel Ownership-Based Authentication

被引:1
作者
Duraisamy, S. Pradeepkumar [1 ]
Geetha, S. [1 ]
Cheng, Xiaochun [2 ]
Kadry, Seifedine [3 ]
机构
[1] Vellore Inst Technol, Chennai, Tamil Nadu, India
[2] Middlesex Univ, Dept Comp Sci, London, England
[3] Noroff Univ Coll, Dept Appl Data Sci, Kristiansand, Norway
关键词
PendingIntent; ownership-types; intent analysis; android . information flow control; dynamic analysis; privilege escalation; unauthorized intent receipt;
D O I
10.1142/S0218126622502243
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Pendinglntent (PI) is an authority to use the sender's permissions and identity by the receiver. Unprotected broadcast and PI s with an empty base intent are some of the vulnerable features that a malware utilizes to perform unauthorized access and privilege escalation (PE) attacks on the PI. To protect the PI from the above attacks, this paper proposes Sticky mu tent, an application-layer solution that uses ownership-based authentication to dynamically control the accessibility of the PI. Sticky mu tent is the first holistic work to use ownership-types to protect PI s from malware attacks. Some of the existing solutions follow static analysis of binary to identify the PI vulnerability. Through our empirical study using 23,922 apps, we found similar to 17% of PI-based vulnerabilities leads to unauthorized access and privilege escalation, which can be solved by using Sticky mu tent. We tested our model on the state-of-art applications and found an impressive harmonic mean (F1-score) value of 0.95-0.97 for intra and inter component analysis, which is 0.4-0.18 percentage more from the existing RAICC's (a static analysis model instrumented with IccTA/Amandroid) result. As a proof-of-concept, we have taken a few real-world PI-based applications and replaced the PI with Sticky mu tent library. By comparing the result with RAICC, we can see that Sticky mu tent performs better in protecting PI dynamically from malware access. Though the proposed solution has an overhead of 0.005% per 5 min application test, the end-user suffers only negligible execution overhead in the screen response and notification delays.
引用
收藏
页数:35
相关论文
共 41 条
[1]  
android.com, SENDBROADCASTWITHMUL
[2]  
android.com, PENDINGINTENT
[3]  
[Anonymous], 2011, USENIX SEC S USENIX
[4]  
[Anonymous], 2010, 9 USENIX S OP SYST D, DOI DOI 10.1145/2494522
[5]   Drebin: Effective and Explainable Detection of Android Malware in Your Pocket [J].
Arp, Daniel ;
Spreitzenbarth, Michael ;
Huebner, Malte ;
Gascon, Hugo ;
Rieck, Konrad .
21ST ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2014), 2014,
[6]  
Arzt S, 2014, ACM SIGPLAN NOTICES, V49, P259, DOI [10.1145/2594291.2594299, 10.1145/2666356.2594299]
[7]   Static Analysis of Implicit Control Flow: Resolving Java']Java Reflection and Android Intents [J].
Barros, Paulo ;
Just, Rene ;
Millstein, Suzanne ;
Vines, Paul ;
Dietl, Werner ;
d'Amorim, Marcelo ;
Ernst, Michael D. .
2015 30TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE), 2015, :669-679
[8]  
Chin E., 2011, P 9TH INT CONF MOBIL, P239
[9]   Ownership, encapsulation and the disjointness of type and effect [J].
Clarke, D ;
Drossopoulou, S .
ACM SIGPLAN NOTICES, 2002, 37 (11) :292-310
[10]  
Clarke D. G., 2001, ECOOP 2001 - Object-Oriented Programming. 15th European Conference. Proceedings (Lecture Notes in Computer Science Vol.2072), P53