Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenAPEFS and Information-flow Analysis forPrivacy in AndroidD...
APEFS and Information-flow Analysis for Privacy in Android 2Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sieg...
APEFS and Information-flow Analysis for Privacy in Android 3Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sieg...
APEFS and Information-flow Analysis for Privacy in Android 4Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sieg...
APEFS and Information-flow Analysis for Privacy in Android 5Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sieg...
APEFS and Information-flow Analysis for Privacy in Android 6Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sieg...
APEFS and Information-flow Analysis for Privacy in Android 7Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sieg...
APEFS and Information-flow Analysis for Privacy in Android 8Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sieg...
APEFS and Information-flow Analysis for Privacy in Android 9Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sieg...
APEFS and Information-flow Analysis for Privacy in Android 10Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 11Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 12Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 13Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 14Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 15Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 16Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 17Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 18Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 19Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 20Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 21Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 22Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 23Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 24Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 25Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 26Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 27Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
APEFS and Information-flow Analysis for Privacy in Android 28Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of Sie...
Upcoming SlideShare
Loading in...5
×

Droidcon2013 apefs and information flow-analysis for privacy-dauwe_uni_siegen

636

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
636
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Droidcon2013 apefs and information flow-analysis for privacy-dauwe_uni_siegen

  1. 1. Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenAPEFS and Information-flow Analysis forPrivacy in AndroidDroidcon 2013 - BerlinJulia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenOperating Systems and Distributed Systemsjulia.dauwe@uni-siegen.de
  2. 2. APEFS and Information-flow Analysis for Privacy in Android 2Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenBackground► Google Play► Centralized software platform► About 800,000 apps indifferent categories► Search for Apps → Find it→ get Information aboutPermissions► What does Permission mean?► Apps run in sandboxes► Declare permissions to useadvanced features► User must accept all presentedpermissions to install app
  3. 3. APEFS and Information-flow Analysis for Privacy in Android 3Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenHypothesis► Permissions are only “irrelevant facts”for the user to accept when finally found“the right” App► Why do we think so?► 2 Live Wallpapers requestingmany/all permissions► 6,660 downloadsin 6 months► No complains about the requestedpermissions► Own statistics
  4. 4. APEFS and Information-flow Analysis for Privacy in Android 4Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenStatistics► Statistics created with Apptistic(Project at University of Siegen)► Apptistic analyzed ca. 250.000 Apps from Google Play► Example 1:► Filter:► Requested Permissions: Network & personal Data► Free / Name: “Wallpaper”► Example 2:► Requested Permissions: Network & personal Data► Paid / Category “Games and Entertainment“
  5. 5. APEFS and Information-flow Analysis for Privacy in Android 5Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenStatistics► Example 1► 1255 free Android Wallpapers using Network access and personalData Permissions, 48 “phone calls”
  6. 6. APEFS and Information-flow Analysis for Privacy in Android 6Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenStatistics► By the way ...
  7. 7. APEFS and Information-flow Analysis for Privacy in Android 7Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenStatistics► Example 2► 884 paid game Apps using Network Accessand personal Data permissions► 69 are in Top 100 Paid
  8. 8. APEFS and Information-flow Analysis for Privacy in Android 8Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenReasons► Granularity of permissions► User / developer dont understand meaning of permissions(e.g. “System tools” or “Storage” permissions)► No color-coded labels to fast classify possibledangerousness or similar help► Usage flow: 1. Searching → 2. Finding → 3. Security
  9. 9. APEFS and Information-flow Analysis for Privacy in Android 9Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenIdea: APEFS► Android PErmission Filter System► New usage flow:► Security → Searching → Finding► Security defined by predefined filter► Apps that not fit the security level are filtered out► Strengthens the permissions► Permissions are no longer another item to accept► Using infrastructure given by Google► Basic idea: Parsing websites for permissions
  10. 10. APEFS and Information-flow Analysis for Privacy in Android 10Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenAPEFS – App► Let the user define his own security level► Filter out Apps requesting Permission Groups:► Charged Services► Location, Personal Information► Internet & Network► SMS & MMS, Phone Calls► System Tools, SD-Card & Phone-Storage, Hardware► Miscellaneous► Chart Search► Apps and Games / Top Free, Top Paid, Top New Free ...► Advanced App Search► Search for a specific App► Check installed Apps on the device for permissions
  11. 11. APEFS and Information-flow Analysis for Privacy in Android 11Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenAPEFS – OverviewWebsiteWebsite► APEFS uses Playstore Website Datafor Permission Information► App-Installation by Google Play App► Open Google Play onspecific app via Intent:new Intent(Intent.ACTION_VIEW).setData(Uri.parse("market://details?id=com.test"));► User is linked to the regular page► Download / Installation► Description & Screenshots► Comments ...
  12. 12. APEFS and Information-flow Analysis for Privacy in Android 12Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenAPEFS – App – SearchWebsiteWebsite 2. Result page (24 Apps)3. Parse forpackage ids1. RequestCharts / Search4. Request detail pagesbased on id5. Detail pages6. Parse forpermissions7. filter results
  13. 13. APEFS and Information-flow Analysis for Privacy in Android 13Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenAPEFS – HTML-Parsing► 1. Parsing App overview page (24 Apps)► 2. Parsing detail pages of each app
  14. 14. APEFS and Information-flow Analysis for Privacy in Android 14Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenAPEFS – HTML-Parsing► Parsing using a library (e.g. JSOUP)► Less error-prone► computationally intensive► Parsing with regular expressions► Error-prone► 452ms (per detailpage) faster than using JSOUP!String htmlString = fetchHtml(url);Pattern exp = Pattern.compile("<div classs*=s*"doc-permission-description">(.*?)</div>);Matcher m = exp.matcher(htmlString);while(m.find()){String permissionName = m.group(1);/**processing permissions */}
  15. 15. APEFS and Information-flow Analysis for Privacy in Android 15Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenAPEFS – App► App Search & Installation
  16. 16. APEFS and Information-flow Analysis for Privacy in Android 16Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenAPEFS – App► App Search & Installation
  17. 17. APEFS and Information-flow Analysis for Privacy in Android 17Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenAPEFS – Lessons Learned► More than 20.000 downloads in less than 3 months► Different Feedback► acceptance as a good helper tool► User starting to question requested permissions► But also:► Misunderstanding of the idea – APEFS is no anti virustool (not yet)► Using feedback for future work► e.g. adding a blacklist or if applicable collaboration withdetector tool
  18. 18. APEFS and Information-flow Analysis for Privacy in Android 18Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenApp analysis► Filter apps by permissions: ü► Filter apps by “what they actually do”: current research► Motivation:► App requesting private data and network permissions► Suspicion: app sends private data to the internet► APEFS: decision only based on permissions► Information-flow Analysis► Try to define sensitive data (secrets) and detect leaks► Proof if a secret is possibly passed to a leak
  19. 19. APEFS and Information-flow Analysis for Privacy in Android 19Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenInformation-flow analysis► Special type of data flow analysis► Determine possible flows from defined sources to outputchannelsAPPAPPIDContactsMails...InternetSMSBluetooth...
  20. 20. APEFS and Information-flow Analysis for Privacy in Android 20Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenInformation-flow Analysis► Using Soot: a Java Optimization Framework► Supports interprocedural data-flow analysis withpointer analysis► SPARK & PADDLE► Works on► Java-bytecode directly► its own internal representations jimple, dimple ..► Jimple: typed 3-adress-representation► Soot & Android► .apk-files can be decompiled to jimple► using dexpler (now integrated in Soot)
  21. 21. APEFS and Information-flow Analysis for Privacy in Android 21Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenControl flow graph► 1. Use Soot to build a Call Graph with all called methods ofthe program► (Current Work: no libraries or system calls)► 2. Create a Control flow Graphfor each method// Building CFGUnitGraph graph = newExceptionalUnitGraph(body);// do for every code block (statement)inside this graph...for (Unit statement : graph) { … }
  22. 22. APEFS and Information-flow Analysis for Privacy in Android 22Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenInformation-flow Analysis► 3. Define & create different Sets to accomplish a transferfunction for► each code block B and Variable v► Gen(B) – B possible saves critical information in v► Kill(B) – B definitely DONT savescritical information in v► Copy(B) – B possible saves critical information fromanother variable x to v► Leak(B) – B possible leaks v► each method M of a Program P and Variables v► Gen(M) – it exists a Path inside this Method onwhich sensitive information is saved in v► Kill(M), Copy(M), Leak(M) - ...
  23. 23. APEFS and Information-flow Analysis for Privacy in Android 23Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenInformation-flow Analysis► 4. Define transfer function for critical and leak set► Forward flow Analysis to find critical data► Backward flow Analysis to find leaks5. Create intersection of critical_in and leak_out→ If not empty: Some data is leaked!
  24. 24. APEFS and Information-flow Analysis for Privacy in Android 24Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenPoints-to Sets► Points-to Sets (PTS) used as an addition to first analysis► Try to find pointer targets to check for critical data► We define a PTS for a variable v as:► PTS(v) = a set of all objects, v could possible point to► Therefore we need new definitions of sets and transferfunctions including PTS► Points-to Analysis in Soot with the help of SPARK andPaddlestatic void setSparkPointsToAnalysis()soot.PointsToAnalysis pta = Scene.v().getPointsToAnalysis();PointsToSet pts1 = pta.reachingObjects(local);Problem: Analysis using Points-to Analysis takes muchmore time...
  25. 25. APEFS and Information-flow Analysis for Privacy in Android 25Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenInformation-flow Analysis - Problems► Problem of static analysis:► Very conservative► May result in many false positives► Detects leak of information, but there is none► Idea: runtime assertions► Developer can check after compiling where flows aredetected► Can use assertions to tell there is no flow► Assertion checked at run-time► If not fulfilled → App terminated
  26. 26. APEFS and Information-flow Analysis for Privacy in Android 26Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenRuntime Assertions - ExampleString s = “Test”;if (x > 0) {s = getSecret();}if (y < 0) {leak(s);}Secret will be leaked, if x > 0 and y < 0!Analysis Result: Secret is leaked!APEFS.assert(!(x > 0 && y < 0));Secret cannot be leakedAnalysis Result: No secret leaked!
  27. 27. APEFS and Information-flow Analysis for Privacy in Android 27Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenConnection of Analysis to APEFS► Extend security level► Sensitive data and permissible flows► Problem: Analysis only possible on .apk-Package► Two ways to realize:► Create own market► Easy to access packages► Problem of acceptance► Apps specify flows in accessible metadata► Published through self-defined permissions► Problem: no guarantee for correct metadata► Digital signature or analysis on device
  28. 28. APEFS and Information-flow Analysis for Privacy in Android 28Julia Dauwe, Simon Meurer & Roland WismüllerUniversity of SiegenConclusion and future work► APEFS:► Filter Android apps by permissions / security level► Based on Googles infrastructure► New usage flow: Security → Searching → Finding► Limitation: Filter only by permissions► Information flow analysis► Determine flows of information to possible leaks► Including points-to analysis► Reduce false positives with e.g. runtime assertions► Try to speed up analysis
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×