Uploaded byitba9
PPTX, PDF510 views

COVERT app

COVERT is a tool that analyzes Android applications in a compositional manner to detect security vulnerabilities that occur due to the interaction of apps. It extracts models of individual apps and the Android framework and uses the Alloy analyzer to check the models for vulnerabilities. An evaluation on over 500 real-world apps found that COVERT can effectively detect inter-app vulnerabilities in minutes and does not require source code. It was implemented with desktop, mobile, and web-based front-ends to facilitate end-user analysis of apps.

Embed presentation

Downloaded 12 times
M.Tech (CSE) 1st semester
ABSTRACT • Problem: Enforcement of the permissions in Android is at the level of individual apps, allowing multiple malicious apps to collude and combine their permissions or to trick vulnerable apps to perform actions on their behalf that are beyond their individual privileges. • Research efforts are subject to a common limitation: they are intended to detect and mitigate vulnerabilities in a single app. • COVERT’s analysis is modular and it statically analyzes the reverse engineered source code of each individual app, and extracts relevant security specifications in a format suitable for formal verification. • Using COVERT to examine over 500 real-world apps corroborates its ability to find inter-app vulnerabilities in bundles of some of the most popular apps on the market.
INTRODUCTION• Previous techniques failed to identify vulnerabilities due to the interaction of multiple apps, such as collusion attacks and privilege escalation chaining, which cannot be detected by analyzing a single app in isolation. • COVERT increases the scope of application analysis This enables reasoning about the overall security posture of a system. • The main objective of COVERT is to automatically – identify such vulnerabilities that occur due to the interaction of apps comprising a system – by inferring the security properties from individual apps and checking them as a whole by means of formal analysis – determine whether it is safe for a bundle of apps, requiring certain permissions and interacting with each other, to be installed together. • COVERT extracts essential information and captures them in an analyzable formal specification language and uses Alloy as a specification language, and the Alloy Analyzer as the analysis engine.
Android Overview Application Components Components are basic logical building blocks of Android applications. There are four types of components: • Activity • Service • Broadcast Receiver • Content Provider IPC Android depends app insulation to protect apps requires interactions to occur through a message passing mechanism, called inter- process communication. IPC is conducted by means of Intent messages. Application Configuration Each Android application must declare upfront its configuration. Component capabilities are specified as a set of Intent Filters that represent the kinds of requests a given component can respond to. Permissions Each application must declare as part of its manifest the permissions it requires, and the Android system prompts the user for consent during the application installation. Android platform provides over 130 pre- defined permissions, and apps can also define their own permissions. Intent Messages Intent message is an event for an action to be performed along with the data that supports that action. Sandboxing Sandboxing is a computer security term referring to when a program is set aside from other programs in a separate environment so that if errors or security issues occur, those issues will not spread to other areas on the computer.
Literature survey • Main focus of work is on performing program analysis over Android applications for security and Android’s permissions and their use across applications. All the research work have never been evaluated over real-world applications. • FlowDroid introduces a precise approach for static taint flow analysis for each app component. SCanDroid statically analyzes data flows to detect permission inconsistencies between apps that could possibly allow malicious access to sensitive information. It requires the source code of applications. • TaintDroid detects information leak vulnerabilities using dynamic taint flow analysis at the system level. IPC Inspection prevents privilege escalation at OS level. Whyper is a tool that checks the app’s requested permissions against its description, enabling the user to determine if certain requested permissions are suspicious. • Pscout is used to extract the permission specification from the Android OS source code using static analysis, leading to a comprehensive set of permission maps.
Architecture COVERT Parts Model Extractor Formal Analyzer Models App model Android Framework spec.
Example scenario A malicious app exploits the vulnerabilities of two other apps to send the device location data to the desirable phone number
Entity Extraction and Resolution Control Flow Augmentation Vulnerable Path Identification Static analysis technique • Input as APK and app byte code • Generate app models (build on top of Soot and Dexpler) Check for vulnerability • Combine with formal spec of app framework • Alloy as specification language • Report of list of vulnerabilities Method of Implementation 1. MODEL EXTRACTOR We first need a model of each app to determine the inter-process communications and the security properties. A model for an Android application is a tuple A = <C, I, F, P,S >, where •C is a set of components, set of Intent messages, Intent filters, permissions and set of sensitive paths •I is a set of event messages that can be used for both inter- and intra-app communications. •If component is non-empty, the Intent is called an explicit Intent, as the recipient is given explicitly. •F is a set of Intent Filters, describes an interface of c in terms of Intents that it can handle. •P is a union of required (Preq) and enforced permissions(Penf) •S is a finite set of vulnerable paths
Model Extractor
Formal Analyzer Alloy Overview Formal Model of Android Framework Formal Model of Apps Checking Android Application models There are four main reasons for choosing Alloy: 1. Its comprehensible, object-oriented- like syntax, makes it useful for declarative specification of both apps and properties to be checked. 2. Ability to automatically analyze specifications with no custom programming is useful as an automation mechanism. 3. Effective module system allows us to split the overall, complicated system model among several tractable modules. 4. The extraction approach to generate bundle specifications is incremental. Once an app model is extracted, it can be reused for analysis within several bundles of apps.
Formal Model of Android Framework The analyzer provides two types of analysis: Simulation, in which the analyzer demonstrates consistency of model specifications by generating a satisfying model instance; Model Checking, which involves finding a counterexample a model instance that violates a particular assertion. There are six top-level signatures to model the basic element types: Application, Component, Intent Filter, Intent, Path, and Permission. These signatures are defined as abstract, meaning that they cannot have an instance object without explicitly extending them.
Formal model of apps Three pieces of Alloy specifications are conjoined in the process of modeling various parts of Android apps extracted from their APK files. 1. Specification module called appDeclaration 2. App model, represented in a separate Alloy module for each app. 3. Inter-process communication module that models all Intent messages created within app.
Checking Android Application models Considering the privilege escalation, Davi et al state it as follows: “An application with less permissions (a nonprivileged caller) is not restricted to access components of a more privileged application (a privileged callee).” The assertion states that the dst component (victim) has access to a permission (uses Permission) that is missing in the src component (malicious), and that permission is not being enforced in the source code of the victim component, nor by the application embodying the victim component.
Benefits • COVERT can effectively detect inter-app vulnerabilities in few minutes. •Our prototype implementation of the approach only requires the availability of Android executable files, and not the original source code. •COVERT, can be used not only by developers, but also by end-users as well as third-party reviewers. •COVERT is implemented as a publicly available tool. We have built a prototype implementation of the model extractor component on top of the Soot static analysis tools for analyzing Java byte code. We use Dexpler transformer to translate Android’s dalvik bytecode into the Soot’s intermediate representation language, called Jimple. •All the research work have never been evaluated over real-world applications.
Mobile and Web-based applications These work together to analyze the installed apps in a mobile device and generate the vulnerability report. Applications
Desktop Client Desktop Client is a JavaFX application that provides a graphical user interface and enables end-users to analyze a set of APK files, which could be downloaded from online app stores such as Google Play.
Result Analysis To assess the effectiveness of our approach in revealing Android inter-app vulnerabilities, we have conducted an evaluation that addresses the following research questions: RQ1. What is the importance of this research? To what extent are Android apps over privileged and unsafe due to usage of permission-required APIs? RQ2. How well does COVERT perform? Does it enable compositional analysis of real-world Android apps? How much manual effort is involved in the analysis process? RQ3. What is the overall accuracy of COVERT in detecting inter-app vulnerabilities? RQ4. How does compositional analysis compare to single app analysis? RQ5. What is the performance of our prototype tool implemented atop SAT solving technologies and static analyzers?
Scatter plot for analysis time for model extraction of Android apps.
COVERT, a tool that analyzes Android applications in a compositional manner to detect inter-app and inter- component security vulnerabilities. COVERT comes with desktop, mobile and web-based front-end applications that facilitate the end-user interactions with the analysis engine. The experimental results corroborated its ability to reveal inter app vulnerabilities in real-world Android apps, many of which were previously unknown. Conclusion •COVERT can be extended, and significant components of it reused, for detecting other types of inter-app vulnerabilities, like application collusion and information leakage. For this, COVERT’s program analysis needs to be extended to take information flow into account for Android apps. •COVERT can be extended with dynamic analysis techniques which can be used to address vulnerabilities in native code. Android Apps may include native code in addition to Java code, in the form of a Java Native Interface (JNI) library, which cannot be sufficiently addressed through static analysis techniques. future work
1. H. Bagheri, A. Sadeghi, J. Garcia, and S. Malek, “Covert: Compositional analysis of android inter-app vulnerabilities,” George Mason University, Tech. Rep. 2. K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “Pscout: Analyzing the android permission specification,” in Proceedings of CCS, 2012. 3. D. Jackson, “Alloy: a lightweight object modelling notation,” TOSEM,vol. 11, no. 2 4. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, “Analyzing inter-application communication in android,” in Proc. 9th Int.Conf. Mobile Syst., Appl. Services, 2011 5. L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy, “Privilege escalation attacks on android,” in Proc. 13th Int. Conf. Inf. Security, 2010 6. R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie, “Whyper: Towards automating risk assessment of mobile applications,” USENIX Conf. Security, 2013 7. J. Woodcock, P. G. Larsen, J. Bicarregui, and J. Fitzgerald, “Formal methods: Practice and experience,” ACM Comput. Surv., vol. 41 8. D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden,J. Klein, Y. L. Traon, Effective Inter-Component Communication Mapping in Android with Epicc:An Essential Step Towards Holistic Security Analysis, in: Proceedings of the 22nd USENIX Security Symposium, Washington, DC, 2013. references
Vulnerability is not weakness. And that myth is profoundly dangerous. Vulnerability is the birthplace of innovtion, creativity and change. -Brene Brown

More Related Content

PDF
Androinspector a system for
byIJNSA Journal
 
PDF
Tech Report: On the Effectiveness of Malware Protection on Android
byFraunhofer AISEC
 
PDF
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
byIOSR Journals
 
PDF
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
byIJNSA Journal
 
ODP
Mobile Apps Security Testing -3
byKrisshhna Daasaarii
 
DOCX
Mitigating Privilege-Escalation Attacks on Android Report
byVinoth Kanna
 
PDF
Standardizing Source Code Security Audits
byijseajournal
 
PPTX
Mobile application security
byShubhneet Goel
 
Androinspector a system for
byIJNSA Journal
 
Tech Report: On the Effectiveness of Malware Protection on Android
byFraunhofer AISEC
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
byIOSR Journals
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
byIJNSA Journal
 
Mobile Apps Security Testing -3
byKrisshhna Daasaarii
 
Mitigating Privilege-Escalation Attacks on Android Report
byVinoth Kanna
 
Standardizing Source Code Security Audits
byijseajournal
 
Mobile application security
byShubhneet Goel
 

What's hot

PDF
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
byTekRevol LLC
 
PPT
Understanding Android Security
byAsanka Dilruk
 
PDF
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
byIdexcel Technologies
 
PDF
Rabish kumar singh QA Engineer 3 years experience
byRavish Singh
 
PPTX
Understanding android security model
byPragati Rai
 
PDF
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
byTyler Shields
 
PDF
IRJET- Android Malware Detection System
byIRJET Journal
 
PDF
Software Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
bySwati Patel
 
PPTX
Permission use analysis for vetting undesirable behavior in
bychaitrabhat777
 
PDF
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
byCarlos Laorden
 
PPTX
100 effective software testing tools that boost your Testing
byBugRaptors
 
PDF
Mobile Application Security
bycclark_isec
 
PDF
IRJET- Obfuscation: Maze of Code
byIRJET Journal
 
PDF
Android malware overview, status and dilemmas
byTech and Law Center
 
PDF
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
byIJNSA Journal
 
PDF
I haz you and pwn your maal whitepaper
byHarsimran Walia
 
PDF
Final_Presentation_FlowDroid
byKruti Sharma
 
PDF
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
byIRJET Journal
 
PDF
Detection of vulnerabilities in programs with the help of code analyzers
byPVS-Studio
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
byTekRevol LLC
 
Understanding Android Security
byAsanka Dilruk
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
byIdexcel Technologies
 
Rabish kumar singh QA Engineer 3 years experience
byRavish Singh
 
Understanding android security model
byPragati Rai
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
byTyler Shields
 
IRJET- Android Malware Detection System
byIRJET Journal
 
Software Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
bySwati Patel
 
Permission use analysis for vetting undesirable behavior in
bychaitrabhat777
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
byCarlos Laorden
 
100 effective software testing tools that boost your Testing
byBugRaptors
 
Mobile Application Security
bycclark_isec
 
IRJET- Obfuscation: Maze of Code
byIRJET Journal
 
Android malware overview, status and dilemmas
byTech and Law Center
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
byIJNSA Journal
 
I haz you and pwn your maal whitepaper
byHarsimran Walia
 
Final_Presentation_FlowDroid
byKruti Sharma
 
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
byIRJET Journal
 
Detection of vulnerabilities in programs with the help of code analyzers
byPVS-Studio
 

Similar to COVERT app

PDF
Android Security: A Survey of Security Issues and Defenses
byIRJET Journal
 
PDF
Android Malware Detection Mechanisms
byTalha Kabakus
 
PPTX
Mobile security
bypriyanka pandey
 
PPTX
Vulnerabilities in Android
byBirju Tank
 
PDF
Mediating Applications on the Android System
byNizar Maan
 
PDF
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
byIRJET Journal
 
PPTX
Security testing of mobile applications
byGTestClub
 
PDF
Towards the methods of analysis malicious applications for Android
bySergey Staroletov
 
PDF
Detection of Android Third Party Libraries based attacks
byAmina WADDIZ
 
PDF
Testing Android Security Codemotion Amsterdam edition
byJose Manuel Ortega Candel
 
PDF
Testing Android Security - Jose Manuel Ortega Candel - Codemotion Amsterdam 2016
byCodemotion
 
PDF
Covert compositional analysis of android inter app permission leakage
byLeMeniz Infotech
 
PDF
Reading Group Presentation: Why Eve and Mallory Love Android
byMichael Rushanan
 
PPTX
Untitled 1
bySergey Kochergan
 
PPT
Analysis and research of system security based on android
byRavishankar Kumar
 
PDF
SecureDroid: An Android Security Framework Extension for Context-Aware policy...
byGiuseppe La Torre
 
PDF
A Framework for Providing Selective Permissions to Android Applications
byIOSR Journals
 
PDF
Android security
byMohamed Alharbi
 
PDF
Android security
byDr Amira Bibo
 
PDF
Android security
byDr Amira Bibo
 
Android Security: A Survey of Security Issues and Defenses
byIRJET Journal
 
Android Malware Detection Mechanisms
byTalha Kabakus
 
Mobile security
bypriyanka pandey
 
Vulnerabilities in Android
byBirju Tank
 
Mediating Applications on the Android System
byNizar Maan
 
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
byIRJET Journal
 
Security testing of mobile applications
byGTestClub
 
Towards the methods of analysis malicious applications for Android
bySergey Staroletov
 
Detection of Android Third Party Libraries based attacks
byAmina WADDIZ
 
Testing Android Security Codemotion Amsterdam edition
byJose Manuel Ortega Candel
 
Testing Android Security - Jose Manuel Ortega Candel - Codemotion Amsterdam 2016
byCodemotion
 
Covert compositional analysis of android inter app permission leakage
byLeMeniz Infotech
 
Reading Group Presentation: Why Eve and Mallory Love Android
byMichael Rushanan
 
Untitled 1
bySergey Kochergan
 
Analysis and research of system security based on android
byRavishankar Kumar
 
SecureDroid: An Android Security Framework Extension for Context-Aware policy...
byGiuseppe La Torre
 
A Framework for Providing Selective Permissions to Android Applications
byIOSR Journals
 
Android security
byMohamed Alharbi
 
Android security
byDr Amira Bibo
 
Android security
byDr Amira Bibo
 

Recently uploaded

PDF
Industrial Tools Manufacturers In India : Torso Tools
bytorsotools8
 
PDF
NS unit wise unit wise 1 -5 so prepare,.
bykumaransudhan1512
 
PDF
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
PPTX
What Green Hydrogen Is Definition: Hydrogen produced via electrolysis of wate...
byThit57
 
PDF
Computer Graphics Fundamentals (v0p1) - DannyJiang
byDanny Jiang
 
PDF
Shear Strength of Soil/Mohr Coulomb Failure Criteria-1.pdf
byMahmoodKhalid11
 
PDF
AWS Re:Invent 2025 Recap by FivexL - Guilherme, Vladimir, Andrey
byAndrey Devyatkin
 
PDF
Module 4 python programming-1BPLCK105B-2025 by Dr.SV.pdf
bySURESHA V
 
PPTX
Batch-1(End Semester) Student Of Shree Durga Tech. PPT.pptx
byrashesw1122s
 
PDF
Decision-Support-Systems-and-Decision-Making-Processes.pdf
byPatankarNikhil
 
PPTX
Presentation-WPS Office.pptx afgouvhyhgfccf
byEndaleTimerga
 
PDF
Rajesh Prasad- Brief Profile with educational, professional highlights
byRajesh Prasad
 
PPTX
Value engineering and cost analysis with case study
byhp9879098082
 
PDF
Basics of Electronics Task by Vivaan Jo Varghese.pdf
byVivaan Jo Varghese
 
PDF
Chemical Hazards at Workplace – Types, Properties & Exposure Routes, CORE-EHS
byCORE EHS
 
PDF
Applications of AI in Civil Engineering - Dr. Rohan Dasgupta
byRohan Dasgupta
 
PPTX
Basic Volume Mass Relationship and unit weight as function of volumetric wate...
byMahmoodKhalid11
 
PPTX
operating_systems.pptx m,nm,nm,n,nm,n,nm,nikl
bykirthigaaiml
 
PPTX
Introduction to AI and Applications Module-4.pptx
byKalaiselviSubramania2
 
PDF
(en/zhTW) Heterogeneous System Architecture: Design & Performance
byDanny Jiang
 
Industrial Tools Manufacturers In India : Torso Tools
bytorsotools8
 
NS unit wise unit wise 1 -5 so prepare,.
bykumaransudhan1512
 
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
What Green Hydrogen Is Definition: Hydrogen produced via electrolysis of wate...
byThit57
 
Computer Graphics Fundamentals (v0p1) - DannyJiang
byDanny Jiang
 
Shear Strength of Soil/Mohr Coulomb Failure Criteria-1.pdf
byMahmoodKhalid11
 
AWS Re:Invent 2025 Recap by FivexL - Guilherme, Vladimir, Andrey
byAndrey Devyatkin
 
Module 4 python programming-1BPLCK105B-2025 by Dr.SV.pdf
bySURESHA V
 
Batch-1(End Semester) Student Of Shree Durga Tech. PPT.pptx
byrashesw1122s
 
Decision-Support-Systems-and-Decision-Making-Processes.pdf
byPatankarNikhil
 
Presentation-WPS Office.pptx afgouvhyhgfccf
byEndaleTimerga
 
Rajesh Prasad- Brief Profile with educational, professional highlights
byRajesh Prasad
 
Value engineering and cost analysis with case study
byhp9879098082
 
Basics of Electronics Task by Vivaan Jo Varghese.pdf
byVivaan Jo Varghese
 
Chemical Hazards at Workplace – Types, Properties & Exposure Routes, CORE-EHS
byCORE EHS
 
Applications of AI in Civil Engineering - Dr. Rohan Dasgupta
byRohan Dasgupta
 
Basic Volume Mass Relationship and unit weight as function of volumetric wate...
byMahmoodKhalid11
 
operating_systems.pptx m,nm,nm,n,nm,n,nm,nikl
bykirthigaaiml
 
Introduction to AI and Applications Module-4.pptx
byKalaiselviSubramania2
 
(en/zhTW) Heterogeneous System Architecture: Design & Performance
byDanny Jiang
 

COVERT app

  • 1.
  • 2.
    ABSTRACT • Problem: Enforcementof the permissions in Android is at the level of individual apps, allowing multiple malicious apps to collude and combine their permissions or to trick vulnerable apps to perform actions on their behalf that are beyond their individual privileges. • Research efforts are subject to a common limitation: they are intended to detect and mitigate vulnerabilities in a single app. • COVERT’s analysis is modular and it statically analyzes the reverse engineered source code of each individual app, and extracts relevant security specifications in a format suitable for formal verification. • Using COVERT to examine over 500 real-world apps corroborates its ability to find inter-app vulnerabilities in bundles of some of the most popular apps on the market.
  • 3.
    INTRODUCTION• Previous techniquesfailed to identify vulnerabilities due to the interaction of multiple apps, such as collusion attacks and privilege escalation chaining, which cannot be detected by analyzing a single app in isolation. • COVERT increases the scope of application analysis This enables reasoning about the overall security posture of a system. • The main objective of COVERT is to automatically – identify such vulnerabilities that occur due to the interaction of apps comprising a system – by inferring the security properties from individual apps and checking them as a whole by means of formal analysis – determine whether it is safe for a bundle of apps, requiring certain permissions and interacting with each other, to be installed together. • COVERT extracts essential information and captures them in an analyzable formal specification language and uses Alloy as a specification language, and the Alloy Analyzer as the analysis engine.
  • 4.
    Android Overview Application Components Componentsare basic logical building blocks of Android applications. There are four types of components: • Activity • Service • Broadcast Receiver • Content Provider IPC Android depends app insulation to protect apps requires interactions to occur through a message passing mechanism, called inter- process communication. IPC is conducted by means of Intent messages. Application Configuration Each Android application must declare upfront its configuration. Component capabilities are specified as a set of Intent Filters that represent the kinds of requests a given component can respond to. Permissions Each application must declare as part of its manifest the permissions it requires, and the Android system prompts the user for consent during the application installation. Android platform provides over 130 pre- defined permissions, and apps can also define their own permissions. Intent Messages Intent message is an event for an action to be performed along with the data that supports that action. Sandboxing Sandboxing is a computer security term referring to when a program is set aside from other programs in a separate environment so that if errors or security issues occur, those issues will not spread to other areas on the computer.
  • 5.
    Literature survey • Mainfocus of work is on performing program analysis over Android applications for security and Android’s permissions and their use across applications. All the research work have never been evaluated over real-world applications. • FlowDroid introduces a precise approach for static taint flow analysis for each app component. SCanDroid statically analyzes data flows to detect permission inconsistencies between apps that could possibly allow malicious access to sensitive information. It requires the source code of applications. • TaintDroid detects information leak vulnerabilities using dynamic taint flow analysis at the system level. IPC Inspection prevents privilege escalation at OS level. Whyper is a tool that checks the app’s requested permissions against its description, enabling the user to determine if certain requested permissions are suspicious. • Pscout is used to extract the permission specification from the Android OS source code using static analysis, leading to a comprehensive set of permission maps.
  • 6.
  • 7.
    Example scenario A maliciousapp exploits the vulnerabilities of two other apps to send the device location data to the desirable phone number
  • 9.
    Entity Extraction and Resolution Control Flow Augmentation Vulnerable Path Identification Static analysis technique •Input as APK and app byte code • Generate app models (build on top of Soot and Dexpler) Check for vulnerability • Combine with formal spec of app framework • Alloy as specification language • Report of list of vulnerabilities Method of Implementation 1. MODEL EXTRACTOR We first need a model of each app to determine the inter-process communications and the security properties. A model for an Android application is a tuple A = <C, I, F, P,S >, where •C is a set of components, set of Intent messages, Intent filters, permissions and set of sensitive paths •I is a set of event messages that can be used for both inter- and intra-app communications. •If component is non-empty, the Intent is called an explicit Intent, as the recipient is given explicitly. •F is a set of Intent Filters, describes an interface of c in terms of Intents that it can handle. •P is a union of required (Preq) and enforced permissions(Penf) •S is a finite set of vulnerable paths
  • 10.
  • 12.
    Formal Analyzer Alloy Overview FormalModel of Android Framework Formal Model of Apps Checking Android Application models There are four main reasons for choosing Alloy: 1. Its comprehensible, object-oriented- like syntax, makes it useful for declarative specification of both apps and properties to be checked. 2. Ability to automatically analyze specifications with no custom programming is useful as an automation mechanism. 3. Effective module system allows us to split the overall, complicated system model among several tractable modules. 4. The extraction approach to generate bundle specifications is incremental. Once an app model is extracted, it can be reused for analysis within several bundles of apps.
  • 13.
    Formal Model ofAndroid Framework The analyzer provides two types of analysis: Simulation, in which the analyzer demonstrates consistency of model specifications by generating a satisfying model instance; Model Checking, which involves finding a counterexample a model instance that violates a particular assertion. There are six top-level signatures to model the basic element types: Application, Component, Intent Filter, Intent, Path, and Permission. These signatures are defined as abstract, meaning that they cannot have an instance object without explicitly extending them.
  • 14.
    Formal model ofapps Three pieces of Alloy specifications are conjoined in the process of modeling various parts of Android apps extracted from their APK files. 1. Specification module called appDeclaration 2. App model, represented in a separate Alloy module for each app. 3. Inter-process communication module that models all Intent messages created within app.
  • 15.
    Checking Android Applicationmodels Considering the privilege escalation, Davi et al state it as follows: “An application with less permissions (a nonprivileged caller) is not restricted to access components of a more privileged application (a privileged callee).” The assertion states that the dst component (victim) has access to a permission (uses Permission) that is missing in the src component (malicious), and that permission is not being enforced in the source code of the victim component, nor by the application embodying the victim component.
  • 16.
    Benefits • COVERT caneffectively detect inter-app vulnerabilities in few minutes. •Our prototype implementation of the approach only requires the availability of Android executable files, and not the original source code. •COVERT, can be used not only by developers, but also by end-users as well as third-party reviewers. •COVERT is implemented as a publicly available tool. We have built a prototype implementation of the model extractor component on top of the Soot static analysis tools for analyzing Java byte code. We use Dexpler transformer to translate Android’s dalvik bytecode into the Soot’s intermediate representation language, called Jimple. •All the research work have never been evaluated over real-world applications.
  • 17.
    Mobile and Web-basedapplications These work together to analyze the installed apps in a mobile device and generate the vulnerability report. Applications
  • 18.
    Desktop Client Desktop Clientis a JavaFX application that provides a graphical user interface and enables end-users to analyze a set of APK files, which could be downloaded from online app stores such as Google Play.
  • 19.
    Result Analysis To assessthe effectiveness of our approach in revealing Android inter-app vulnerabilities, we have conducted an evaluation that addresses the following research questions: RQ1. What is the importance of this research? To what extent are Android apps over privileged and unsafe due to usage of permission-required APIs? RQ2. How well does COVERT perform? Does it enable compositional analysis of real-world Android apps? How much manual effort is involved in the analysis process? RQ3. What is the overall accuracy of COVERT in detecting inter-app vulnerabilities? RQ4. How does compositional analysis compare to single app analysis? RQ5. What is the performance of our prototype tool implemented atop SAT solving technologies and static analyzers?
  • 20.
    Scatter plot foranalysis time for model extraction of Android apps.
  • 21.
    COVERT, a toolthat analyzes Android applications in a compositional manner to detect inter-app and inter- component security vulnerabilities. COVERT comes with desktop, mobile and web-based front-end applications that facilitate the end-user interactions with the analysis engine. The experimental results corroborated its ability to reveal inter app vulnerabilities in real-world Android apps, many of which were previously unknown. Conclusion •COVERT can be extended, and significant components of it reused, for detecting other types of inter-app vulnerabilities, like application collusion and information leakage. For this, COVERT’s program analysis needs to be extended to take information flow into account for Android apps. •COVERT can be extended with dynamic analysis techniques which can be used to address vulnerabilities in native code. Android Apps may include native code in addition to Java code, in the form of a Java Native Interface (JNI) library, which cannot be sufficiently addressed through static analysis techniques. future work
  • 22.
    1. H. Bagheri,A. Sadeghi, J. Garcia, and S. Malek, “Covert: Compositional analysis of android inter-app vulnerabilities,” George Mason University, Tech. Rep. 2. K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “Pscout: Analyzing the android permission specification,” in Proceedings of CCS, 2012. 3. D. Jackson, “Alloy: a lightweight object modelling notation,” TOSEM,vol. 11, no. 2 4. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, “Analyzing inter-application communication in android,” in Proc. 9th Int.Conf. Mobile Syst., Appl. Services, 2011 5. L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy, “Privilege escalation attacks on android,” in Proc. 13th Int. Conf. Inf. Security, 2010 6. R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie, “Whyper: Towards automating risk assessment of mobile applications,” USENIX Conf. Security, 2013 7. J. Woodcock, P. G. Larsen, J. Bicarregui, and J. Fitzgerald, “Formal methods: Practice and experience,” ACM Comput. Surv., vol. 41 8. D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden,J. Klein, Y. L. Traon, Effective Inter-Component Communication Mapping in Android with Epicc:An Essential Step Towards Holistic Security Analysis, in: Proceedings of the 22nd USENIX Security Symposium, Washington, DC, 2013. references
  • 23.
    Vulnerability is notweakness. And that myth is profoundly dangerous. Vulnerability is the birthplace of innovtion, creativity and change. -Brene Brown