scholarly journals Call Graph and Model Checking for Fine-Grained Android Malicious Behaviour Detection

2020 ◽  
Vol 10 (22) ◽  
pp. 7975
Author(s):  
Giacomo Iadarola ◽  
Fabio Martinelli ◽  
Francesco Mercaldo ◽  
Antonella Santone
Keyword(s):  
Data Structure ◽  
Model Checking ◽  
Private Information ◽  
Control Flow ◽  
Graph Data ◽  
Call Graph ◽  
Fine Grained ◽  
Call Graphs ◽  
Android Applications ◽  
Flow Graphs

The increasing diffusion of mobile devices, widely used for critical tasks such as the transmission of sensitive and private information, corresponds to an increasing need for methods to detect malicious actions that can undermine our data. As demonstrated in the literature, the signature-based approach provided by antimalware is not able to defend users from new threats. In this paper, we propose an approach based on the adoption of model checking to detect malicious families in the Android environment. We consider two different automata representing Android applications, based respectively on Control Flow Graphs and Call Graphs. The adopted graph data structure allows to detect potentially malicious behaviour and also localize the code where the malicious action happens. We experiment the effectiveness of the proposed method evaluating more than 3000 real-world Android samples (with 2552 malware belonging to 21 malicious family), by reaching an accuracy ranging from 0.97 to 1 in malicious family detection.

Regression Test Reduction for Object-Oriented Software: A Control Call Graph Based Technique and Associated Tool

2013 ◽  
Vol 2013 ◽  
pp. 1-10 ◽  
Author(s):  
Nicolas Frechette ◽  
Linda Badri ◽  
Mourad Badri
Keyword(s):  
Object Oriented ◽  
Control Flow ◽  
Regression Testing ◽  
Test Suite ◽  
Reduced Form ◽  
Test Cases ◽  
Call Graph ◽  
Call Graphs ◽  
Incremental Update ◽  
Flow Graphs

This paper presents a selective regression testing technique and an associated tool for object-oriented software. The technique is based on the concept of Control Call Graphs, which are a reduced form of traditional Control Flow Graphs. It uses static analysis of the source code of the program. The developed tool (1) identifies the Control Call Paths potentially impacted by changes, (2) selects, from an existing test suite, the appropriate test cases, and (3) generates new JUnit test cases for control call paths that are not covered by existing tests (new ones, or those whose structure has been modified after changes). In this way, the approach supports an incremental update of the test suite. The selected JUnit test cases, including the new ones, are automatically executed. Three concrete case studies are reported to provide evidence of the feasibility of the approach and its benefits in terms of reduction of regression testing effort.

scholarly journals Detecting Colluding Inter-App Communication in Mobile Environment

2020 ◽  
Vol 10 (23) ◽  
pp. 8351
Author(s):  
Rosangela Casolare ◽  
Fabio Martinelli ◽  
Francesco Mercaldo ◽  
Antonella Santone
Keyword(s):  
Model Checking ◽  
Mobile Devices ◽  
Private Information ◽  
End Users ◽  
Home Automation ◽  
Mobile Environment ◽  
Data Support ◽  
Bank Transfer ◽  
Android Applications

The increase in computing capabilities of mobile devices has, in the last few years, made possible a plethora of complex operations performed from smartphones and tablets end users, for instance, from a bank transfer to the full management of home automation. Clearly, in this context, the detection of malicious applications is a critical and challenging task, especially considering that the user is often totally unaware of the behavior of the applications installed on their device. In this paper, we propose a method to detect inter-app communication i.e., a colluding communication between different applications with data support to silently exfiltrate sensitive and private information. We based the proposed method on model checking, by representing Android applications in terms of automata and by proposing a set of logic properties to reduce the number of comparisons and a set of logic properties automatically generated for detecting colluding applications. We evaluated the proposed method on a set of 1092 Android applications, including different colluding attacks, by obtaining an accuracy of 1, showing the effectiveness of the proposed method.

scholarly journals Android Collusion: Detecting Malicious Applications Inter-Communication through SharedPreferences

Information ◽  
2020 ◽  
Vol 11 (6) ◽  
pp. 304 ◽  
Author(s):  
Rosangela Casolare ◽  
Fabio Martinelli ◽  
Francesco Mercaldo ◽  
Antonella Santone
Keyword(s):  
Model Checking ◽  
Mobile Devices ◽  
Temporal Logic ◽  
Private Information ◽  
Recent Trend ◽  
Experimental Results ◽  
Single Application ◽  
Collusion Attack ◽  
Android Applications ◽  
Inter Communication

The Android platform is currently targeted by malicious writers, continuously focused on the development of new types of attacks to extract sensitive and private information from our mobile devices. In this landscape, one recent trend is represented by the collusion attack. In a nutshell this attack requires that two or more applications are installed to perpetrate the malicious behaviour that is split in more than one single application: for this reason anti-malware are not able to detect this attack, considering that they analyze just one application at a time and that the single colluding application does not exhibit any malicious action. In this paper an approach exploiting model checking is proposed to automatically detect whether two applications exhibit the ability to perform a collusion through the SharedPreferences communication mechanism. We formulate a series of temporal logic formulae to detect the collusion attack from a model obtained by automatically selecting the classes candidate for the collusion, obtained by two heuristics we propose. Experimental results demonstrate that the proposed approach is promising in collusion application detection: as a matter of fact an accuracy equal to 0.99 is obtained by evaluating 993 Android applications.

scholarly journals Model checking security properties of control flow graphs

2001 ◽  
Vol 9 (3) ◽  
pp. 217-250 ◽  
Author(s):  
Frédéric Besson ◽  
Thomas Jensen ◽  
Daniel Le Métayer ◽  
Tommy Thorn
Keyword(s):  
Model Checking ◽  
Control Flow ◽  
Security Properties ◽  
Flow Graphs

scholarly journals DroidClone: Attack of the android malware clones - a step towards stopping them

2020 ◽  
pp. 35-35
Author(s):  
Shahid Alam ◽  
Ibrahim Sogukpinar
Keyword(s):  
False Positive Rate ◽  
Control Flow ◽  
Code Clones ◽  
Android Malware ◽  
Call Graph ◽  
Mobile Malware ◽  
Positive Rate ◽  
Android Applications ◽  
And Function ◽  
Specific Control

Code clones are frequent in use because they can be created fast with little effort and expense. Especially for malware writers, it is easier to create a clone of the original than writing a new malware. According to the recent Symantec threat reports, Android continues to be the most targeted mobile platform, and the number of new mobile malware clones grew by 54%. There is a need to develop techniques and tools to stop this attack of Android malware clones. To stop this attack, we propose DroidClone that exposes code clones (segments of code that are similar) in Android applications to help detect malware. DroidClone is the first such effort uses specific control flow patterns for reducing the effect of obfuscations and detect clones that are syntactically different but semantically similar up to a threshold. DroidClone is independent of the programming language of the code clones. When evaluated with real malware and benign Android applications, DroidClone obtained a detection rate of 94.2% and false positive rate of 5.6%. DroidClone, when tested against various obfuscations, was able to successfully provide resistance against all the trivial (Renaming methods, parameters, and nop insertion, etc) and some non-trivial (Call graph manipulation and function indirection, etc.) obfuscations.

scholarly journals Comparative Analysis and Enhancement of CFG-based Hardware-Assisted CFI Schemes

2021 ◽  
Vol 20 (5s) ◽  
pp. 1-25
Author(s):  
Stefan Tauner ◽  
Mario Telesklav
Keyword(s):  
Comparative Analysis ◽  
Control Flow ◽  
Code Reuse ◽  
Powerful Technique ◽  
Fine Grained ◽  
Time Performance ◽  
Meaningful Comparison ◽  
Control Flow Integrity ◽  
Flow Graphs ◽  
Common Platform

Subverting the flow of instructions (e.g., by use of code-reuse attacks) still poses a serious threat to the security of today’s systems. Various control flow integrity (CFI) schemes have been proposed as a powerful technique to detect and mitigate such attacks. In recent years, many hardware-assisted implementations of CFI enforcement based on control flow graphs (CFGs) have been presented by academia. Such approaches check whether control flow transfers follow the intended CFG by limiting the valid target addresses. However, these papers all target different platforms and were evaluated with different sets of benchmark applications, which makes quantitative comparisons hardly possible. For this paper, we have implemented multiple promising CFG-based CFI schemes on a common platform comprising a RISC-V within FPGA. By porting almost 40 benchmark applications to this system we can present a meaningful comparison of the various techniques in terms of run-time performance, hardware utilization, and binary size. In addition, we present an enhanced CFI approach that is inspired by what we consider the best concepts and ideas of previously proposed mechanisms. We have made this approach more practical and feature-complete by tackling some problems largely ignored previously. We show with this fine-grained scheme that CFI can be achieved with even less overheads than previously demonstrated.

scholarly journals Reconciling optimization with secure compilation

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-30
Author(s):  
Son Tuan Vu ◽  
Albert Cohen ◽  
Arnaud De Grandmaison ◽  
Christophe Guillon ◽  
Karine Heydemann
Keyword(s):  
Side Effects ◽  
Control Flow ◽  
Partial Ordering ◽  
Input Output ◽  
Machine Code ◽  
Fine Grained ◽  
Control Flow Integrity ◽  
Correct Execution ◽  
Source Level ◽  
And Performance

Software protections against side-channel and physical attacks are essential to the development of secure applications. Such protections are meaningful at machine code or micro-architectural level, but they typically do not carry observable semantics at source level. This renders them susceptible to miscompilation, and security engineers embed input/output side-effects to prevent optimizing compilers from altering them. Yet these side-effects are error-prone and compiler-dependent. The current practice involves analyzing the generated machine code to make sure security or privacy properties are still enforced. These side-effects may also be too expensive in fine-grained protections such as control-flow integrity. We introduce observations of the program state that are intrinsic to the correct execution of security protections, along with means to specify and preserve observations across the compilation flow. Such observations complement the input/output semantics-preservation contract of compilers. We introduce an opacification mechanism to preserve and enforce a partial ordering of observations. This approach is compatible with a production compiler and does not incur any modification to its optimization passes. We validate the effectiveness and performance of our approach on a range of benchmarks, expressing the secure compilation of these applications in terms of observations to be made at specific program points.

Sign in / Sign up

Export Citation Format

Share Document