Sigmund Albert Gorski
William Enck
ABSTRACT
Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks. ACMiner combines program and text analysis techniques to generate a rich set of authorization checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks. In doing so, we demonstrate ACMiner's ability to help domain experts process thousands of authorization checks scattered across millions of lines of code.
- 2019. ACMiner Project Website. https://wspr.csc.ncsu.edu/acminer.Google Scholar
- Yousra Aafer, Jianjun Huang, Yi Sun, Xiangyu Zhang, Ninghui Li, and Chen Tian. 2018. AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS).Google ScholarCross Ref
- AndroidXref. 2019. WRITE_SETTINGS permission in AndroidManifest.xml. http://androidxref.com/7.1.1_r6/xref/frameworks/base/core/res/AndroidManif est.xml#1865. Accessed Jan. 10, 2019.Google Scholar
- Steven Arzt, Siegfried Rasthofer, and Eric Bodden. 2014. A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks. In Proceedings of the ISOC Network and Distributed Systems Symposium (NDSS).Google Scholar
- Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, and David Lie. 2012. PScout: Analyzing the Android Permission Speciication. In Proceedings of the 2012 ACM conference on Computer and communications security. 217--228. Google ScholarDigital Library
- Michael Backes, Sven Bugiel, Erik Derr, Patrick D McDaniel, Damien Octeau, and Sebastian Weisgerber. 2016. On Demystifying the Android Application Framework: Re-Visiting Android Permission Speciication Analysis. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, and Philipp von Styp-Rekowsky. 2015. Boxify: Full-ledged App Sandboxing for Stock Android.. In USENIX Security Symposium. Google ScholarDigital Library
- Alexandre Bartel, Jacques Klein, Martin Monperrus, and Yves Le Traon. 2014. Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android. IEEE Transactions on Software Engineering (TSE) 40, 6 (June 2014).Google ScholarCross Ref
- Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner. 2011. Analyzing Inter-Application Communication in Android. In Proceedings of the 9th Annual International Conference on Mobile Systems, Applications, and Services. Google ScholarDigital Library
- Andrew Dalton. 2019. Android powers 2 billion devices around the world. https: //www.engadget.com/2017/05/17/android-powers-2-billion-devices-around-t he-world/. Accessed Jan. 10, 2019.Google Scholar
- Jefrey Dean, David Grove, and Craig Chambers. 1995. Optimization of Object- Oriented Programs Using Static Class Hierarchy Analysis. In Proceedings of the European Conference on Object-Oriented Programming (ECOOP). Google ScholarDigital Library
- Antony Edwards, Trent Jaeger, and Xiaolan Zhang. 2002. Runtime Veriication of Authorization Hook Placement for the Linux Security Modules Framework. In Proceedings of the ACM Conference on Computer and Communications Security. Google ScholarDigital Library
- William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2010. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation. Google ScholarDigital Library
- William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. 2011. A Study of Android Application Security. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- William Enck, Machigar Ongtang, and Patrick McDaniel. 2009. On Lightweight Mobile Phone Application Certiication. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS). Google ScholarDigital Library
- William Enck, Machigar Ongtang, and Patrick McDaniel. 2009. Understanding Android Security. IEEE Security & Privacy Magazine 7, 1 (January/February 2009). Google ScholarDigital Library
- Michael D. Ernst, René Just, Suzanne Millstein, Werner Dietl, Stuart Pernsteiner, Franziska Roesner, Karl Koscher, Paulo Barros, Ravi Bhoraskar, Seungyeop Han, Paul Vines, and Edward Wu. 2014. Collaborative Veriication of Information Flow for a High-Assurance App Store. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Google ScholarDigital Library
- Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. 2011. Android Permissions Demystiied. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Google ScholarDigital Library
- Adrienne Porter Felt, Helen J. Wang, Alexander Moshchuk, Steven Hanna, and Erika Chin. 2011. Permission Re-Delegation: Attacks and Defenses. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- Clint Gibler, Jon Crussell, Jeremy Erickson, and Hao Chen. 2012. AndroidLeaks: Automatically Detecting Potential Privacy Leaks In Android Applications on a Large Scale. In Proceedings of the International Conference on Trust and Trustworthy Computing (TRUST). Google ScholarDigital Library
- Google. 2019. protectionLevel. https://developer.android.com/reference/android/ R.attr#protectionLevel. Accessed Jan. 10, 2019.Google Scholar
- Google. 2019. Security Updates and Resources. https://source.android.com/secur ity/overview/updates-resources. Accessed Jan. 10, 2019.Google Scholar
- Google. 2019. Supporting Multiple Users. https://source.android.com/devices/tec h/admin/multi-user. Accessed Jan. 10, 2019.Google Scholar
- Sigmund Albert Gorski III, Benjamin Andow, Adwait Nadkarni, Sunil Manandhar, William Enck, Eric Bodden, and Alexandre Bartel. 2019. ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware. http://arxiv.or g/abs/1901.03603. (Jan. 2019). arXiv:1901.03603Google Scholar
- Michael Grace, Yajin Zhou, Zhi Wang, and Xuxian Jiang. 2012. Systematic Detection of Capability Leaks in Stock Android Smartphones. In Proceedings of the ISCO Network and Distributed System Security Symposium (NDSS).Google Scholar
- Peter Hornyack, Seungyeop Han, Jaeyeon Jung, Stuart Schechter, and David Wetherall. 2011. These Aren't the Droids You're Looking For: Retroitting Android to Protect Data from Imperious Applications. In Proceedings of the ACMConference on Computer and Communications Security (CCS). Google ScholarDigital Library
- Jianjun Huang, Xiangyu Zhang, Lin Tan, Peng Wang, and Bin Liang. 2014. As- Droid: Detecting Stealthy Behaviors in Android Applications by User Interface and Program Behavior Contradiction. In Proceedings of the International Conference on Software Engineering (ICSE). Google ScholarDigital Library
- JeeHyun Hwang, Tao Xie, Vincent Hu, and Mine Altunay. 2010. Mining likely properties of access control policies via association rule mining. Data and Applications Security and Privacy XXIV (2010), 193--208. Google ScholarDigital Library
- Trent Jaeger, Antony Edwards, and Xiaolan Zhang. 2004. Consistency Analysis of Authorization Hook Placement in the Linux Security Modules Framework. Transactions on Information and System Security 7, 2 (May 2004), 175--205. Google ScholarDigital Library
- Patrick Lam, Eric Bodden, Ondrej Lhoták, and Laurie Hendren. 2011. The Soot framework for Java Program Analysis: A Retrospective. In Proceedings of the Cetus Users and Compiler Infrastructure Workshop (CETUS).Google Scholar
- Ondrej Lhoták. 2007. Comparing Call Graphs. In Proceedings of the ACM Workshop on Program Analysis for Software Tools and Engineering (PASTE). Google ScholarDigital Library
- Ondej Lhoták and Laurie Hendren. 2003. Scaling Java Points-to Analysis Using SPARK. In Proceedings of the 12th International Conference on Compiler Construction (CC 03). Springer Berlin Heidelberg, Warsaw, Poland, 153--169. Google ScholarDigital Library
- Travis McCoy. 2019. How the World Bank is mobilizing their workforce with Android. https://www.blog.google/topics/connected-workspaces/how-world-b ank-mobilizing-their-workforce-android/. Accessed Jan. 10, 2019.Google Scholar
- Mark Milian. 2019. U.S. government, military to get secure Android phones. http://www.cnn.com/2012/02/03/tech/mobile/government-android-phones/in dex.html. Accessed Jan. 10, 2019.Google Scholar
- Adwait Nadkarni and William Enck. 2013. Preventing Accidental Data Disclosure in Modern Operating Systems. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Google ScholarDigital Library
- Paul Pearce, Adrienne Porter Felt, Gabriel Nunez, and David Wagner. 2012. Ad- Droid: Privilege Separation for Applications and Advertisers in Android. In Proc. of the ACM Symposium on Information, Computer and Communications Security. Google ScholarDigital Library
- Steve Ranger. 2019. The world's most secure smartphones - and why they're all Androids. http://www.zdnet.com/article/the-worlds-most-secure-smartphones -and-why-theyre-all-androids/. Accessed Jan. 10, 2019.Google Scholar
- Yuru Shao, Jason Ott, Qi Alfred Chen, Zhiyun Qian, and Z. Morley Mao. 2016. Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS).Google Scholar
- Riley Spahn, Jonathan Bell, Michael Lee, Sravan Bhamidipati, Roxana Geambasu, and Gail Kaiser. 2014. Pebbles: Fine-Grained Data Management Abstractions for Modern Operating Systems. In Proceedings of the USENIX Operating Systems Design and Implementation (OSDI). Google ScholarDigital Library
- Laszlo Szathmary. 2006. Symbolic Data Mining Methods with the Coron Platform. Ph.D. Dissertation. Université Henri Poincaré-Nancy I.Google Scholar
- Lin Tan, Xiaolan Zhang, Xiao Ma, Weiwei Xiong, and Yuanyuan Zhou. 2008. AutoISES: Automatically Inferring Security Speciication and Detecting Violations. In Proceedings of the USENIX Security Syposium. Google ScholarDigital Library
- Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot - A Java Bytecode Optimization Framework. In Proc. of the Conference of the Centre for Advanced Studies on Collaborative Research. Google ScholarDigital Library
- Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, and Xuxian Jiang. 2013. The Impact of Vendor Customizations on Android Security. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). 623--634. Google ScholarDigital Library
- Luyi Xing, Xiaorui Pan, RuiWang, Kan Yuan, and XiaoFengWang. 2014. Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Mohammed J Zaki and Ching-Jui Hsiao. 2002. CHARM: An Eicient Algorithm for Closed Itemset Mining. In Proceedings of the 2002 SIAM International Conference on Data Mining.Google ScholarCross Ref
- Mu Zhang, Yue Duan, Heng Yin, and Zhiruo Zhao. 2014. Semantics-Aware Android Malware Classiication Using Weighted Contextual API Dependency Graphs. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Google ScholarDigital Library
- Xiaolan Zhang, Antony Edwards, and Trent Jaeger. 2002. Using CQUAL for Static Analysis of Authorization Hook Placement. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- Xiaolan Zhang, Trent Jaeger, and Larry Koved. 2004. Applying Static Analysis to Verifying Security Properties. In Proceedings of the Grace Hopper Celebration of Women in Computing Conference (GHC).Google Scholar
- Xiaoyong Zhou, Yeonjoon Lee, Nan Zhang, Muhammad Naveed, and XiaoFeng Wang. 2014. The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations. In Proc. of the IEEE Symposium on Security and Privacy Google ScholarDigital Library
Index Terms
- ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware
Recommendations
Flow-Limited Authorization
CSF '15: Proceedings of the 2015 IEEE 28th Computer Security Foundations SymposiumBecause information flow control mechanisms often rely on an underlying authorization mechanism, their security guarantees can be subverted by weaknesses in authorization. Conversely, the security of authorization can be subverted by information flows ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesRole-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
Extracting Minimal Non-Redundant Association Rules from QCIL
CIT '04: Proceedings of the The Fourth International Conference on Computer and Information TechnologyThe association rules are usually extracted from frequent itemsets (FIs), but the number is enormous, and there are some FIs with the same tideset, so many redundant rules exist in the mined rules. The frequent closed itemsets are adopted in order to ...
Comments