a uth s cope towards automatic discovery of vulnerable
play

A UTH S COPE : Towards Automatic Discovery of Vulnerable - PowerPoint PPT Presentation

May 30, 2023 •352 likes •1.4k views

Introduction Overview Detailed Design Evaluation Related Work Conclusion References A UTH S COPE : Towards Automatic Discovery of Vulnerable Authorizations in Online Services Chaoshun Zuo, Qingchuan Zhao , Zhiqiang Lin University of Texas at

  1. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Challenge: Obtain the post-authentication messages GET /api/v1//users/21690/notifications?in_app_token=e67315b35aa3 8d4ac8cac3cd9c7f88ae7f576d373f HTTP/1.1 Host: api.w****.com Connection: close Alice’s first request message after login GET /api/v1//users/21691/notifications?in_app_token=fb153b7d8c0a 0c6ac841d7bfbd9446de627c642858 HTTP/1.1 Host: api.w****.com Connection: close Bob’s first request message after login

  2. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Challenge: Obtain the post-authentication messages GET /api/v1//users/21690/notifications?in_app_token=e67315b35aa3 8d4ac8cac3cd9c7f88ae7f576d373f HTTP/1.1 Host: api.w****.com Connection: close Alice’s first request message after login GET /api/v1//users/21691/notifications?in_app_token=fb153b7d8c0a 0c6ac841d7bfbd9446de627c642858 HTTP/1.1 Host: api.w****.com Connection: close Bob’s first request message after login Insights Executing the app with single-sign-on.

  3. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Challenge: Recognize&Substitute fields of interest GET /api/v1//users/21690/notifications?in_app_token=e67315b35aa3 8d4ac8cac3cd9c7f88ae7f576d373f HTTP/1.1 Host: api.w****.com Connection: close Alice’s first request message after login GET /api/v1//users/21691/notifications?in_app_token=fb153b7d8c0a 0c6ac841d7bfbd9446de627c642858 HTTP/1.1 Host: api.w****.com Connection: close Bob’s first request message after login

  4. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Challenge: Recognize&Substitute fields of interest GET /api/v1//users/21690/notifications?in_app_token=e67315b35aa3 8d4ac8cac3cd9c7f88ae7f576d373f HTTP/1.1 Host: api.w****.com Connection: close Alice’s first request message after login GET /api/v1//users/21691/notifications?in_app_token=fb153b7d8c0a 0c6ac841d7bfbd9446de627c642858 HTTP/1.1 Host: api.w****.com Connection: close Bob’s first request message after login Insights Differential traffic analysis and small Euclidean distance.

  5. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Challenge: Identify the vulnerability GET /api/v1//users/21691/notifications?in_app_token=e67315b35aa3 8d4ac8cac3cd9c7f88ae7f576d373f HTTP/1.1 Host: api.w****.com Connection: close HTTP/1.1 200 OK Cache-Control: max-age=0, private, must-revalidate Content-Type: application/json ETag: W/"6ee365b32e7f3e145d5c74778ea243cd" Server: nginx/1.6.2 X-Request-Id: 4970cafb-9438-4a70-96e0-ca2f789f0d5d X-Runtime: 0.022889 Content-Length: 192 Connection: Close [{"id":433227,"sender":null,"dog":null,"notification_type":15,"n otification_text":"Welcome to w****.","object_id":21691,"is_seen ":true,"is_read":false,"created_at":"2017-01-28T23:56:40.533Z"}] Alice reads Bob’s notifications

  6. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Challenge: Identify the vulnerability GET /api/v1//users/21691/notifications?in_app_token=e67315b35aa3 8d4ac8cac3cd9c7f88ae7f576d373f HTTP/1.1 Host: api.w****.com Connection: close HTTP/1.1 200 OK Cache-Control: max-age=0, private, must-revalidate Content-Type: application/json ETag: W/"6ee365b32e7f3e145d5c74778ea243cd" Server: nginx/1.6.2 X-Request-Id: 4970cafb-9438-4a70-96e0-ca2f789f0d5d X-Runtime: 0.022889 Content-Length: 192 Connection: Close [{"id":433227,"sender":null,"dog":null,"notification_type":15,"n otification_text":"Welcome to w****.","object_id":21691,"is_seen ":true,"is_read":false,"created_at":"2017-01-28T23:56:40.533Z"}] Alice reads Bob’s notifications Insights Labeling server response with differential traffic analysis.

  7. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Problem Statement & Assumption Problem Statement Given a mobile app Automatically identify whether its server is vulnerable to access control violation

  8. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Problem Statement & Assumption Problem Statement Given a mobile app Automatically identify whether its server is vulnerable to access control violation Assumptions HTTP/HTTPS protocol Facebook login

  9. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Overview of A UTH S COPE 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation 3 and Substitution 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Response Message Alice’s Response 2 Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud

  10. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Post-Authentication Message Generation 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation and Substitution 3 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Alice’s Response 2 Response Message Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud

  11. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Post-Authentication Message Generation 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation and Substitution 3 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Alice’s Response 2 Response Message Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud View Identification and Exploration

  12. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Post-Authentication Message Generation 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation and Substitution 3 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Alice’s Response 2 Response Message Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud View Identification and Exploration Automatic Social-based Service Login

  13. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Post-Authentication Message Generation Cont

  14. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Post-Authentication Message Generation Cont Button 1

  15. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Post-Authentication Message Generation Cont Button 1 Button 2

  16. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Post-Authentication Message Generation Cont Button 1 FaceBook Login Button 2

  17. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Field Recognition and Substitution 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation 3 and Substitution 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Response Message Alice’s Response 2 Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud

  18. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Field Recognition and Substitution 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation 3 and Substitution 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Response Message Alice’s Response 2 Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud Parsing Message Fields

  19. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Field Recognition and Substitution 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation 3 and Substitution 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Response Message Alice’s Response 2 Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud Parsing Message Fields Identifying Fields of Interest

  20. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Field Recognition and Substitution 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation 3 and Substitution 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Response Message Alice’s Response 2 Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud Parsing Message Fields Identifying Fields of Interest Substituting Enumerable Fields

  21. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Field Recognition and Substitution Cont GET /api/v1//users/21690/notifications?in_app_token=e67315b35aa3 8d4ac8cac3cd9c7f88ae7f576d373f HTTP/1.1 Host: api.w****.com Connection: close

  22. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Field Recognition and Substitution Cont GET /api/v1//users/21690/notifications?in_app_token=e67315b35aa3 8d4ac8cac3cd9c7f88ae7f576d373f HTTP/1.1 Host: api.w****.com Connection: close <users, 21690> <in_app_token, e67315b35aa38d4ac8cac3cd9c7f88ae7f576d373f>

  23. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Field Recognition and Substitution Cont 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation and Substitution 3 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Alice’s Response 2 Response Message Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud

  24. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Field Recognition and Substitution Cont <users, 21690> <in_app_token, e67315b35aa38d4ac8cac3cd9c7f88ae7f576d373f> <timestamp, 1485612650> <users, 21690> <in_app_token, e67315b35aa38d4ac8cac3cd9c7f88ae7f576d373f> <timestamp, 1485612710>

  25. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Field Recognition and Substitution Cont <users, 21690> <in_app_token, e67315b35aa38d4ac8cac3cd9c7f88ae7f576d373f> <timestamp, 1485612650> <users, 21690> <in_app_token, e67315b35aa38d4ac8cac3cd9c7f88ae7f576d373f> <timestamp, 1485612710>

  26. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Field Recognition and Substitution Cont <users, 21690> <in_app_token, e67315b35aa38d4ac8cac3cd9c7f88ae7f576d373f>

  27. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Field Recognition and Substitution Cont <users, 21690> <in_app_token, e67315b35aa38d4ac8cac3cd9c7f88ae7f576d373f> <users, 21691> <in_app_token, fb153b7d8c0a0c6ac841d7bfbd9446de627c642858>

  28. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Field Recognition and Substitution Cont Field-Value of Alice vs. Field-Value of Bob ED e67315b35aa38d4ac8cac3cd9c7f88ae7f576d373f + ∞ fb153b7d8c0a0c6ac841d7bfbd9446de627c642858 21690 1.0 21691

  29. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Response Message Labeling 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation and Substitution 3 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Alice’s Response 2 Response Message Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud

  30. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Response Message Labeling 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation and Substitution 3 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Alice’s Response 2 Response Message Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud Labeling response messages indicate vulnerability

  31. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Response Message Labeling Cont <id, 433222> <sender, null> <dog, null> <notification_type, 15> <notification_text, "Welcome to w****.“> <object_id, 21690> <is_seen, true> Alice

  32. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Response Message Labeling Cont <id, 433222> <id, 433227> <sender, null> <sender, null> <dog, null> <dog, null> <notification_type, 15> <notification_type, 15> <notification_text, <notification_text, "Welcome to w****.“> "Welcome to w****.“> <object_id, 21690> <object_id, 21691> <is_seen, true> <is_seen, true> Alice Bob

  33. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Response Message Labeling Cont <id, 433222> <id, 433227> <id, 433227> <sender, null> <sender, null> <sender, null> <dog, null> <dog, null> <dog, null> <notification_type, 15> <notification_type, 15> <notification_type, 15> <notification_text, <notification_text, <notification_text, "Welcome to w****.“> "Welcome to w****.“> "Welcome to w****.“> <object_id, 21690> <object_id, 21691> <object_id, 21691> <is_seen, true> <is_seen, true> <is_seen, true> Alice Bob New

  34. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Response Message Labeling Cont <id, 433222> <id, 433227> <id, 433227> <sender, null> <sender, null> <sender, null> <dog, null> <dog, null> <dog, null> <notification_type, 15> <notification_type, 15> <notification_type, 15> <notification_text, <notification_text, <notification_text, "Welcome to w****.“> "Welcome to w****.“> "Welcome to w****.“> <object_id, 21690> <object_id, 21691> <object_id, 21691> <is_seen, true> <is_seen, true> <is_seen, true> Alice Bob New

  35. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Response Message Labeling Cont Prune Public Interfaces

  36. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Response Message Labeling Cont Prune Public Interfaces News App

  37. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Implementation 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation 3 and Substitution 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Response Message Alice’s Response 2 Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud Atop Android 4.4 with Xposed framework

  38. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Implementation 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation 3 and Substitution 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Response Message Alice’s Response 2 Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud Burp Suite for man-in-the-middle proxy

  39. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Implementation 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation 3 and Substitution 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Response Message Alice’s Response 2 Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud 5,000 lines of Java and 300 lines of Python

  40. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Experiment Setup Dataset Collection Top 10% free mobile apps from Google Play, totally 200,000 apps Filtered out the app that does not have Facebook libraries, remaining 33,950 apps Filtered out the app that has no Facebook login button or invoking code, finally we have 4,838 apps

  41. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Experiment Setup Dataset Collection Top 10% free mobile apps from Google Play, totally 200,000 apps Filtered out the app that does not have Facebook libraries, remaining 33,950 apps Filtered out the app that has no Facebook login button or invoking code, finally we have 4,838 apps Testing Environment LG Nexus 4 with Android 4.4 Ubuntu 14.04 on Intel i7-6700k CPU with 8G memory Two Facebook accounts:Alice: alice4testapp@gmail.com & Bob: bob4testapp@gmail.com

  42. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Experiment Setup

  43. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Overall Experiment Result Item Value Total # Apps 4,838

  44. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Overall Experiment Result Item Value Total # Apps 4,838 Total Time of testing (hours) 562.4

  45. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Overall Experiment Result Item Value Total # Apps 4,838 Total Time of testing (hours) 562.4 Total # Request Messages 3,220,886

  46. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Overall Experiment Result Item Value Total # Apps 4,838 Total Time of testing (hours) 562.4 Total # Request Messages 3,220,886 Total # Suspicious Interfaces 2,976

  47. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Overall Experiment Result Item Value Total # Apps 4,838 Total Time of testing (hours) 562.4 Total # Request Messages 3,220,886 Total # Suspicious Interfaces 2,976 Total # Public Interfaces 2,379

  48. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Overall Experiment Result Item Value Total # Apps 4,838 Total Time of testing (hours) 562.4 Total # Request Messages 3,220,886 Total # Suspicious Interfaces 2,976 Total # Public Interfaces 2,379 Total # Vulnerable Interfaces 597

  49. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Distribution of the Vulnerable Interfaces

  50. ��� � ������� �������� ���� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � ����� ������������ �� �� �� �� �� �� �� �� �� ����� �� �� �� �� �� �� �� � �� ������ ������������ �� �� �� �� �� �� �� �� �� �� � �� �� ������������� �� � �� ������������ ������������ �� �� �� � ����� ������������ �� �� �� �� �� �� �� ������� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � �� �� ����� ������������ �� �� �� �� �� �� �� �� �� �� �� ��� ������� ���� �� � � � ��� �� ��� � ����������� ����� ������� � ������� � ����� �� �������� ������������ ������� ��� ��� ������ ��� �� ���� ��������� �� ����� �� ��� � �������� ������ � ����� � � �������� ������� ���� ��������������� �������� ���� ������� ��� ��� ������� ���� ���� ���������� �������� ������� ���� ����� �� ���� ������� �� �� ��� ��������� �� �������� �������� �� ���� ������ �� ��������� �� ������������� �� ������� ������� ��� ������� ������� ���� �� ������ �� ��������� �� ���� ���� ���� ������� �� ���� ����� �� ��������� �� ������������� �� ���� �������� �� ����� ������� �� ���� ����������� ���� ��������������� �� ������ �� ���� ��� �� ������������ ����� �� �� �������� �� ���� ����� ����� �� ���� ������ ���� ���� �������� �� �� �� �� �� �� �� �� ����� ������� �� �� �� �� � ���� ���������������������������� �� �� �� �� �� �� �� �� � �� �� ������� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � �� �� ����� ��������������� �� �� �� �� �� �� �� �� �� �� �� �� �� �������� �� � �� �� ����� �� ������������� ������� ��� ��� ������ ��� �� ���� ��������� ����� � ������� ������� ������� � ������� ������� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � � � ���������� �� �� �� �� �� �� �� �� �� ����� �� �� �� �� � ��� ����������� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � �� �� �� ����� ������������ ���������������� ���� ������������ �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � ������ �� �� �� �� �� �� �� �� � �� �� ����� �������� �� �� �� �� �� �� �� �� �� �� �� �� �� � �� �� ���� �� �� � �� ������������ �� �� �� �� �� �� �� �� �� �� �� �� � ����� ������������ �� �� �� �� �� �� �� �� �� �� �� �� �� � �� �� ����� ������������ �� �� �� �� � �� �� ����� �������� �� �� �� �� � �� ��� � ������������ ���� � ����� � � � ��� �� ��� ������������ ��� ������� � � � ��� �� ��� � �� �� ������������� � ����� �� ��� �� ������������ ������ � ������� � � ����� ����� �� ��� � ������������ ����� � � � ������������ � � ���������� ������������ ����� � ��������� ���������� ���������� ������ �������� ����� ��� ����� ������� ���� ��� �������� ����������� ������� �������� �������� ���� �� � � � �� � � � ��� �� ��� �� ������������ ������������� � �� ��� ��� �� ����� � ������������ �������� � � �� �� ��� � � � �� ��� �� ����� �� ������������ ������������ � �������� � ��� �� ��� �� ������������ ��������� � � ��������������� � ��� � ���������������������������� ����� � � �� ����� �� �� � ������� ������ � � �� ��� �� ��� � ����������� ��� ���������������� ������� � �� �� ��� �� ��� �� ���� � ���������� �� � � �� ����� �� ����� �� �������� ������������ � ����� �� ��� � ������������ ���� � ��������� � �� �� ��� � ��� � ��� � � ����� � ����� �������� � Introduction Overview Detailed Design Evaluation Related Work Conclusion References Detailed Results for Top Tested App in Each Category �� �������� ������������ �� ������� ������������ �� ������� �������� ����������� �� � �� �� �� �� �� ��

  51. ��� � ������� �������� ���� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � ����� ������������ �� �� �� �� �� �� �� �� �� ����� �� �� �� �� �� �� �� � �� ������ ������������ �� �� �� �� �� �� �� �� �� �� � �� �� ������������� �� � �� ������������ ������������ �� �� �� � ����� ������������ �� �� �� �� �� �� �� ������� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � �� �� ����� ������������ �� �� �� �� �� �� �� �� �� �� �� ��� ������� ���� �� � � � ��� �� ��� � ����������� ����� ������� � ������� � ����� �� �������� ������������ ������� ��� ��� ������ ��� �� ���� ��������� �� ����� �� ��� � �������� ������ � ����� � � �������� ������� ���� ��������������� �������� ���� ������� ��� ��� ������� ���� ���� ���������� �������� ������� ���� ����� �� ���� ������� �� �� ��� ��������� �� �������� �������� �� ���� ������ �� ��������� �� ������������� �� ������� ������� ��� ������� ������� ���� �� ������ �� ��������� �� ���� ���� ���� ������� �� ���� ����� �� ��������� �� ������������� �� ���� �������� �� ����� ������� �� ���� ����������� ���� ��������������� �� ������ �� ���� ��� �� ������������ ����� �� �� �������� �� ���� ����� ����� �� ���� ������ ���� ���� �������� �� �� �� �� �� �� �� �� ����� �� �� �� �� �� �� �� �� �� � ���� ���������������������������� �� �� �� �� �� �� �� �� ������� ������� �� �� �� �� �� �� �� �� �� � �� �� ����� ��������������� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �������� ����� �� ����� �� ������������� ������� ��� ��� ������ ��� �� ���� ��������� ����� � ������� ������� ������� � ������� ������� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � � � ���������� �� �� �� �� �� �� �� �� �� ����� �� �� �� �� � ��� ����������� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � �� � �� ������������ ������������ �� �� �� �� �� ������������ �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � ������ ���������������� �� �� �� �� �� �� � �� �� � �� �� ����� �������� �� �� �� �� �� �� �� �� �� �� �� �� �� � �� �� ���� ���� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � ����� ������������ �� �� �� �� �� �� �� �� �� �� �� � �� �� ����� ������������ �� �� �� �� � �� �� ����� �������� �� �� �� �� �� � �� ��� � ������������ ���� � ����� � � � ��� �� ��� ������������ ��� ������� � � � ��� �� ��� � �� �� ������������� � ����� �� ��� �� ������������ ������ � ������� � � ����� ����� �� ��� � ������������ ����� � � � ������������ � � ���������� ������������ ����� � ��������� ���������� ���������� ������ �������� ����� ��� ����� ������� ���� ��� �������� ����������� ������� �������� �������� ���� �� � � � �� � � � ��� �� ��� �� ������������ ������������� � �� ��� ��� �� ����� � ������������ �������� � � �� �� ��� � � � �� ��� �� ����� �� ������������ ������������ � �������� � ��� �� ��� �� ��������� ����������� � � ��������������� � ��� � ���������������������������� ����� � � �� ����� �� �� � ������� ������ � � �� ��� �� ��� � ������������ ��� ���������������� ������� �� � �� ��� �� ��� �� ���� � ���������� �� � � �� ����� �� ����� �� �������� ������������ � ����� �� ��� � ������������ ���� � ��������� � �� ��� � ��� � �� � � ��� ����� � ����� �������� � Introduction Overview Detailed Design Evaluation Related Work Conclusion References User Privacy & Vulnerability Details �� �������� ������������ �� ������� ������������ �� ������� �������� ����������� �� � �� � �� ��

  52. ��� � ������� �������� ���� ��� �� ��� � � � ����� � ����� �������� � �� �� ��� �� � � ���� � ��������� ������������ � ��� ����� ������������ ��� � � ��������� �������� �� ����� �� ����� �� � ������� ���� � ���������� ���������������� �� ��� �� ��� �� � � �� � �� ��� �� ��� �� � � ������ ������� �� �� � ����� �� � � ����� ���������������������������� � ����� ��� ��������������� � � � ����������� ������������ �� ��� �� ��� � � �������� ������������ ������������ �� ����� �� ��� �� � � � ��� ����� ����� �� ��� �� � � �������� ������������ � �� � ��� �� � � ������������� ������������ �� ��� ��� ������������ ��� ������� �� �� �� �� �� �� �� �� ����� �� ������������� ������� ��� ��� ������ ��� �� ���� ��������� ����� � ������� ������� ������� � ������� ������� ��� � ������� �������� ���� � � ���� �� �������� �������� ����������� ����� � ��������� �������� ������� ���� ���������� ����� ����� ��� �������� ������ ���������� ���������� �� � �� ��� �� ����� � � � ����� ������������ � �� �� ����� � � � ������ � ������� ������������ �� ��� ��� ������������ � � � ������������� ������������ � ��� �� ��� � � ���� � ����� ������� ������������ � ��� �� ��� � � � ��� �� �� �� �� �� �� �� � �� �� �� �� �� �� �� �������� ����� � �� �� �� �� �� �� ������������ ����� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� ������������ ����� �� �� � �� �� �� �� �� �� �� � �� �� �� �� �� �� ���� � �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �������� ����� � �� �� �� �� �� �� ���� �� �� �� �� �� ���������������� ������ �� �� � �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� ������������ �� ������������ �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� ����������� ��� �� �� � �� �� �� ����� �� �� �� �� �� �� �� �� ���������� � � � �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� ����� �� ������������� ������� ��� ��� ������ ��� �� ���� ��������� ����� � ������� ������� ������� � ������� ������� �� �� � �������� ����� �� �� �� � �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� ��������������� ����� � �� �� �� �� �� �� �� �� �� �� �� ������� ������� �� �� �� �� �� �� �� �� ���������������������������� ���� �� �� � �� �� ������������ �� � ���� �� ������ �� ���� ��� �� ������������ ����� �� �� �������� �� ���� ����� ����� �� ���� ������ ���� ���� ��������������� �� ���� ����� �� ��������� �� ������������� �� ���� �������� �� ����� ������� �� ���� ����������� ���� ������� ��� ������� ������� ���� �� �� ��� ��������� �� �������� �������� �� ���� ������ �� ��������� �� ������������� �� ������� ������� ����� �� ���� ������� ���������� ���� �������� ������� ���� ���� ��� ������� ��� ������� ���� �������� ��������������� ������� ���� �������� �������� ������������ � � ������ � ����� �������� � ��� �� ����� �� � ����� �� �������� ������������ ������� ��� ��� ������ ��� �� ���� ��������� ����� ������� � ������� ����������� � ��� �� ��� � � � ������� ���� ��� �� �� �� �� ������������ �� �� �� �� �� ������������ ����� � �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� ������� �� �� �� �� �� �� � �� �� �� �� �� �� �� �� ������������ ����� �� �� � �� �� �� �� � �� �� �� �� �� �� �� �� �� �� �� �� �� �� ������������ ������ �� � �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � �� ������������ ����� �� �� � �� �� �� �� �� �� �� �� �� �� ������������� ����� �� �� �� �� �� �� �� �� �� � � � �� ��� � � � ����� � ����� �������� � ��� ��� ����� �� � � ���� � ��������� ������������ � ��� �� �� �� � ���� � ���������� �������� �� ����� �� ����� �� � � ���������������� ������������ �� ��� �� ��� �� � � ������� ��� � � ��� �� ��� �� � � ������ ������� �� �� � ����� �� � � ����� ���������� � ����� ��� ��������������� � � ����������� ������������ �� ��� �� ��� � � ������������ �������� ������������ �� ����� �� ��� �� � � ��������� � ����� ��� �� � � �������� ������������ � ����� �� �� �� � � ������������� ������������ �� ��� �� ��� ��� ��� � ������� ���� � � ���� �� �������� �������� ������� ����������� �������� ���������� � ����� ����� ��� �������� ������ ���������� ���������� ����� � ��������� ������������ � � �� ����� � � � ����� ������������ � ��� �� � �� � � ������ � ������� ������������ �� ��� �� ��� ����� ��� ������������� ������� ������������ � ��� �� ��� � � � ������������ �� � ��� �� ��� � � � ���� � ����� ������������ ��� ���������������������������� �� �������� �� �� �� �� �� �� �� ������������ ���� �� �� � �� �� �� �� �� �� �� �� ����� �� �� �� �� �� � �� �� �� �� �� �� ������������ ����� � �� �� �� �� �� �� �� �� �� �� �� �� �� �� ������������ �� �� �� �� �� �� �� �� �� �� �� � �� �� �� �� ������������ ���� � �� �� �� �� �� �� �� �� �� �� �� � �������� ����� � �� �� �� �� �� �� �� �� �� �� �� �� �� ���������������� ������ �� �� �� �� ����� ����� �� �� �� �� �� �� �� � �� �� �� �� �� �� �� �������� ����� �� �� � �� �� �� ���������������������������� �� �� �� �� �� �� �� �� ����������� ��� �� �� � �� �� �� �� �� �� �� �� �� �� �� �� ���� �� �� �� �� �� �� �� �� � �� �� �� �� �� �� �� �� �� �� �� �� ������������ ����� �� � �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� ��������������� ����� � �� �� �� �� �� �� �� �� �� �� �� �� ������� ������� �� �� � �� ������������ �� �� ��� ��������� �� �������� �������� �� ���� ������ �� ��������� �� ������������� �� ������� ������� ���� �������� �� ������ �� ���� ��� �� ������������ ����� �� �� �������� �� ���� ����� ����� �� ���� ������ ���� ���� ��������������� �� ���� ����� �� ��������� �� ������������� �� ���� �������� �� ����� ������� �� ���� ����������� ���� ������� �� ������ �� ��������� �� ���� ���� ��� ������� ������� ���� ����� �� ���� ������� �������� ���������� ���� ���� �� �� �� �� ��� ������� ��� ������� ���� �������� ������� ���� ����� �� �������� ������������ ������� ��� ��� ������ ��� �� ���� ��������� ��������������� � � ������ � ����� �������� � ��� �� ����� �� � � ����� ������� � ������� ����������� � ��� �� ��� � � �������� ���� ������� ������������ �� �� �� �� �� �� ������� ���� ����� �� � �� �� �� �� �� �� �� �� �� �� �� �� �� �� ����� �� � �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� ������������ ������� �� �� �� �� ������������� ������������ ������������ �� �� ������ �� � �� � �� �� ��� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� ������������ ����� �� �� � �� �� �� �� �� �� �� Introduction Overview Detailed Design Evaluation Related Work Conclusion References User Privacy & Vulnerability Details �� ������ �� ��������� �� ���� ���� �� �������� ������������ �� ������� ������������ �� ������� �������� ����������� �� �������� ������������ �� ������� ������������ �� ������� �������� ����������� �� � �� � �� �� �� �� �� �� � �� ��

  53. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Impact Up to 61 MILLION mobile users

  54. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Case Study-App K 00 { 01 "pk_i_id": "163126", 02 "dt_reg_date": "2017-04-30 23:21:59", 03 "dt_mod_date": "2017-04-30 23:36:58", 04 "s_name": "Bob Ccs", 05 "s_username": "163126", 06 "s_password": "7c4a8d09ca3762af61e59520943dc26494f8941b", 07 "s_secret": "6stgMaAb", 08 "s_email": "bob4testapp@gmail.com", 09 "s_website": "bob.ccs\/index.html", 10 "s_phone_mobile": "4695855213", 11 "s_pass_ip": null, 12 "fk_c_country_code": null, 13 "s_country": "Tanzania", 14 "s_address": "15246 Sni Rd. APT 252 Tanzania", 15 "fk_i_region_id": "17", 16 "s_region": "Mara", 17 "d_coord_lat": null, 18 "d_coord_long": null, 19 "b_company": "0", 20 "i_items": "1", 21 "i_comments": "0", 22 "dt_access_date": "2017-04-30 23:46:05", 23 "s_access_ip": "", 24 "b_prefer_phone": "1", 25 "s_dialing_code": "+255", 26 "fk_i_category_id": "22", 27 "s_facebook_page": "http:\/\/", 28 ... 29 }

  55. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Case Study-App K User Privacy 00 { 01 "pk_i_id": "163126", 02 "dt_reg_date": "2017-04-30 23:21:59", 03 "dt_mod_date": "2017-04-30 23:36:58", Password 04 "s_name": "Bob Ccs", 05 "s_username": "163126", 06 "s_password": "7c4a8d09ca3762af61e59520943dc26494f8941b", 07 "s_secret": "6stgMaAb", 08 "s_email": "bob4testapp@gmail.com", 09 "s_website": "bob.ccs\/index.html", 10 "s_phone_mobile": "4695855213", 11 "s_pass_ip": null, 12 "fk_c_country_code": null, 13 "s_country": "Tanzania", 14 "s_address": "15246 Sni Rd. APT 252 Tanzania", 15 "fk_i_region_id": "17", 16 "s_region": "Mara", 17 "d_coord_lat": null, 18 "d_coord_long": null, 19 "b_company": "0", 20 "i_items": "1", 21 "i_comments": "0", 22 "dt_access_date": "2017-04-30 23:46:05", 23 "s_access_ip": "", 24 "b_prefer_phone": "1", 25 "s_dialing_code": "+255", 26 "fk_i_category_id": "22", 27 "s_facebook_page": "http:\/\/", 28 ... 29 }

  56. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Case Study-App K User Privacy 00 { 01 "pk_i_id": "163126", 02 "dt_reg_date": "2017-04-30 23:21:59", 03 "dt_mod_date": "2017-04-30 23:36:58", Registration Date 04 "s_name": "Bob Ccs", 05 "s_username": "163126", 06 "s_password": "7c4a8d09ca3762af61e59520943dc26494f8941b", Last Update Date 07 "s_secret": "6stgMaAb", 08 "s_email": "bob4testapp@gmail.com", 09 "s_website": "bob.ccs\/index.html", User ID 10 "s_phone_mobile": "4695855213", 11 "s_pass_ip": null, 12 "fk_c_country_code": null, Email 13 "s_country": "Tanzania", 14 "s_address": "15246 Sni Rd. APT 252 Tanzania", 15 "fk_i_region_id": "17", 16 "s_region": "Mara", 17 "d_coord_lat": null, 18 "d_coord_long": null, 19 "b_company": "0", 20 "i_items": "1", 21 "i_comments": "0", 22 "dt_access_date": "2017-04-30 23:46:05", 23 "s_access_ip": "", 24 "b_prefer_phone": "1", 25 "s_dialing_code": "+255", 26 "fk_i_category_id": "22", 27 "s_facebook_page": "http:\/\/", 28 ... 29 }

  57. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Case Study-App K User Privacy 00 { 01 "pk_i_id": "163126", 02 "dt_reg_date": "2017-04-30 23:21:59", 03 "dt_mod_date": "2017-04-30 23:36:58", Real Name 04 "s_name": "Bob Ccs", 05 "s_username": "163126", 06 "s_password": "7c4a8d09ca3762af61e59520943dc26494f8941b", Phone Number 07 "s_secret": "6stgMaAb", 08 "s_email": "bob4testapp@gmail.com", 09 "s_website": "bob.ccs\/index.html", Home Address 10 "s_phone_mobile": "4695855213", 11 "s_pass_ip": null, 12 "fk_c_country_code": null, Geo Location 13 "s_country": "Tanzania", 14 "s_address": "15246 Sni Rd. APT 252 Tanzania", 15 "fk_i_region_id": "17", 16 "s_region": "Mara", 17 "d_coord_lat": null, 18 "d_coord_long": null, 19 "b_company": "0", 20 "i_items": "1", 21 "i_comments": "0", 22 "dt_access_date": "2017-04-30 23:46:05", 23 "s_access_ip": "", 24 "b_prefer_phone": "1", 25 "s_dialing_code": "+255", 26 "fk_i_category_id": "22", 27 "s_facebook_page": "http:\/\/", 28 ... 29 }

  58. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Case Study-App I 00 { 01 ... 02 "response":{ 03 "user":{ 04 "idnum":false, 05 "name":"Bob", 06 "lastname":"Ccs", 07 "birthday":"1990-04-26", 08 "gender":"M", 09 "email":"bob4testapp@gmail.com", 10 "type":"EMAIL", 11 "firstlogin":"1", 12 "country":{ 13 "id":"10", 14 "name":"United States", 15 ... 16 }, 17 "post_on_activities":"disabled", 18 "bananas_count":0, 19 "id":"673491", 20 "fbid_number":"106611716575863", 21 "current_latitude":”30.9863214", 22 "current_longitude":”-86.7501116", 23 "bananas_history":"https:\/\/profile.i******.com\/bananas\ /store\/673491\/?accesstoken=debda35ccd92f4b8e2e06f0bff3b6e49279 a557d&latitude=30.9863214&longitude=-86.7501116&lang=", 24 ... 25 } 26 } 27 }

  59. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Case Study-App I User Privacy 00 { 01 ... 02 "response":{ 03 "user":{ 04 "idnum":false, Email 05 "name":"Bob", 06 "lastname":"Ccs", 07 "birthday":"1990-04-26", 08 "gender":"M", User ID 09 "email":"bob4testapp@gmail.com", 10 "type":"EMAIL", 11 "firstlogin":"1", 12 "country":{ 13 "id":"10", 14 "name":"United States", 15 ... 16 }, 17 "post_on_activities":"disabled", 18 "bananas_count":0, 19 "id":"673491", 20 "fbid_number":"106611716575863", 21 "current_latitude":”30.9863214", 22 "current_longitude":”-86.7501116", 23 "bananas_history":"https:\/\/profile.i******.com\/bananas\ /store\/673491\/?accesstoken=debda35ccd92f4b8e2e06f0bff3b6e49279 a557d&latitude=30.9863214&longitude=-86.7501116&lang=", 24 ... 25 } 26 } 27 }

  60. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Case Study-App I User Privacy 00 { 01 ... 02 "response":{ 03 "user":{ 04 "idnum":false, Real Name 05 "name":"Bob", 06 "lastname":"Ccs", 07 "birthday":"1990-04-26", 08 "gender":"M", Birthday 09 "email":"bob4testapp@gmail.com", 10 "type":"EMAIL", 11 "firstlogin":"1", 12 "country":{ Geo Location 13 "id":"10", 14 "name":"United States", 15 ... 16 }, 17 "post_on_activities":"disabled", 18 "bananas_count":0, 19 "id":"673491", 20 "fbid_number":"106611716575863", 21 "current_latitude":”30.9863214", 22 "current_longitude":”-86.7501116", 23 "bananas_history":"https:\/\/profile.i******.com\/bananas\ /store\/673491\/?accesstoken=debda35ccd92f4b8e2e06f0bff3b6e49279 a557d&latitude=30.9863214&longitude=-86.7501116&lang=", 24 ... 25 } 26 } 27 }

  61. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Case Study-App I User Privacy 00 { 01 ... 02 "response":{ 03 "user":{ 04 "idnum":false, Account 05 "name":"Bob", 06 "lastname":"Ccs", Balance 07 "birthday":"1990-04-26", 08 "gender":"M", 09 "email":"bob4testapp@gmail.com", 10 "type":"EMAIL", 11 "firstlogin":"1", 12 "country":{ 13 "id":"10", 14 "name":"United States", 15 ... 16 }, 17 "post_on_activities":"disabled", 18 "bananas_count":0, 19 "id":"673491", 20 "fbid_number":"106611716575863", 21 "current_latitude":”30.9863214", 22 "current_longitude":”-86.7501116", 23 "bananas_history":"https:\/\/profile.i******.com\/bananas\ /store\/673491\/?accesstoken=debda35ccd92f4b8e2e06f0bff3b6e49279 a557d&latitude=30.9863214&longitude=-86.7501116&lang=", 24 ... 25 } 26 } 27 }

  62. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Limitation and Future work Limitations Only Facebook Login Only authrization vulnerabilities that leads to information leakage and account hijacking Only Android Platform and HTTP/HTTPS protocol

  63. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Limitation and Future work Limitations Only Facebook Login Only authrization vulnerabilities that leads to information leakage and account hijacking Only Android Platform and HTTP/HTTPS protocol Future Work Addressing the first two limitations Extend to other platforms and protocols

  64. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Related Work Vulnerability Discovery in Online Service. SQL injection [HVO06], cross-site-scripting [VNJ + 07], cross-site-forgery [BJM08], broken authentication [DKZ09], application logic vulnerabilities [WCWQ11, PB14, WZC + 13, XCWC13] Access Control in Online Service. security with single-sign on [WCW12, ZE14], oauth [SB12, CPC + 14], authentication vulnerability scanning [BLM + 13], password brute-force attacks with online services [ZWWL16]

  65. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Related Work Dynamic Analysis of Mobile Apps. Monkey [mon17], Robotium [Rob], AppsPlayground [RCE13], DynoDroid [MTN13], symbolic execution [ANHY12, MMP + 12, WL16, ZL17] Protocol Reverse Engineering. Analyzing network messages [Bed17, MLK + 06, CKW07, CFL + 17], and instructions traces [CS07, WMKK08, LJXZ08, LZ08, CPC + 08, MWKK09] to discover protocol formats. Inspired by the protocol informatics project [Bed17], and uses a customized Needleman-Wunsch algorithm [NW70] to align and diff the protocol messages and infer only the fields of our interest.

  66. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Conclusion A UTH S COPE Automatically identify whether an app’s server is vulnerable to access control violation 597 vulnerable implementations in 306 mobile apps over 4,838 apps

  67. Introduction Overview Detailed Design Evaluation Related Work Conclusion References Thank you 7 Field-Substituted Alice’s Request Messages (for Bob) 1 Alice’s Request 1 1 Alice’s Request 1 2 Alice’s Request 2 2 Alice’s Request 2 Post-Authentication Field Recognition Message Generation and Substitution 3 3 Bob’s Request Bob’s Request 4 Alice’s Response 1 5 Alice’s Response 2 Response Message Labeling 6 Bob’s Response 8 Server Response Messages for the Field-Substituted Request Smartphone Man-in-the-Middle Proxy Cloud To contact us {chaoshun.zuo, qingchuan.zhao, zhiqiang.lin}@utdallas.edu

  68. Introduction Overview Detailed Design Evaluation Related Work Conclusion References References I Saswat Anand, Mayur Naik, Mary Jean Harrold, and Hongseok Yang, Automated concolic testing of smartphone apps, Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering (New York, NY, USA), FSE ’12, ACM, 2012, pp. 59:1–59:11. Marshall Beddoe, The protocol informatics project, 2017, https://github.com/wolever/Protocol-Informatics . Adam Barth, Collin Jackson, and John C Mitchell, Robust defenses for cross-site request forgery, Proceedings of the 15th ACM conference on Computer and communications security, ACM, 2008, pp. 75–88. Guangdong Bai, Jike Lei, Guozhu Meng, Sai Sathyanarayan Venkatraman, Prateek Saxena, Jun Sun, Yang Liu, and Jin Song Dong, Authscan: Automatic extraction of web authentication protocols from implementations., NDSS, 2013. Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, and Giovanni Vigna, Obfuscation-resilient privacy leak detection for mobile apps through differential analysis, Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2017, pp. 1–16. Weidong Cui, Jayanthkumar Kannan, and Helen J. Wang, Discoverer: Automatic protocol reverse engineering from network traces, Proceedings of the 16th USENIX Security Symposium (Security’07) (Boston, MA), August 2007. Weidong Cui, Marcus Peinado, Karl Chen, Helen J. Wang, and Luis Irun-Briz, Tupni: Automatic reverse engineering of input formats, Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS’08) (Alexandria, Virginia, USA), October 2008, pp. 391–402.

  69. Introduction Overview Detailed Design Evaluation Related Work Conclusion References References II Eric Y Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, and Patrick Tague, Oauth demystified for mobile application developers, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2014, pp. 892–903. Juan Caballero and Dawn Song, Polyglot: Automatic extraction of protocol format using dynamic binary analysis, Proceedings of the 14th ACM Conference on Computer and and Communications Security (CCS’07) (Alexandria, Virginia, USA), 2007, pp. 317–329. Michael Dalton, Christos Kozyrakis, and Nickolai Zeldovich, Nemesis: Preventing authentication & access control vulnerabilities in web applications., USENIX Security Symposium, 2009, pp. 267–282. William G Halfond, Jeremy Viegas, and Alessandro Orso, A classification of sql-injection attacks and countermeasures, Proceedings of the IEEE International Symposium on Secure Software Engineering, vol. 1, IEEE, 2006, pp. 13–15. Zhiqiang Lin, Xuxian Jiang, Dongyan Xu, and Xiangyu Zhang, Automatic protocol format reverse engineering through context-aware monitored execution, Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS’08) (San Diego, CA), February 2008. Zhiqiang Lin and Xiangyu Zhang, Deriving input syntactic structure from execution, Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE’08) (Atlanta, GA, USA), November 2008. Justin Ma, Kirill Levchenko, Christian Kreibich, Stefan Savage, and Geoffrey M. Voelker, Unexpected means of protocol inference, Proceedings of the 6th ACM SIGCOMM on Internet measurement (IMC’06) (Rio de Janeriro, Brazil), ACM Press, 2006, pp. 313–326.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Automatic Fingerprinting Of Vulnerable BLE IoT Devices With Static UUIDs From Mobile Apps Chaoshun

Automatic Fingerprinting Of Vulnerable BLE IoT Devices With Static UUIDs From Mobile Apps Chaoshun

Computer Security Laboratory Automatic Fingerprinting Of Vulnerable BLE IoT Devices With Static UUIDs From Mobile Apps Chaoshun Zuo, Haohuang Wen , Zhiqiang Lin, and Yinqian Zhang Department of Computer Science and Engineering The Ohio State

1.19k views • 73 slides
Automatic discovery of the characteristics and capacities of a distributed computational platform

Automatic discovery of the characteristics and capacities of a distributed computational platform

Martin Q UINSON cole Normale Suprieure de Lyon, Laboratoire de lInformatique du Paralllisme Automatic discovery of the characteristics and capacities of a distributed computational platform December 11 th 2003 Introduction to the Grid

1.35k views • 121 slides
Toward Active Learning in Data Selection: Automatic Discovery of Language Features During

Toward Active Learning in Data Selection: Automatic Discovery of Language Features During

Toward Active Learning in Data Selection: Automatic Discovery of Language Features During Elicitation Jonathan Clark Robert Frederking Lori Levin Language Technologies Institute Carnegie Mellon University Pittsburgh, PA Feature Detection

550 views • 26 slides
Automatic Discovery of Evasion Vulnerabilities Using Targeted Protocol Fuzzing

Automatic Discovery of Evasion Vulnerabilities Using Targeted Protocol Fuzzing

Automatic Discovery of Evasion Vulnerabilities Using Targeted Protocol Fuzzing antti.levomaki@forcepoint.com opi@forcepoint.com WHO? ANTTI LEVOMKI OLLI-PEKKA NIEMI Research Scientist Director of Research WHAT? NETWORK EVASIONS +

463 views • 18 slides
B-HUNT: Automatic Discovery of Fuzzy Algebraic Constraints in Relational Data Paul G. Brown

B-HUNT: Automatic Discovery of Fuzzy Algebraic Constraints in Relational Data Paul G. Brown

B-HUNT: Automatic Discovery of Fuzzy Algebraic Constraints in Relational Data Paul G. Brown &amp; Peter J. Haas IBM Almaden Research Center San Jose, CA VLDB 2003 A Motivating Example n Shipment data: orderID shipDate orderID deliveryDate

588 views • 28 slides
Automatic Discovery of Diverse and Changing Network Services AMICT 2009 Workshop Petrozavodsk

Automatic Discovery of Diverse and Changing Network Services AMICT 2009 Workshop Petrozavodsk

Automatic Discovery of Diverse and Changing Network Services AMICT 2009 Workshop Petrozavodsk State University 19 th May 2009 Mikko Pervil, prof. Jussi Kangasharju (instructor) Department of Computer Science, University of Helsinki

286 views • 17 slides
Qemu code fault automatic discovery with symbolic search Paul Marinescu, Cristian Cadar, Chunjie

Qemu code fault automatic discovery with symbolic search Paul Marinescu, Cristian Cadar, Chunjie

Qemu code fault automatic discovery with symbolic search Paul Marinescu, Cristian Cadar, Chunjie Zhu, Philippe Gabriel Goals of this presentation Introduction of KLEE (symbolic execution tool) Qemu fault/patch retrospective Understand

283 views • 13 slides
www.drupaleurope.org How to COPE with external entities Publishing &amp; Media Goal COPE:

www.drupaleurope.org How to COPE with external entities Publishing &amp; Media Goal COPE:

www.drupaleurope.org How to COPE with external entities Publishing &amp; Media Goal COPE: Create Once Publish Everywhere Strategy to create content in one place and publish it in many places Simple example: a block that appears on multiple

904 views • 29 slides
MacDonald Center for Obesity Prevention and Education (COPE) COPE Professional Webinar Series

MacDonald Center for Obesity Prevention and Education (COPE) COPE Professional Webinar Series

MacDonald Center for Obesity Prevention and Education (COPE) COPE Professional Webinar Series November 29, 2012 MacDonald Center for Obesity Prevention and Education (COPE) Goals Welcome to the COPE Webinar Series for Health Professionals!

137 views • 10 slides
S cope Metrcisacompliancemanagement

S cope Metrcisacompliancemanagement

S cope Metrcisacompliancemanagement Thepackagetag isperforated with thePackageID # printed on theupper and lower sections. Plant T racking

680 views • 47 slides
SAP IGS SAP IGS THE 'VULNERABLE' FORGOTTEN COMPONENT THE 'VULNERABLE' FORGOTTEN COMPONENT Yvan

SAP IGS SAP IGS THE 'VULNERABLE' FORGOTTEN COMPONENT THE 'VULNERABLE' FORGOTTEN COMPONENT Yvan

SAP IGS SAP IGS THE 'VULNERABLE' FORGOTTEN COMPONENT THE 'VULNERABLE' FORGOTTEN COMPONENT Yvan GENUER - Troopers 2018 DISCLAIMER DISCLAIMER Can't disclose too much Nothing hardcore Skipping 'What is SAP' part BAPI_USER_GET_DETAIL

1.32k views • 105 slides
An Ensemble of Deep Convolutional Networks for Automatic Film Score Genre Recognition Toward a

An Ensemble of Deep Convolutional Networks for Automatic Film Score Genre Recognition Toward a

An Ensemble of Deep Convolutional Networks for Automatic Film Score Genre Recognition Toward a Discovery-Rich Recommendation Agent Problem: Background Track Bottleneck Video and audio are growing exponentially Overwhelming choice leads to

398 views • 38 slides
PPI and the Digital Medicine System Dr Nathan Cope 16-May-2018, NTW R&amp;D Conference 1 NTW

PPI and the Digital Medicine System Dr Nathan Cope 16-May-2018, NTW R&amp;D Conference 1 NTW

PPI and the Digital Medicine System Dr Nathan Cope 16-May-2018, NTW R&amp;D Conference 1 NTW R&amp;D annual research conference | 16-May-2018 Disclosure Dr Nathan Cope is an employee of Otsuka Pharmaceutical Europe Ltd. Views expressed

341 views • 12 slides
HELPING TEENS COPE WITH GRIEF AND LOSS RESPO NDING TO SUIC IDE HOW TEENS COPE WITH LOSS &amp;

HELPING TEENS COPE WITH GRIEF AND LOSS RESPO NDING TO SUIC IDE HOW TEENS COPE WITH LOSS &amp;

HELPING TEENS COPE WITH GRIEF AND LOSS RESPO NDING TO SUIC IDE HOW TEENS COPE WITH LOSS &amp; GRIEVE Grie f is pe rso na l T he re is no rig ht o r wro ng wa y to g rie ve I nflue nc e d b y de ve lo pme nta l le ve l, c

378 views • 21 slides
The Vulnerable People in Emergencies Policy: Hiding Vulnerable Persons in Plain Sight Slide 1:

The Vulnerable People in Emergencies Policy: Hiding Vulnerable Persons in Plain Sight Slide 1:

The Vulnerable People in Emergencies Policy: Hiding Vulnerable Persons in Plain Sight Slide 1: Thank you for the introduction. I would like to thank the conference committee for allowing me to present here today. My name is Don Garlick. Im

492 views • 9 slides
Automatic Enrollment and Automatic IRAs David C. John The Heritage Foundation The Retirement

Automatic Enrollment and Automatic IRAs David C. John The Heritage Foundation The Retirement

Automatic Enrollment and Automatic IRAs David C. John The Heritage Foundation The Retirement Security Project Automatic Enrollment Works Legal since 1999. All legal questions resolved 2006. Most larger 401(k)s incorporate automatic

137 views • 13 slides
Pros and cons for using LDAP as backend for an RBAC system 3 rd LDAPCon, Heidelberg,

Pros and cons for using LDAP as backend for an RBAC system 3 rd LDAPCon, Heidelberg,

Pros and cons for using LDAP as backend for an RBAC system 3 rd LDAPCon, Heidelberg, 10.-11.10.2011 Peter Gietz, Markus Widmer, DAASI International GmbH Peter.gietz@daasi.de Markus.widmer@daasi.de 1 (c) October 2011 DAASI

815 views • 52 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confidentiality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ application

1.31k views • 50 slides
Security and Authorization Chapter 21 Database Management Systems, 3ed, R. Ramakrishnan and J.

Security and Authorization Chapter 21 Database Management Systems, 3ed, R. Ramakrishnan and J.

Security and Authorization Chapter 21 Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke 1 Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed to. E.g., A student cant see

289 views • 8 slides
Relational Access Control with Bivalent Permissions in a Social Web/ Collaboration Architecture

Relational Access Control with Bivalent Permissions in a Social Web/ Collaboration Architecture

Relational Access Control with Bivalent Permissions in a Social Web/ Collaboration Architecture Todd Davies and Mike D. Mintz Symbolic Systems Program Stanford University http://deme.stanford.edu This paper is about access control. But we

267 views • 26 slides
Differentiated access control Differentiated access control to graph data to graph data

Differentiated access control Differentiated access control to graph data to graph data

Differentiated access control Differentiated access control to graph data to graph data Application to TinkerPop-compatible Application to TinkerPop-compatible graph databases graph databases Marc de Lignie Marc de Lignie Image courtesy:

596 views • 15 slides
IRODS Security Wayne Schroeder Data Intensive Cyber Environments Team (DICE) Institute for

IRODS Security Wayne Schroeder Data Intensive Cyber Environments Team (DICE) Institute for

IRODS Security Wayne Schroeder Data Intensive Cyber Environments Team (DICE) Institute for Neural Computation (INC), University of California San Diego irods.org, dice.unc.edu, diceresearch.org Outline General Comments What Guarding

210 views • 10 slides
Automated Analysis of Access Control Policies Alessandro Armando joint work with Silvio Ranise

Automated Analysis of Access Control Policies Alessandro Armando joint work with Silvio Ranise

Automated Analysis of Access Control Policies Alessandro Armando joint work with Silvio Ranise Artificial Intelligence Laboratory (AI-Lab) Security &amp; Trust Research Unit DIST, University of Genova FBK-IRST Genova Trento A. Armando (U.

879 views • 77 slides
CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco

CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco

CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching /fall2019/cs683/cs683_main.htm 1 Le Lecture 14 14 Access Control 2 Recall: Secu curity Service

943 views • 33 slides

More recommend