Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications

21st Annual Network and Distributed System Security Symposium, NDSS 2014

Volumn , Issue , 2014, Pages

  Poeplau, Sebastian ^a,b   Fratantonio, Yanick ^a   Bianchi, Antonio ^a   Kruegel, Christopher ^a   Vigna, Giovanni ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b UNIVERSITY OF BONN   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

ANDROID (OPERATING SYSTEM); ANDROID MALWARE; CODES (SYMBOLS); LOADING; VIRUSES;

ANDROID APPLICATIONS; ANDROID SYSTEMS; ANTI-VIRUS ENGINES; APPLICATION STORES; CODE-LOADING; EXTERNAL CODE; EXTERNAL SOURCES; INSTALLATION TIME; MALWARES; RUNTIMES;

STATIC ANALYSIS;

EID: 84961583949     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.14722/ndss/2014.23328     Document Type: Conference Paper

References (39)

1. “Android NDK.” [Online]. Available: http://developer.android.com/tools/sdk/ndk/index.html
2. “Security Enhancements in Android 4.2,” accessed July 2013. [Online]. Available: https://source.android.com/devices/tech/security/enhancements.html
3. “Android library statistics,” AppBrain, URL shortened to protect users of the vulnerable framework. [Online]. Available: http://www.appbrain.com/stats/libraries
4. iOS Security, Apple, October 2012. [Online]. Available: http://images.apple.com/iphone/business/docs/iOS_Security_Oct12.pdf
5. K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “Pscout: analyzing the android permission specification,” in Proceedings of the ACM Conference on Computer and Communications Security. ACM, 2012, pp. 217–228.
6. A. Bellissimo, J. Burgess, and K. Fu, “Secure software updates: disappointments and new challenges,” USENIX Hot Topics in Security, 2006.
7. J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer, “OpenPGP Message Format,” RFC 4880. [Online]. Available: http://tools.ietf.org/html/rfc4880#section-5.2
8. S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy, “Return-oriented programming without returns,” in Proceedings of the ACM Conference on Computer and Communications Security. ACM, 2010, pp. 559–572.
9. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, “Analyzing inter-application communication in Android,” in Proceedings of the International Conference on Mobile Systems, Applications, and Services. ACM, 2011, pp. 239–252.
10. R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck, “Efficiently computing static single assignment form and the control dependence graph,” ACM Transactions on Programming Languages and Systems, vol. 13, no. 4, pp. 451–490, 1991.
11. D. A. Dai Zovi, “Apple iOS 4 security evaluation,” Black Hat USA, 2011.
12. B. Davis, B. Sanders, A. Khodaverdian, and H. Chen, “I-arm-droid: A rewriting framework for in-app reference monitors for android applications,” Mobile Security Technologies, vol. 2012, 2012.
13. A. Desnos, “androguard – Reverse engineering, Malware and goodware analysis of Android applications . . . and more (ninja !).” [Online]. Available: http://code.google.com/p/androguard/
14. M. Egele, D. Brumley, Y. Fratantonio, and C. Kruegel, “An empirical study of cryptographic misuse in android applications,” in Proceedings of the ACM Conference on Computer and Communications Security. ACM, 2013, pp. 73–84.
15. S. Fahl, M. Harbach, T. Muders, M. Smith, L. Baumgärtner, and B. Freisleben, “Why Eve and Mallory love Android: An analysis of Android SSL (in) security,” in Proceedings of the ACM Conference on Computer and Communications Security. ACM, 2012, pp. 50–61.
16. “Google Play Developer Program Policies,” Google, Inc., accessed July 2013. [Online]. Available: https://play.google.com/about/developer-content-policy.html
17. M. Grace, Y. Zhou, Z. Wang, and X. Jiang, “Systematic detection of capability leaks in stock Android smartphones,” in Proceedings of the Network and Distributed System Security Symposium, 2012.
18. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, “Riskranker: scalable and accurate zero-day android malware detection,” in Proceedings of the International Conference on Mobile Systems, Applications, and Services. ACM, 2012, pp. 281–294.
19. M. C. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi, “Unsafe exposure analysis of mobile in-app advertisements,” in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 2012, pp. 101–112.
20. H. Hao, V. Singh, and W. Du, “On the effectiveness of API-level access control using bytecode rewriting in Android,” in Proceedings of the ACM SIGSAC Symposium on Information, Computer and Communications Security. ACM, 2013, pp. 25–36.
21. H. Lockheimer, “Android and security.” [Online]. Available: http://googlemobile.blogspot.com/2012/02/android-and-security.html
22. L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang, “Chex: statically vetting android apps for component hijacking vulnerabilities,” in Proceedings of the ACM Conference on Computer and Communications Security. ACM, 2012, pp. 229–240.
23. T. Luo, H. Hao, W. Du, Y. Wang, and H. Yin, “Attacks on WebView in the Android system,” in Proceedings of the Annual Computer Security Applications Conference. ACM, 2011, pp. 343–352.
24. McAfee Threats Report: First Quarter 2013, McAfee, 2013. [Online]. Available: http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2013.pdf
25. J. Oberheide and C. Miller, “Dissecting the android bouncer,” SummerCon New York, 2012.
26. J. Oberheide, “Android hax,” SummerCon New York, 2010.
27. N. J. Percoco and S. Schulte, “Adventures in bouncerland,” Black Hat USA, 2012.
28. N. Peter Loscocco, “Integrating flexible support for security policies into the Linux operating system,” in Proceedings of the FREENIX Track, USENIX Annual Technical Conference. The Association, 2001, p. 29.
29. D. Sehr, R. Muth, C. Biffle, V. Khimenko, E. Pasko, K. Schimpf, B. Yee, and B. Chen, “Adapting software fault isolation to contemporary cpu architectures.” in Proceedings of the USENIX Security Symposium, 2010, pp. 1–12.
30. H. Shacham, “The geometry of innocent flesh on the bone: Return-intolibc without function calls (on the x86),” in Proceedings of the ACM Conference on Computer and Communications Security. ACM, 2007, pp. 552–561.
31. S. Smalley, “Configuring the SELinux policy,” NAI Labs Rep, pp. 02–007, 2002.
32. S. Smalley and R. Craig, “Security Enhanced (SE) Android: Bringing Flexible MAC to Android,” in Proceedings of the Network and Distributed System Security Symposium, 2013.
33. S. Smalley, C. Vance, and W. Salamon, “Implementing SELinux as a Linux security module,” NAI Labs Report, vol. 1, p. 43, 2001.
34. T. Vidas, D. Votipka, and N. Christin, “All Your Droid Are Belong to Us: A Survey of Current Android Attacks.” in Proceedings of the USENIX Workshop on Offensive Technologies, 2011, pp. 81–90.
35. M. Weiser, “Program slicing,” in Proceedings of the International Conference on Software Engineering. IEEE Press, 1981, pp. 439–449.
36. B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar, “Native client: A sandbox for portable, untrusted x86 native code,” in Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 2009, pp. 79–93.
37. Y. Zhou and X. Jiang, “Dissecting android malware: Characterization and evolution,” in Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 2012, pp. 95–109.
38. Y. Zhou and X. Jiang, “Detecting passive content leaks and pollution in android applications,” in Proceedings of the Network and Distributed System Security Symposium, 2013.
39. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, “Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets,” in Proceedings of the Network and Distributed System Security Symposium, 2012.