Journal Home > Volume 24 , Issue 5

The Android operating system provides a rich Inter-Component Communication (ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method is proposed to model and detect inter-component communication behavior in Android applications. Firstly, we generate data flow graphs and data facts for each component through component-level data flow analysis. Secondly, our approach treats ICC just like method calls. After analyzing the fields and data dependencies of the intent, we identify the ICC caller and callee, track the data flow between them, and construct the ICC model. Thirdly, the behavior model of Android applications is constructed by a formal mapping method for component data flow graph based on Pi calculus. The runtime sensitive path trigger detection algorithm is then given. Communication-based attacks are detected by analyzing intent abnormity. Finally, we analyze the modeling and detection efficiency, and compare it with relevant methods. Analysis of 57 real-world applications partly verifies the effectiveness of the proposed method.


menu
Abstract
Full text
Outline
About this article

Communication-Based Attacks Detection in Android Applications

Show Author's information Chuan MaTao Wang( )Limin Shen( )Dongkui LiangShuping ChenDianlong You
School of Information Science and Engineering, Yanshan University, the Key Laboratory for Computer Virtual Technology and System Integration of Hebei Province, Qinhuangdao 066004, China.
School of Business Administration, Hebei Normal University of Science and Technology, Qinhuangdao 066004, China.
Library of Yanshan University, Yanshan University, Qinhuangdao 066004, China.

Abstract

The Android operating system provides a rich Inter-Component Communication (ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method is proposed to model and detect inter-component communication behavior in Android applications. Firstly, we generate data flow graphs and data facts for each component through component-level data flow analysis. Secondly, our approach treats ICC just like method calls. After analyzing the fields and data dependencies of the intent, we identify the ICC caller and callee, track the data flow between them, and construct the ICC model. Thirdly, the behavior model of Android applications is constructed by a formal mapping method for component data flow graph based on Pi calculus. The runtime sensitive path trigger detection algorithm is then given. Communication-based attacks are detected by analyzing intent abnormity. Finally, we analyze the modeling and detection efficiency, and compare it with relevant methods. Analysis of 57 real-world applications partly verifies the effectiveness of the proposed method.

Keywords: Android, inter-component communication, intents, component hijacking, attack detection

References(28)

[1]
[2]
L. Davi, A. Dmitrienko, A. R. Sadeghi, and M. Winandy, Privilege escalation attacks on android, in Proc. 13th Int. Conf. Information Security, Boca Raton, FL, USA, 2010, pp. 346-360.
DOI
[3]
E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, Analyzing inter-application communication in android, in Proc. 9th Int. Conf. Mobile Systems, Applications, and Services, Bethesda, MD, USA, 2011, pp. 239-252.
DOI
[4]
A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin, Permission re-delegation: Attacks and defenses, in Proc. 20th USENIX Conf. Security, San Francisco, CA, USA, 2011, pp. 19-31.
[5]
Y. J. Zhou and X. X. Jiang, Detecting passive content leaks and pollution in android applications, in Proc. 20th Network and Distributed System Security Symp., San Diego, CA, USA, 2013, pp. 434-443.
[6]
L. Lu, Z. C. Li, Z. Y. Wu, W. Lee, and G. F. Jiang, CHEX: Statically vetting android apps for component hijacking vulnerabilities, in Proc. 2012 ACM Conf. Computer and Communications Security, Raleigh, NC, USA, 2012, pp. 229-240.
DOI
[7]
Z. R. Fang, W. L. Han, D. Li, Z. Q. Guo, D. H. Guo, X. S. Wang, Z. Y. Qian, and H. Chen, revDroid: Code analysis of the side effects after dynamic permission revocation of android apps, in Proc. 11th ACM on Asia Conf. Computer and Communications Security, Xi’an, China, 2016, pp.747-758.
DOI
[8]
Y. J. Hu and I. Neamtiu, Static detection of event-based races in android apps, in Proc. 23rd Int. Conf. Architectural Support for Programming Languages and Operating Systems, Williamsburg, VA, USA, 2018, pp. 257-270.
DOI
[9]
W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, A study of android application security, in Proc. 20th USENIX Conf. Security, San Francisco, CA, USA, 2011, pp. 64-80.
[10]
K. Fan, H. Li, W. Jiang, C. S. Xiao, and Y. T. Yang, Secure authentication protocol for mobile payment. Tsinghua Sci. Technol., vol. 23, no. 5, pp. 610-620, 2018.
[11]
S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bodden, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel, FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps, in Proc. 35th ACM SIGPLAN Conf. Programming Language Design and Implementation, vol. 49, no. 6, pp. 259-269, 2014.
DOI
[12]
C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein, Y. le Traon, D. Octeau, and P. McDaniel, Highly precise taint analysis for Android applications, Tech. Rep. Nr. TUD-CS-2013-0113, Technische Universitat Darmstadt, Darmstadt, Germany, 2013.
[13]
R. Vallée-Rai, E. Gagnon, L. Hendren, P. Lam, P. Pominville, and V. Sundaresan, Optimizing Java bytecode using the Soot framework: Is it feasible? in Proc. 9th Int. Conf. Compiler Construction, Berlin, Germany, 2000, pp. 18-34.
DOI
[14]
M. Sagiv, T. Reps, and S. Horwitz, Precise interprocedural dataflow analysis with applications to constant propagation, Theor. Comput. Sci., vol. 167, nos. 1&2, pp. 131-170, 1996.
[15]
T. Reps, S. Horwitz, and M. Sagiv, Precise interprocedural dataflow analysis via graph reachability, in Proc. 22nd ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, San Francisco, CA, USA, 1995, pp. 49-61.
DOI
[16]
D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. Le Traon, Effective inter-component communication mapping in Android with Epicc: An essential step towards holistic security analysis, in Proc. 22nd USENIX Conf. Security, Washington, DC, USA, 2013, pp. 543-558.
[17]
M. C. Grace, W. Zhou, X. X. Jiang, and A. R. Sadeghi, Unsafe exposure analysis of mobile in-app advertisements, in Proc. 5th ACM Conf. Security and Privacy in Wireless and Mobile Networks, Tucson, AZ, USA, 2012, pp. 101-112.
DOI
[18]
F. G. Wei, S. Roy, X. M. Ou, and Robby, Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps, in Proc. 2014 ACM SIGSAC Conf. Computer and Communications Security, Scottsdale, AZ, USA, 2014, pp. 1329-1341.
DOI
[19]
W. Enck, P. Gilbert, S. Han, V. Tendulkar, B. G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones, ACM Trans. Comput. Syst., vol. 32, no. 2, p. 5, 2014.
[20]
P. Gilbert, B. G. Chun, L. P. Cox, and J. Jung, Vision: Automated security validation of mobile apps at app markets, in Proc. 2nd Int. Workshop on Mobile Cloud Computing and Services, Bethesda, MD, USA, 2011, pp. 21-26.
DOI
[21]
C. Zheng, S. X. Zhu, S. F. Dai, G. F. Gu, X. R. Gong, X. H. Han, and W. Zou, SmartDroid: An automatic system for revealing UI-based trigger conditions in android applications, in Proc. 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, Raleigh, NC, USA, 2012, pp.93-104.
DOI
[22]
W. Klieber, L. Flynn, A. Bhosale, L. M. Jia, and L. Bauer, Android taint flow analysis for app sets, in Proc. 3rd ACM SIGPLAN Int. Workshop on the State of the Art in Java Program Analysis, Edinburgh, UK, 2014, pp. 1-6.
DOI
[23]
L. Wu, M. Grace, Y. J. Zhou, C. Wu, and X. X. Jiang, The impact of vendor customizations on android security, in Proc. 2013 ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany, 2013, pp. 623-634.
DOI
[24]
M. Zhang and H. Yin, AppSealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in android applications, in Proc. 21st Annu. Network and Distributed System Security Symp., San Diego, CA, USA, 2014, pp. 1-15.
DOI
[25]
H. Bagheri, A. Sadeghi, R. Jabbarvand, and S. Malek, Automated dynamic enforcement of synthesized security policies in Android, Tech. Rep. GMU-CS-TR-2015-5, George Mason University, Fairfax, VA, USA, 2015.
[26]
K. O. Elish, D. D. Yao, and B. G. Ryder, On the need of precise inter-app ICC classification for detecting android malware collusions, in Proc. IEEE Mobile Security Technologies, San Jose, CA, USA, 2015.
[27]
H. Bagheri, A. Sadeghi, J. Garcia, and S. Malek, COVERT: Compositional analysis of Android inter-app vulnerabilities, Tech. Rep. GMU-CS-TR-2015-1, George Mason University, Fairfax, VA, USA, 2015.
DOI
[28]
F. Nielson, H. R. Nielson, and C. Hankin, Principles of Program Analysis. Springer, 2015.
Publication history
Copyright
Acknowledgements
Rights and permissions

Publication history

Received: 17 October 2018
Accepted: 10 November 2018
Published: 29 April 2019
Issue date: October 2019

Copyright

© The author(s) 2019

Acknowledgements

Acknowledgements

This research was supported by the Hebei Provincial Natural Science Foundation (Nos. F2016203290 and F2017203307), the National Natural Science Foundation of China (No. 61772450), the Doctoral Foundation of Yanshan University (Nos. BL18011 and B906), the Hebei Normal University of Science and Technology Scientific Research Foundation (No. 2018YB019), the China Postdoctoral Science Foundation (No. 2018M631764), and the Hebei Province Science and Technology Planning Project (No. 17210701D).

Rights and permissions

Return