Targeted Security Analysis of Android Applications with Hybrid Program Analysis

Date

2021-03

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Mobile devices are prevalent in everyday society and the installation of third-party applications provide a variety of services, such as location tracking, messaging, and financial management. The trove of sensitive information and functionality on these devices and their large user base attract malware developers who want to exploit this functionality for monetary gain or to cause harm. To protect the security and privacy of mobile device users, we wish to analyze applications to extract the types of actions they perform and to determine whether they can be trusted. Program analysis techniques have commonly been used to perform such analysis and are primarily static or dynamic in nature. Static analysis operates on the code of the application and provides good analysis coverage, but is imprecise due to the lack of run-time information. Dynamic analysis operates as the application is executing and is more precise due to the availability of the execution trace, but is often limited by low code coverage since only the parts of the application that are actually executed can be analyzed. In this thesis, we explore the use of hybrid program analysis techniques that use the strengths of both static and dynamic analysis to achieve more effective security analysis of applications on the Android mobile platform. We propose and develop the idea of targeted execution, in which analysis resources are focused on the specific code locations that are of interest to a security analyzer. We dynamically execute the application at these locations to enable precise security analysis of the behaviors. To target the locations, we preface the dynamic analysis with a static phase that performs a conservative search for potential behaviors of interest and extracts the code paths that lead to them. It then determines how these code paths can be executed such that the target behavior can be analyzed. We show how the use of both static and dynamic analysis can enable more effective execution and analysis of applications than the existing state-of-the-art techniques. We further show how hybrid program analysis can enable the deobfuscation of applications, a challenge that often plagues security analysis tools.

Description

Keywords

android, computer security, dynamic analysis, mobile security, program analysis, static analysis

Citation

DOI

ISSN

Creative Commons

Attribution 4.0 International

Items in TSpace are protected by copyright, with all rights reserved, unless otherwise indicated.