static analysis for extracting permission checks of a
play

Static Analysis for Extracting Permission Checks of a Large Scale - PowerPoint PPT Presentation

Nov 17, 2022 •206 likes •992 views

Android Framework Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android Alexandre Bartel University of Luxembourg September 8, 2014 Supervisor: Yves Le Traon Advisors:

  1. Android Framework Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android Alexandre Bartel University of Luxembourg September 8, 2014 Supervisor: Yves Le Traon Advisors: Jacques Klein & Martin Monperrus Alexandre Bartel Static Analysis of Permission-Based Systems 1 / 22

  2. Android Framework Static Analysis of a Permission-Based Security System Application Alexandre Bartel Static Analysis of Permission-Based Systems 2 / 22

  3. Android Framework Static Analysis of a Permission-Based Security System s The application 2 3 4 declares permissions Application p 1 and p 2 5 Alexandre Bartel Static Analysis of Permission-Based Systems 2 / 22

  4. Android Framework Static Analysis of a Permission-Based Security System s The application 2 3 4 declares permissions Application p 1 and p 2 5 e 1 e 2 e 3 Alexandre Bartel Static Analysis of Permission-Based Systems 2 / 22

  5. Android Framework Static Analysis of a Permission-Based Security System s The application 2 3 4 declares permissions Application p 1 and p 2 5 e 1 e 2 e 3 e 4 Framework Alexandre Bartel Static Analysis of Permission-Based Systems 2 / 22

  6. Android Framework Static Analysis of a Permission-Based Security System s The application 2 3 4 declares permissions Application p 1 and p 2 5 e 1 e 2 e 3 e 4 f 1 f 2 f 3 f 8 Framework f 4 f 5 f 9 f 6 Alexandre Bartel Static Analysis of Permission-Based Systems 2 / 22

  7. Android Framework Static Analysis of a Permission-Based Security System s The application 2 3 4 declares permissions Application p 1 and p 2 5 e 1 e 2 e 3 e 4 f 1 f 2 f 3 f 8 Framework ck 2 f 4 f 5 f 9 f 6 ck 1 Alexandre Bartel Static Analysis of Permission-Based Systems 2 / 22

  8. Android Framework Static Analysis of a Permission-Based Security System s The application 2 3 4 declares permissions Application p 1 and p 2 5 e 1 e 2 e 3 e 4 p 3 f 1 f 2 f 3 f 8 Framework p 2 ck 2 f 4 f 5 f 9 p 1 f 6 ck 1 Alexandre Bartel Static Analysis of Permission-Based Systems 2 / 22

  9. Android Framework Static Analysis of a Permission-Based Security System ( e 1 e 2 e 3 e 4 ) Application 1 1 1 0 e 1 e 2 e 3 e 4 p 3 f 1 f 2 f 3 f 8 Framework p 2 ck 2 f 4 f 5 f 9 p 1 f 6 ck 1 Alexandre Bartel Static Analysis of Permission-Based Systems 2 / 22

  10. Android Framework Static Analysis of a Permission-Based Security System ( e 1 e 2 e 3 e 4 ) Application 1 1 1 0 p 1 p 2 p 3  1 0 0  e 1 e 2 1 0 0 Framework     0 0 0 e 3   e 4 0 1 0 Alexandre Bartel Static Analysis of Permission-Based Systems 2 / 22

  11. Android Framework Methodology to Compute Permission Set (Step 1/3) Step 1: Extract Framework Permission Matrix p 1 p 2 p 3  1 0 0  e 1 1 0 0 e 2   M =   e 3 0 0 0   0 1 0 e 4 This step is only done once (for a given framework). Alexandre Bartel Static Analysis of Permission-Based Systems 3 / 22

  12. Android Framework Methodology to Compute Permission Set (Step 2/3) Step 2: Extract Application Access Vector ( e 1 e 2 e 3 e 4 ) AV app = 1 1 1 0 This step is done for every application . Alexandre Bartel Static Analysis of Permission-Based Systems 4 / 22

  13. Android Framework Methodology to Compute Permission Set (Step 3/3) Step 3: Infer Permission Set of the Application  1 0 0  1 0 0   ( ) IP app = 1 1 1 0 ·   0 0 0   0 1 0 ( ) IP app = 1 0 0 This step is done for every application . Alexandre Bartel Static Analysis of Permission-Based Systems 5 / 22

  14. Android Framework Android Framework Call Graph Construction e 1 e 2 e 3 e 4 p 3 f 1 f 2 f 3 f 8 Framework p 2 f 4 f 5 f 9 ck 2 p 1 ck 1 f 6 Alexandre Bartel Static Analysis of Permission-Based Systems 6 / 22

  15. Android Framework Android Framework Call Graph Construction e 1 e 2 e 3 e 4 p 3 f 1 f 2 f 3 f 8 Framework p 2 f 4 f 5 f 9 ck 2 p 1 ck 1 f 6 Alexandre Bartel Static Analysis of Permission-Based Systems 6 / 22

  16. Android Framework Android Framework Call Graph Construction e 1 e 2 e 3 e 4 p 3 f 1 f 2 f 3 f 8 Framework p 2 f 4 f 5 f 9 ck 2 p 1 ck 1 f 6 Alexandre Bartel Static Analysis of Permission-Based Systems 6 / 22

  17. Android Framework Android Framework Call Graph Construction e 1 e 2 e 3 e 4 p 3 f 1 f 2 f 3 f 8 Framework p 2 f 4 f 5 f 9 ck 2 p 1 ck 1 f 6 Alexandre Bartel Static Analysis of Permission-Based Systems 6 / 22

  18. Android Framework Android Framework Call Graph Construction e 1 e 2 e 3 e 4 p 3 f 1 f 2 f 3 f 8 Framework p 2 f 4 f 5 f 9 ck 2 p 1 ck 1 f 6 Alexandre Bartel Static Analysis of Permission-Based Systems 6 / 22

  19. Android Framework Call Graph Construction Techniques for Java ▶ Not precise: CHA (based on class hierarchy) ▶ CHA essential (1/4) ▶ CHA intelligent (2/4) ▶ Field sensitive: Spark ▶ Spark naive (3/4) ▶ Spark intelligent (4/4) Alexandre Bartel Static Analysis of Permission-Based Systems 7 / 22

  20. Android Framework CHA Essential (1/4) Alexandre Bartel Static Analysis of Permission-Based Systems 8 / 22

  21. Android Framework CHA Essential (1/4) ▶ Uses CHA algorithm for call graph Alexandre Bartel Static Analysis of Permission-Based Systems 8 / 22

  22. Android Framework CHA Essential (1/4) ▶ Uses CHA algorithm for call graph ▶ Locates check methods in the call graph Alexandre Bartel Static Analysis of Permission-Based Systems 8 / 22

  23. Android Framework CHA Essential (1/4) ▶ Uses CHA algorithm for call graph ▶ Locates check methods in the call graph ▶ Extracts names of checked permissions Alexandre Bartel Static Analysis of Permission-Based Systems 8 / 22

  24. Android Framework CHA Essential (1/4) ▶ Uses CHA algorithm for call graph ▶ Locates check methods in the call graph ▶ Extracts names of checked permissions Permission Set # entry points with 0 permissions 31,791 (64%) with 1 permissions 1 ( < 0.01%) with 105 permissions 18,237 (36%) 50,029 (100%) Alexandre Bartel Static Analysis of Permission-Based Systems 8 / 22

  25. Android Framework CHA Essential (1/4) ▶ Uses CHA algorithm for call graph ▶ Locates check methods in the call graph ▶ Extracts names of checked permissions Permission Set # entry points with 0 permissions 31,791 (64%) with 1 permissions 1 ( < 0.01%) with 105 permissions 18,237 (36%) 50,029 (100%) ▶ Why explosion of permission set size? Alexandre Bartel Static Analysis of Permission-Based Systems 8 / 22

  26. Android Framework CHA Essential (1/4) ▶ Uses CHA algorithm for call graph ▶ Locates check methods in the call graph ▶ Extracts names of checked permissions Permission Set # entry points with 0 permissions 31,791 (64%) with 1 permissions 1 ( < 0.01%) with 105 permissions 18,237 (36%) 50,029 (100%) ▶ Why explosion of permission set size? ▶ Call graph goes through binder code Alexandre Bartel Static Analysis of Permission-Based Systems 8 / 22

  27. Android Framework CHA Essential (1/4): The Real World System with Multiple Software Layers (source: Gargenta, 2012) Alexandre Bartel Static Analysis of Permission-Based Systems 9 / 22

  28. Android Framework CHA Essential (1/4): The Reason of the Explosion S 1 m 1 p 0 S 1 m 2 p 0 S 1 m 3 p 1 S 1 m 4 − S 1 m 5 p 2 S 1 m 6 p 0 S 1 S 2 m 1 p 3 . . . Api S 1 . 1 S 3 m 1 p 6 . . S g . S h S i . . . . . . Binder Services Services API target transact onTransact methods method methods methods Alexandre Bartel Static Analysis of Permission-Based Systems 10 / 22

  29. Android Framework CHA Intelligent (2/4) Alexandre Bartel Static Analysis of Permission-Based Systems 11 / 22

  30. Android Framework CHA Intelligent (2/4) ▶ Uses CHA algorithm for call graph Alexandre Bartel Static Analysis of Permission-Based Systems 11 / 22

  31. Android Framework CHA Intelligent (2/4) ▶ Uses CHA algorithm for call graph ▶ Finds check methods in the call graph Alexandre Bartel Static Analysis of Permission-Based Systems 11 / 22

  32. Android Framework CHA Intelligent (2/4) ▶ Uses CHA algorithm for call graph ▶ Finds check methods in the call graph ▶ Extracts names of checked permissions Alexandre Bartel Static Analysis of Permission-Based Systems 11 / 22

  33. Android Framework CHA Intelligent (2/4) ▶ Uses CHA algorithm for call graph ▶ Finds check methods in the call graph ▶ Extracts names of checked permissions ▶ Handles system service communication through the ”Binder” Alexandre Bartel Static Analysis of Permission-Based Systems 11 / 22

  34. Android Framework CHA Intelligent (2/4): Handling Binder Account System Service Application Code getPassword() { Service Call checkPermission(); r = getSystemService() return password; } p = r.getPassword() Binder (Linux module) Alexandre Bartel Static Analysis of Permission-Based Systems 12 / 22

  35. Android Framework CHA Intelligent (2/4): Handling Binder Account System Service Application Code getPassword() { Service Call checkPermission(); r = getSystemService() return password; 1 } p = r.getPassword() Binder (Linux module) Alexandre Bartel Static Analysis of Permission-Based Systems 12 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Program Analysis Program Analysis Extracting information, in order to present Extracting

Program Analysis Program Analysis Extracting information, in order to present Extracting

Program Analysis Program Analysis Extracting information, in order to present Extracting static and dynamic information from a software system abstractions of, or answer questions about, a software system Static Analysis: Examines the

201 views • 6 slides
Program Analysis Extracting static and dynamic information from a software system Program

Program Analysis Extracting static and dynamic information from a software system Program

Program Analysis Extracting static and dynamic information from a software system Program Analysis Extracting information, in order to present abstractions of, or answer questions about, a software system Static Analysis: Examines the

754 views • 32 slides
Extracting a Data Flow Analyser in Constructive Logic David Cachera, Thomas Jensen, David

Extracting a Data Flow Analyser in Constructive Logic David Cachera, Thomas Jensen, David

Extracting a Data Flow Analyser in Constructive Logic David Cachera, Thomas Jensen, David Pichardie and Vlad Rusu APPSEM04, Tallinn Static program analysis The goals of static program analysis To prove properties about the run-time

966 views • 51 slides
Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting insights at compile time Full branch coverage Terminates Doesnt rely on a test suite Types are static analysis. Lets talk about

784 views • 39 slides
Hardware Supported Permission Checks On Persistent Objects for Performance and Programmability

Hardware Supported Permission Checks On Persistent Objects for Performance and Programmability

Hardware Supported Permission Checks On Persistent Objects for Performance and Programmability Tiancong Wang, Sakthikumaran Sambasivam, James Tuck twang14@ncsu.edu or jtuck@ncsu.edu 1 NVM Programming 2 NVM Programming

1.67k views • 98 slides
Solar-Cell Measurements: Extracting Information and Avoiding Pitfalls Jim Sites, Physics

Solar-Cell Measurements: Extracting Information and Avoiding Pitfalls Jim Sites, Physics

Solar-Cell Measurements: Extracting Information and Avoiding Pitfalls Jim Sites, Physics Department Colorado State University (1) Current-voltage (J-V) curves (2) Current-voltage analysis Visual messages and reality checks (3) Diode

823 views • 43 slides
Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ? Basic analysis ! Example : Flow analysis ! Increasing precision ! Context -, flow -, and path sensitivity Scaling it up !

527 views • 27 slides
1 Analysis Information Where Do Facts Hold? How much information depends on the client

1 Analysis Information Where Do Facts Hold? How much information depends on the client

711? CS711 Advanced Programming Languages Topics in Program Analysis Radu Rugina Fall 2005 CS711 Overview 2 Program Analysis Static vs. Dynamic Static analysis: inspect programs at compile-time Static analysis: Work done at

282 views • 4 slides
A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical problem and how to ignore it An example static analysis What is static analysis used for? Commercial successes Free static analysis tools you should

488 views • 37 slides
Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Interesting Questions Interesting Questions Is every statement reachable? Does every non- void method return a value? Compilation 2007 Compilation 2007 Will local variables definitely be assigned before Static Analysis Static

169 views • 13 slides
Lexical analysis Lexical analysis Lexical analysis checks the correctness of program words and

Lexical analysis Lexical analysis Lexical analysis checks the correctness of program words and

Lexical analysis Lexical analysis Lexical analysis checks the correctness of program words and transforms a program to the stream of tokens: removes empty symbols and commentaries; identifies keywords, indentifiers and literal

400 views • 37 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

I NTELLI D ROID A Targeted Input Generator for the Dynamic Analysis of Android Malware Michelle Y. Wong and David Lie University of Toronto Department of Electrical and Computer Engineering NDSS Symposium 2016 ! ! ! B ACKGROUND Static vs.

1.02k views • 32 slides
Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that

Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that

Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that Martin Steffen IfI UiO Spring 2014 Plan approx. 15 lectures, details see web-page flexible time-schedule, depending on progress/interest

2.15k views • 194 slides
CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu February 1, 2017 Static Analysis Static Analysis is the process of documenting your observations about what identifying characteristics a

575 views • 8 slides
Static and dynamic verification Software inspections Concerned with analysis of the

Static and dynamic verification Software inspections Concerned with analysis of the

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis

310 views • 12 slides
Gaining Insights into Multicore Cache Partitioning: Bridging the Gap between Simulation and Real

Gaining Insights into Multicore Cache Partitioning: Bridging the Gap between Simulation and Real

Gaining Insights into Multicore Cache Partitioning: Bridging the Gap between Simulation and Real Systems 1 Presented by Hadeel Alabandi 2/18/2014 Introduction and Motivation 2 A serious issue to the effective utilization of multicore

328 views • 22 slides
Finish the Sorting Intro Work on Spellchecker Project Mini-project is due at the beginning of

Finish the Sorting Intro Work on Spellchecker Project Mini-project is due at the beginning of

Finish the Sorting Intro Work on Spellchecker Project Mini-project is due at the beginning of Day 30 class (no late days) (no late days), so ready for presentation , so ready for presentation There will be time in class to work with

630 views • 19 slides
Evidence-Based Practices to Improve Oral Health in the S BHC S etting 2016-2017 S BHC

Evidence-Based Practices to Improve Oral Health in the S BHC S etting 2016-2017 S BHC

Evidence-Based Practices to Improve Oral Health in the S BHC S etting 2016-2017 S BHC Performance Measures Webinar Training S eries Disclosure Statement: No financial relationships to disclose Maureen Daly, MD, MPH Anne Gibbs, RDH Gail

386 views • 37 slides
Budgeting for Outcomes The Practical Application Benjamin Hart Vice President, Assurance

Budgeting for Outcomes The Practical Application Benjamin Hart Vice President, Assurance

Budgeting for Outcomes The Practical Application Benjamin Hart Vice President, Assurance Services December 2, 2014 The webinar will begin at 10:00 a.m. CST Administration If you need CPE credit, please participate in all polls throughout the

716 views • 71 slides
Disclosures Tenodesis Screw Fixation of Tendon Graft for Scapholunate Dissociation: None

Disclosures Tenodesis Screw Fixation of Tendon Graft for Scapholunate Dissociation: None

5/10/2013 Disclosures Tenodesis Screw Fixation of Tendon Graft for Scapholunate Dissociation: None Biomechanical Analysis of a New Surgical Technique Jun Y. Matsui, M.D. Safa Herfat, Ph.D. Lisa Lattanza, M.D. UCSF Orthopaedic Surgery

323 views • 5 slides
Bridging the Gap between Smart Home Platforms and Machine Learning using Relational Reference

Bridging the Gap between Smart Home Platforms and Machine Learning using Relational Reference

Ren Schne, Johannes Mey, Boqi Ren and Uwe Amann Bridging the Gap between Smart Home Platforms and Machine Learning using Relational Reference Attribute Grammars Models@run.time 2019 September 17, 2019 Context and Goal

631 views • 32 slides
High-Q 3D Photonic Bandgap Cavities for Axion Detection LLNL Axion n Cavit ity Worksho hop p

High-Q 3D Photonic Bandgap Cavities for Axion Detection LLNL Axion n Cavit ity Worksho hop p

High-Q 3D Photonic Bandgap Cavities for Axion Detection LLNL Axion n Cavit ity Worksho hop p 2018 18 Ankur ur Agrawa wal, Akash Dixit, Aaron Chou, David I. Schuster The University of Chicago Outline Introduction to Photonic Band-gap

406 views • 9 slides
Trademark Law TM remedies: key concepts Injunctions and other equitable relief: Prof. Madison

Trademark Law TM remedies: key concepts Injunctions and other equitable relief: Prof. Madison

Trademark Law TM remedies: key concepts Injunctions and other equitable relief: Prof. Madison general equitable principles apply Damages? Defts profits (unjust Key concepts from Class 22: enrichment) and/or harm to the Legal rules

174 views • 4 slides

More recommend