The Android operating system provides a rich Inter-Component Communication(ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method...The Android operating system provides a rich Inter-Component Communication(ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method is proposed to model and detect inter-component communication behavior in Android applications. Firstly,we generate data flow graphs and data facts for each component through component-level data flow analysis.Secondly, our approach treats ICC just like method calls. After analyzing the fields and data dependencies of the intent, we identify the ICC caller and callee, track the data flow between them, and construct the ICC model. Thirdly,the behavior model of Android applications is constructed by a formal mapping method for component data flow graph based on Pi calculus. The runtime sensitive path trigger detection algorithm is then given. Communicationbased attacks are detected by analyzing intent abnormity. Finally, we analyze the modeling and detection efficiency,and compare it with relevant methods. Analysis of 57 real-world applications partly verifies the effectiveness of the proposed method.展开更多
Software obfuscation has been developed for over 30 years.A problem always confusing the communities is what security strength the technique can achieve.Nowadays,this problem becomes even harder as the software econom...Software obfuscation has been developed for over 30 years.A problem always confusing the communities is what security strength the technique can achieve.Nowadays,this problem becomes even harder as the software economy becomes more diversified.Inspired by the classic idea of layered security for risk management,we propose layered obfuscation as a promising way to realize reliable software obfuscation.Our concept is based on the fact that real-world software is usually complicated.Merely applying one or several obfuscation approaches in an ad-hoc way cannot achieve good obscurity.Layered obfuscation,on the other hand,aims to mitigate the risks of reverse software engineering by integrating different obfuscation techniques as a whole solution.In the paper,we conduct a systematic review of existing obfuscation techniques based on the idea of layered obfuscation and develop a novel taxonomy of obfuscation techniques.Following our taxonomy hierarchy,the obfuscation strategies under different branches are orthogonal to each other.In this way,it can assist developers in choosing obfuscation techniques and designing layered obfuscation solutions based on their specific requirements.展开更多
A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency.However,it is still far from expectation to describe attacks precisely on the Android platform.In addition,new ...A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency.However,it is still far from expectation to describe attacks precisely on the Android platform.In addition,new features on Android,such as communication mechanisms,introduce new challenges and difficulties for attack detection.In this paper,we propose abstract attack models to precisely capture the semantics of various Android attacks,which include the corresponding targets,involved behaviors as well as their execution dependency.Meanwhile,we construct a novel graph-based model called the inter-component communication graph(ICCG)to describe the internal control flows and inter-component communications of applications.The models take into account more communication channel with a maximized preservation of their program logics.With the guidance of the attack models,we propose a static searching approach to detect attacks hidden in ICCG.To reduce false positive rate,we introduce an additional dynamic confirmation step to check whether the detected attacks are false alarms.Experiments show that DROIDECHO can detect attacks in both benchmark and real-world applications effectively and efficiently with a precision of 89.5%.展开更多
Software obfuscation has been developed for over 30 years.A problem always confusing the communities is what security strength the technique can achieve.Nowadays,this problem becomes even harder as the software econom...Software obfuscation has been developed for over 30 years.A problem always confusing the communities is what security strength the technique can achieve.Nowadays,this problem becomes even harder as the software economy becomes more diversified.Inspired by the classic idea of layered security for risk management,we propose layered obfuscation as a promising way to realize reliable software obfuscation.Our concept is based on the fact that real-world software is usually complicated.Merely applying one or several obfuscation approaches in an ad-hoc way cannot achieve good obscurity.Layered obfuscation,on the other hand,aims to mitigate the risks of reverse software engineering by integrating different obfuscation techniques as a whole solution.In the paper,we conduct a systematic review of existing obfuscation techniques based on the idea of layered obfuscation and develop a novel taxonomy of obfuscation techniques.Following our taxonomy hierarchy,the obfuscation strategies under different branches are orthogonal to each other.In this way,it can assist developers in choosing obfuscation techniques and designing layered obfuscation solutions based on their specific requirements.展开更多
基金supported by the Hebei Provincial Natural Science Foundation(Nos.F2016203290 and F2017203307)the National Natural Science Foundation of China(No.61772450)+3 种基金the Doctoral Foundation of Yanshan University(Nos.BL18011 and B906)the Hebei Normal University of Science and Technology Scientific Research Foundation(No.2018YB019)the China Postdoctoral Science Foundation(No.2018M631764)the Hebei Province Science and Technology Planning Project(No.17210701D)
文摘The Android operating system provides a rich Inter-Component Communication(ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method is proposed to model and detect inter-component communication behavior in Android applications. Firstly,we generate data flow graphs and data facts for each component through component-level data flow analysis.Secondly, our approach treats ICC just like method calls. After analyzing the fields and data dependencies of the intent, we identify the ICC caller and callee, track the data flow between them, and construct the ICC model. Thirdly,the behavior model of Android applications is constructed by a formal mapping method for component data flow graph based on Pi calculus. The runtime sensitive path trigger detection algorithm is then given. Communicationbased attacks are detected by analyzing intent abnormity. Finally, we analyze the modeling and detection efficiency,and compare it with relevant methods. Analysis of 57 real-world applications partly verifies the effectiveness of the proposed method.
基金The work described in this paper was supported by the Research Grants Council of the Hong Kong Special Administrative Region,China(No.CUHK 14210717 of the General Research Fund).
文摘Software obfuscation has been developed for over 30 years.A problem always confusing the communities is what security strength the technique can achieve.Nowadays,this problem becomes even harder as the software economy becomes more diversified.Inspired by the classic idea of layered security for risk management,we propose layered obfuscation as a promising way to realize reliable software obfuscation.Our concept is based on the fact that real-world software is usually complicated.Merely applying one or several obfuscation approaches in an ad-hoc way cannot achieve good obscurity.Layered obfuscation,on the other hand,aims to mitigate the risks of reverse software engineering by integrating different obfuscation techniques as a whole solution.In the paper,we conduct a systematic review of existing obfuscation techniques based on the idea of layered obfuscation and develop a novel taxonomy of obfuscation techniques.Following our taxonomy hierarchy,the obfuscation strategies under different branches are orthogonal to each other.In this way,it can assist developers in choosing obfuscation techniques and designing layered obfuscation solutions based on their specific requirements.
基金supported in part by National Key R&D Program of China(No.2016QY04W0805)NSFC U1536106,61728209+3 种基金National Top-notch Youth Talents Program of ChinaYouth Innovation Promotion Association CASBeijing Nova Program and a research grant from Ant Financialpartly supported by International Cooperation Program on CyberSecurity,administered by SKLOIS,Institute of Information Engineering,Chinese Academy of Sciences,China(No.SNSBBH-2017111036).
文摘A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency.However,it is still far from expectation to describe attacks precisely on the Android platform.In addition,new features on Android,such as communication mechanisms,introduce new challenges and difficulties for attack detection.In this paper,we propose abstract attack models to precisely capture the semantics of various Android attacks,which include the corresponding targets,involved behaviors as well as their execution dependency.Meanwhile,we construct a novel graph-based model called the inter-component communication graph(ICCG)to describe the internal control flows and inter-component communications of applications.The models take into account more communication channel with a maximized preservation of their program logics.With the guidance of the attack models,we propose a static searching approach to detect attacks hidden in ICCG.To reduce false positive rate,we introduce an additional dynamic confirmation step to check whether the detected attacks are false alarms.Experiments show that DROIDECHO can detect attacks in both benchmark and real-world applications effectively and efficiently with a precision of 89.5%.
基金supported by the Research Grants Council of the Hong Kong Special Administrative Region,China(No.CUHK 14210717 of the General Research Fund).
文摘Software obfuscation has been developed for over 30 years.A problem always confusing the communities is what security strength the technique can achieve.Nowadays,this problem becomes even harder as the software economy becomes more diversified.Inspired by the classic idea of layered security for risk management,we propose layered obfuscation as a promising way to realize reliable software obfuscation.Our concept is based on the fact that real-world software is usually complicated.Merely applying one or several obfuscation approaches in an ad-hoc way cannot achieve good obscurity.Layered obfuscation,on the other hand,aims to mitigate the risks of reverse software engineering by integrating different obfuscation techniques as a whole solution.In the paper,we conduct a systematic review of existing obfuscation techniques based on the idea of layered obfuscation and develop a novel taxonomy of obfuscation techniques.Following our taxonomy hierarchy,the obfuscation strategies under different branches are orthogonal to each other.In this way,it can assist developers in choosing obfuscation techniques and designing layered obfuscation solutions based on their specific requirements.
