going native using a large scale analysis of android apps
play

Going Native: Using a Large-Scale Analysis of Android Apps to Create - PowerPoint PPT Presentation

Oct 22, 2022 •175 likes •524 views

Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy Vitor Monte Afonso 1 , Antonio Bianchi 2

  1. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy Vitor Monte Afonso 1 , Antonio Bianchi 2 , Yanick Fratantonio 2 , Adam Doup´ e 3 , Mario Polino 4 , ıcio de Geus 1 , Christopher Kruegel 2 , Paulo L´ and Giovanni Vigna 2 1 University of Campinas 2 UC Santa Barbara 3 Arizona State University 4 Politecnico di Milano NDSS 2016 1/32

  2. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Introduction 2/32

  3. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Introduction 3/32

  4. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Introduction 4/32

  5. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Introduction 5/32

  6. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Introduction 6/32

  7. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Introduction Most analysis tools miss these attacks 7/32

  8. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Introduction - Sandboxing 8/32

  9. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Introduction Motivation Lack of data regarding native code usage No research on how to generate a general, practical and useful policy to enforce 9/32

  10. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Introduction Motivation Lack of data regarding native code usage No research on how to generate a general, practical and useful policy to enforce Large-scale analysis How many apps actually use native code? What is the behavior of native code? What permissions do native code use? How does native code interact with the app and the framework? Which shared libraries are used in native code? 9/32

  11. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Background Native code Executable file Exec methods (Runtime.exec or ProcessBuilder.start) Shared library (.so) Load methods (e.g., System.loadLibrary) Native methods Native activity 10/32

  12. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Applications Used Dataset 1,208,476 distinct free apps Crawled from Google Play - May 2012 and August 2014 Static prefiltering Filtered apps that have the potential to use native code Native method: Java method with “native” modifier Native activity: declared in manifest or class that extends NativeActivity Call to Exec or Load methods ELF file inside APK 37.0% (446,562) have the potential to use native code 11/32

  13. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Dynamic Analysis Information to track System calls of native code Interactions of native code with other components 12/32

  14. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Dynamic Analysis Our system App’s system calls traced with strace Instrumented libraries Flag third-party libraries (based on file path) Record all transitions between Java and app’s native code Post-processing - separate behavior of app’s native code 13/32

  15. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Research Question How many apps actually use native code? 14/32

  16. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Dynamic Analysis 33.6% (149,949) of dynamically analyzed apps executed native code 12.4% of all apps in our dataset - other work identified around 5% It’s only a lower bound: it could be more Apps Type 72,768 Native method 19,164 Native activity 132,843 Load library Call executable file (27,599 standard, 27,701 148 custom and 46 both) 149,949 At least one of the above 15/32

  17. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Native Code Not Reached Small experiment Manual analysis 20 random apps Static analysis 40% (8) deadcode - native code unreachable from Java code Other apps were very complex Dynamically analyzed those and interacted manually Still did not reach native code Why deadcode Third-party libraries - include a lot of code but only part of it is used 16/32

  18. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Research Question What is the behavior of native code? 17/32

  19. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Native Code Behavior - Overview Common actions in shared libraries 94.2% (125,192) of apps that used custom shared libs only performed subset of common actions Such as memory management system calls, calling JNI functions, writing log messages and creating directories Other actions in shared libs and custom executable files Most common are: ioctl calls, writing file in app’s directory, operations on sockets Standard executable files Most common are: read system information, write file in app’s dir or sdcard, read logcat 18/32

  20. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Research Question What permissions do native code use? 19/32

  21. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Top 5 Permissions Used in Native Code Apps Permission Description Open network socket or call method 1,818 INTERNET java.net.URL.openConnection 1,211 WRITE EXTERNAL STORAGE Write files to the sdcard 1,211 READ EXTERNAL STORAGE Read files from the sdcard Call methods getSubscriberId , getDeviceSoftwareVersion , getSimSerialNumber or getDeviceId from class 132 READ PHONE STATE android.telephony.TelephonyManager or Binder transaction to call com.android.internal.telephony .IPhoneSubInfo.getDeviceId Call method android.net. 79 ACCESS NETWORK STATE ConnectivityManager.getNetworkInfo 20/32

  22. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Research Question How does native code interact with the app and the framework? 21/32

  23. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations JNI Calls How native code interact with the app and the framework Most common groups of JNI calls used Apps Description 94,543 Get class or method identifier and class reference 71,470 Get or destroy JavaVM, and Get JNIEnv 53,219 Manipulation of String objects ... ... 35,231 Call Java method (in app or framework) Most common groups of methods from the Android framework called Apps Description Get path to the Android 7,423 package associated with the context of the caller 6,896 Get class name 5,499 Manipulate data structures 4,082 Methods related to cryptography 22/32

  24. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Research Question Which shared libraries are used in native code? 23/32

  25. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Most Used Shared Libraries Most used standard libraries Apps Name Description 24,942 libjnigraphics.so Manipulate Java bitmap objects 2,646 libOpenSLES.so Audio input and output 2,645 libwilhelm.so Multimedia output and audio input 349 libpixelflinger.so Graphics rendering 347 libGLES android.so Graphics rendering Most used custom libraries Apps Name Description 19,158 libopenal.so Rendering audio 17,343 libCore.so Used by Adobe AIR 16,450 libmain.so Common name 13,556 libstlport shared.so C++ standard libraries Part of the Corona SDK, a development 11,486 libcorona.so platform for mobile apps 24/32

  26. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Sandboxing Now we can create the rules 25/32

  27. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Security Policy Goal Reduce attack surface available for native code Generate security policy from data obtained Trade-off Why not allowing everything? Overlap between benign and malicious behavior Tunable threshold: we selected 99% 26/32

  28. Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Security Policy Modes of operation Reporting or enforcing Not implemented Process - system call policy Normalize arguments of system calls (e.g., file paths are replaced by “USER-PATH” or “SYS-PATH”) Iterate over syscalls Select the one used by most apps Repeat until allow certain percentage of apps to run 27/32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Going Na)ve: Using a Large-Scale Analysis of Android Apps to Create a Prac)cal Na)ve-Code

Going Na)ve: Using a Large-Scale Analysis of Android Apps to Create a Prac)cal Na)ve-Code

Going Na)ve: Using a Large-Scale Analysis of Android Apps to Create a Prac)cal Na)ve-Code Sandboxing Policy Vitor Afonso, Antonio Bianchi, Yanick Fratantonio, Adam Doupe, Mario Polino, Paulo de Geus , Christopher Kruegel, and Giovanni Vigna

557 views • 30 slides
Xamarin.Forms: Native iOS, Android, and Windows Phone apps from ONE C# Codebase James Montemagno

Xamarin.Forms: Native iOS, Android, and Windows Phone apps from ONE C# Codebase James Montemagno

Xamarin.Forms: Native iOS, Android, and Windows Phone apps from ONE C# Codebase James Montemagno Xamarin, Developer Evangelist @JamesMontemagno | @XamarinHQ Create native iOS, Android, Mac and Automatically test your app on Windows apps in

948 views • 32 slides
One Project. One Language. Three Apps. TJ VanToll (@tjvantoll) iOS Web Android Agenda

One Project. One Language. Three Apps. TJ VanToll (@tjvantoll) iOS Web Android Agenda

One Project. One Language. Three Apps. TJ VanToll (@tjvantoll) iOS Web Android Agenda Background (~15 minutes) Demos (~25 minutes) Web vs. Native Web vs. Native Native Benefit: User behavior Apps account for over 90% of internet

338 views • 31 slides
PUMA: Programmable UI Automation for Large-Scale Dynamic Analysis of Mobile Apps Shuai Hao, Bin

PUMA: Programmable UI Automation for Large-Scale Dynamic Analysis of Mobile Apps Shuai Hao, Bin

PUMA: Programmable UI Automation for Large-Scale Dynamic Analysis of Mobile Apps Shuai Hao, Bin Liu, Suman Nath, William G.J. Halfond, Ramesh Govindan 2 Mobile App Explosion 1.2 million 1,200,000 1,000,000 Number of Apps 800,000 600,000

638 views • 42 slides
Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And

Android Framework Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android Alexandre Bartel University of Luxembourg September 8, 2014 Supervisor: Yves Le Traon Advisors:

992 views • 77 slides
S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in

S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in

S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps David Sounthiraraj Justin Sahs Garret Greenwood Zhiqiang Lin Latifur Khan University of Texas at Dallas February 26, 2014

671 views • 40 slides
DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Yan Heng Yin August 10, 2012 1 Android Java Components System Services Native Components Apps 2 Android Java Components

631 views • 33 slides
iOS, Android a Windows 10 Easy and Fast Vojt ch Mdr Is Xamarin Native? Try Sunshine!

iOS, Android a Windows 10 Easy and Fast Vojt ch Mdr Is Xamarin Native? Try Sunshine!

iOS, Android a Windows 10 Easy and Fast Vojt ch Mdr Is Xamarin Native? Try Sunshine! https://github.com/madrvojt/Sunshine-Xamarin https://rink.hockeyapp.net/apps/b632892031c04a5cb7aecc6452a0b1e4 Common core technique Android iOS Windows

363 views • 9 slides
in native apps allen pike steamclock software build delightful apps. embed a javascript

in native apps allen pike steamclock software build delightful apps. embed a javascript

in native apps allen pike steamclock software build delightful apps. embed a javascript runtime. embrace our platforms. enable tinkering. render native opengl. mix javascript and native. share javascript in native apps. build

664 views • 63 slides
Large-Scale Web Applications Mendel Rosenblum CS142 Lecture Notes - Large-Scale Web Apps Web

Large-Scale Web Applications Mendel Rosenblum CS142 Lecture Notes - Large-Scale Web Apps Web

Large-Scale Web Applications Mendel Rosenblum CS142 Lecture Notes - Large-Scale Web Apps Web Application Architecture Web Server / Storage System Application server Web Browser HTTP LAN Internet CS142 Lecture Notes - Intro 2

228 views • 20 slides
Build beautiful native apps in record time with flutter Eduardo Telaya - CTO / Software

Build beautiful native apps in record time with flutter Eduardo Telaya - CTO / Software

Build beautiful native apps in record time with flutter Eduardo Telaya - CTO / Software Architect / Drupal Developer Agenda Context about Apps Native apps Web apps Hybrid apps Whats flutter? Whos

2.59k views • 42 slides
(Android) https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

(Android) https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

(Android) https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 (iPhone) https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8 (Android)

365 views • 13 slides
Building Beautiful Apps Ahmed Abu Eldahab GDE Flutuer & Daru @dahabdev Tell me about you?

Building Beautiful Apps Ahmed Abu Eldahab GDE Flutuer & Daru @dahabdev Tell me about you?

Building Beautiful Apps Ahmed Abu Eldahab GDE Flutuer & Daru @dahabdev Tell me about you? Developers , Designers , Mac , Linux , Windows , Web , Mobile , Android , ios ? @dahabdev Agenda Context about Apps Native apps

693 views • 53 slides
Software Engineering Large Practical Debugging and Testing Android apps Stephen Gilmore School

Software Engineering Large Practical Debugging and Testing Android apps Stephen Gilmore School

Software Engineering Large Practical Debugging and Testing Android apps Stephen Gilmore School of Informatics, University of Edinburgh November 13th, 2013 Stephen Gilmore Software Engineering Large Practical News This is the last SELP

639 views • 30 slides
Android Customization: From the Kernel to the Apps Hi, I am Cdric, I work for Genymobile as a

Android Customization: From the Kernel to the Apps Hi, I am Cdric, I work for Genymobile as a

Android Customization: From the Kernel to the Apps Hi, I am Cdric, I work for Genymobile as a System Engineer Genymobile is a company specialized in Android. We are based in France (Paris and Lyon) and SF. We develop and customize android

514 views • 40 slides
in Android apps Shin Hwei Zhen Xiang Abhik Tan Dong Gao Roychoudhury 2 Prevalence of

in Android apps Shin Hwei Zhen Xiang Abhik Tan Dong Gao Roychoudhury 2 Prevalence of

Repairing crashes in Android apps Shin Hwei Zhen Xiang Abhik Tan Dong Gao Roychoudhury 2 Prevalence of Mobile Apps App Store Google Play Launched with 500 apps. 3.5 millions apps By July 17, 10 millions available for download apps

518 views • 22 slides
Local bus service provision in the Vale of Glamorgan Kyle Phillips Passenger Transport Manager

Local bus service provision in the Vale of Glamorgan Kyle Phillips Passenger Transport Manager

Local bus service provision in the Vale of Glamorgan Kyle Phillips Passenger Transport Manager Outline Commercial services Supported services Services no longer available Greenlinks Other services Funding Challenges

461 views • 12 slides
African swine fever NAT Commission, CoR 17 June 2019, Brussels Andrea Gavinelli, Head of Unit G3

African swine fever NAT Commission, CoR 17 June 2019, Brussels Andrea Gavinelli, Head of Unit G3

African swine fever NAT Commission, CoR 17 June 2019, Brussels Andrea Gavinelli, Head of Unit G3 Official controls and eradication of diseases in animals Directorate G - Crisis management in food, animals and plants DG for Health and Food

276 views • 4 slides
NatMEG The Swedish National Facility for Magnetoencephalography NatMEG Project Proposal <YOUR

NatMEG The Swedish National Facility for Magnetoencephalography NatMEG Project Proposal <YOUR

NatMEG The Swedish National Facility for Magnetoencephalography NatMEG Project Proposal <YOUR PROJECT NAME HERE> NatMEG - Project Proposal Template (Version 1.0) Background Literature search Research question Operationalized test

178 views • 17 slides
SPATIO-TEMPORAL VERACITY ASSESSMENT JOANA GONZALES MALAVERRI (LAHDAK) FATIHA SAS (LAHDAK)

SPATIO-TEMPORAL VERACITY ASSESSMENT JOANA GONZALES MALAVERRI (LAHDAK) FATIHA SAS (LAHDAK)

SPATIO-TEMPORAL VERACITY ASSESSMENT JOANA GONZALES MALAVERRI (LAHDAK) FATIHA SAS (LAHDAK) GIANLUCA QUERCINI (MODHEL) LABORATOIRE DE RECHERCHE EN INFORMATIQUE (LRI) {MALAVERRI, FATIHA.SAIS,GIANLUCA.QUERCINI}@LRI.FR JOURNEE ROD MOTIVATION

765 views • 35 slides
Native American Heritage Commission Consultation Policy and Guidelines Native American Heritage

Native American Heritage Commission Consultation Policy and Guidelines Native American Heritage

Native American Heritage Commission Consultation Policy and Guidelines Native American Heritage Commission Roles and Responsibilities Under state law, as state trustee, it is the role and responsibility of the Native American Heritage

203 views • 9 slides
Low-Impact Development Code Update: UGAs PUBLIC HEARING Thurston County Planning Commission

Low-Impact Development Code Update: UGAs PUBLIC HEARING Thurston County Planning Commission

Low-Impact Development Code Update: UGAs PUBLIC HEARING Thurston County Planning Commission August 17, 2016 Allison Osterberg, Senior Planner Resource Stewardship Department What is LID? Ecology definition: Low-impact development (LID)

521 views • 13 slides
Project Plan Volunteer Tracking App The Capstone Experience Team SpartanNash Denis Andreev

Project Plan Volunteer Tracking App The Capstone Experience Team SpartanNash Denis Andreev

Project Plan Volunteer Tracking App The Capstone Experience Team SpartanNash Denis Andreev Aleksandar Bonev Antonino Candela Tianyi Li Abbott Wang Department of Computer Science and Engineering Michigan State University From Students

220 views • 10 slides
Measuring the performance improvements as you parallelize and optimize your software 0.25 s -O2

Measuring the performance improvements as you parallelize and optimize your software 0.25 s -O2

Measuring the performance improvements as you parallelize and optimize your software 0.25 s -O2 -march=native -mtune=native -ftree-vectorize 0.27 s -O2 -march=native -mtune=native -ftree-vectorize Multiplication of 0.359 s 0.7x -O2

220 views • 10 slides

More recommend