TY - GEN
T1 - NIVAnalyzer
T2 - 10th IEEE International Conference on Software Testing, Verification and Validation, ICST 2017
AU - Tang, Junjie
AU - Cui, Xingmin
AU - Guo, Shanqing
AU - Xu, Xinshun
AU - Hu, Chengyu
AU - Ban, Tao
AU - Mao, Bing
N1 - Funding Information: This work is partially supported by National Natural Science Foundation of China (91546203,61173068,61572295,61573212) , Program for New Century Excellent Talents in University of the Ministry of Education, the Key Science Technology Project of Shandong Province (2014GGD01063,2015GGE27033), the Independent Innovation Foundation of Shandong Province (2014CGZH1106) and the Shandong Provincial Natural Science Foundation (ZR2014FM020). Publisher Copyright: © 2017 IEEE.
PY - 2017/5/15
Y1 - 2017/5/15
N2 - In the Android system design, any app can start another app's public components to facilitate code reuse by sending an asynchronous message called Intent. In addition, Android also allows an app to have private components that should only be visible to the app itself. However, malicious apps can bypass this system protection and directly invoke private components in vulnerable apps through a class of newly discovered vulnerability, which is called next-intent vulnerability. In this paper, we design an intent flow analysis strategy which accurately tracks the intent in smali code to statically detect next-intent vulnerabilities efficiently and effectively on a large scale. We further propose an automated approach to dynamically verify the discovered vulnerabilities by generating exploit apps. Then we implement a tool named NIVAnalyzer and evaluate it on 20,000 apps downloaded from Google Play. As the result, we successfully confirms 190 vulnerable apps, some of which even have millions of downloads. We also confirmed that an open-source project and a third-party SDK, which are still used by other apps, have next intent vulnerabilities.
AB - In the Android system design, any app can start another app's public components to facilitate code reuse by sending an asynchronous message called Intent. In addition, Android also allows an app to have private components that should only be visible to the app itself. However, malicious apps can bypass this system protection and directly invoke private components in vulnerable apps through a class of newly discovered vulnerability, which is called next-intent vulnerability. In this paper, we design an intent flow analysis strategy which accurately tracks the intent in smali code to statically detect next-intent vulnerabilities efficiently and effectively on a large scale. We further propose an automated approach to dynamically verify the discovered vulnerabilities by generating exploit apps. Then we implement a tool named NIVAnalyzer and evaluate it on 20,000 apps downloaded from Google Play. As the result, we successfully confirms 190 vulnerable apps, some of which even have millions of downloads. We also confirmed that an open-source project and a third-party SDK, which are still used by other apps, have next intent vulnerabilities.
KW - Android
KW - Intent
KW - Static and dynamic analysis
KW - Tool
KW - Vulnerability
UR - http://www.scopus.com/inward/record.url?scp=85020713633&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85020713633&partnerID=8YFLogxK
U2 - 10.1109/ICST.2017.56
DO - 10.1109/ICST.2017.56
M3 - Conference contribution
T3 - Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation, ICST 2017
SP - 492
EP - 499
BT - Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation, ICST 2017
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 13 March 2017 through 17 March 2017
ER -