SIAT: A systematic inter-component communication real-time analysis technique for detecting data leak threats on Android-Reference-Cited by-同舟云学术

SIAT: A systematic inter-component communication real-time analysis technique for detecting data leak threats on Android

Published:2023-11-28 Issue: Volume: Page:1-27
ISSN:1875-8924
Container-title:Journal of Computer Security
language:
Short-container-title:JCS

Author:

Hu Yupeng¹,Kuang Wenxin¹,Zhe Jin²,Li Wenjia³,Li Keqin⁴,Zhang Jiliang¹,Hu Qiao¹

Affiliation:

1. The Department of Computer Science and Electronic Engineering, Hunan University, Changsha, Hunan, China

2. China Tobacco Hunan Industrial Co., Ltd., Changsha, Hunan, China

3. The Department of Computer Science, New York Institute of Technology, New York, USA

4. The Department of computer science, State University of New York, New York, USA

Abstract

This paper presents the design and implementation of a systematic Inter-Component Communications (ICCs) dynamic Analysis Technique (SIAT) for detecting privacy-sensitive data leak threats. SIAT’s specific approach involves the identification of malicious ICC patterns by actively tracing both data flows and implicit control flows within ICC processes during runtime. This is achieved by utilizing the taint tagging methodology, a technique utilized by TaintDroid. As a result, it can discover the malicious intent usage pattern and further resolve the coincidental malicious ICCs and bypass cases without incurring performance degradation. SIAT comprises two key modules: Monitor and Analyzer. The Monitor makes the first attempt to revise the taint tag approach named TaintDroid by developing the built-in intent service primitives to help Android capture the intent-related taint propagation at multi-level for malicious ICC detection. Specifically, we enable the Monitor to perform systemwide tracking of intent with five abstraction functionalities embedded in the interactive workflow of components. By analyzing the taint logs offered by the Monitor, the Analyzer can build the accurate and integrated ICC patterns adopted to identify the specific leak threat patterns with the identification algorithms and predefined rules. Meanwhile, we employ the patterns’ deflation technique to improve the efficiency of the Analyzer. We implement the SIAT with Android Open Source Project and evaluate its performance through extensive experiments on a particular dataset consisting of well-known datasets and real-world apps. The experimental results show that, compared to state-of-the-art approaches, the SIAT can achieve about 25% ∼200% accuracy improvements with 1.0 precision and 0.98 recall at negligible runtime overhead. Apart from that, the SIAT can identify two undisclosed cases of bypassing that prior technologies cannot detect and quite a few malicious ICC threats in real-world apps with lots of downloads on the Google Play market.

Publisher

IOS Press

Subject

Computer Networks and Communications,Hardware and Architecture,Safety, Risk, Reliability and Quality,Software

Reference36 articles.

1. Compositional analysis of Android inter-app permission leakage;Bagheri;IEEE Transactions on Software Engineering,2015

2. Static Analysis of Implicit Control Flow: Resolving Java Reflection and Android Intents (T)

3. Android inter-app communication threats and detection techniques;Bhandari;Computers & Security,2017

4. A. Bosu, F. Liu, D.D. Yao and G. Wang, Collusive data leak and more: Large-scale threat analysis of inter-app communications, in: Proceedings of the 2017 ACM on AsiaCCS, ACM, 2017, pp. 71–85.

5. S. Bugiel, S. Heuser and A.-R. Sadeghi, Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies, in: Presented as Part of the 22nd USENIX Security Symposium, 2013, pp. 131–146.