poster

Detecting Inter-App Information Leakage Paths

Authors:

Manoj Singh GaurAuthors Info & Claims

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Pages 908 - 910

https://doi.org/10.1145/3052973.3055163

Published: 02 April 2017 Publication History

Get Access

Abstract

Sensitive (private) information can escape from one app to another using one of the multiple communication methods provided by Android for inter-app communication. This leakage can be malicious. In such a scenario, individual benign app, in collusion with other conspiring apps, if present, can leak the private information. In this work in progress, we present, a new model-checking based approach for inter-app collusion detection. The proposed technique takes into account simultaneous analysis of multiple apps. We are able to identify any set of conspiring apps involved in the collusion. To evaluate the efficacy of our tool, we developed Android apps that exhibit collusion through inter-app communication. Eight demonstrative sets of apps have been contributed to widely used test dataset named DroidBench. Our experiments show that proposed technique can accurately detect the presence/absence of collusion among apps. To the best of our knowledge, our proposal has improved detection capability than other techniques.

References

[1]

Andrototal. http://andrototal.org/. {Online; accessed 10-May-2015}.

Google Scholar

[2]

DroidBench 2.0. https://github.com/secure-software-engineering/DroidBench. {Online; accessed 02-June-2015}.

Google Scholar

[3]

SPIN Model Checker. http://www.spinroot.com. {Online; accessed 23-September-2015}.

Google Scholar

[4]

Virustotal. http://virustotal.com/. {Online; accessed 10-May-2015}.

Google Scholar

[5]

S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In ACM SIGPLAN Notices, volume 49, pages 259--269. ACM, 2014.

Digital Library

Google Scholar

[6]

S. Bhandari, W. B. Jaballah, V. Jain, V. Laxmi, A. Zemmari, M. S. Gaur, and M. Conti. Android app collusion threat and mitigation techniques. arXiv preprint arXiv:1611.10076, 2016.

Google Scholar

[7]

S. Bhandari, V. Laxmi, A. Zemmari, and M. S. Gaur. Intersection automata based model for android application collusion. In 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA), pages 901--908. IEEE, 2016.

Crossref

Google Scholar

[8]

S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A. Sadeghi, and B. Shastry. Towards taming privilege-escalation attacks on android. In 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, February 5--8, 2012. The Internet Society, 2012.

Google Scholar

[9]

K. O. Elish, D. D. Yao, and G. R. Barbara. On the need of precise inter-app icc classificationfor detecting android malware collusions. In Proceedings of the Security and Privacy Workshops, pages 116--127, 2015.

Google Scholar

[10]

P. Faruki, S. Bhandari, V. Laxmi, M. Gaur, and M. Conti. Droidanalyst: Synergic app framework for static and dynamic app analysis. In Recent Advances in Computational Intelligence in Defense and Security, pages 519--552. Springer, 2016.

Crossref

Google Scholar

[11]

M. I. Gordon, D. Kim, J. Perkins, L. Gilham, N. Nguyen, and M. Rinard. Information-flow analysis of android applications in droidsafe. In Proc. of the Network and Distributed System Security Symposium (NDSS). The Internet Society, 2015.

Crossref

Google Scholar

[12]

L. Li, A. Bartel, T. F. D. A. Bissyande, J. Klein, Y. Le Traon, S. Arzt, S. Rasthofer, E. Bodden, D. Octeau, and P. McDaniel. Iccta: detecting inter-component privacy leaks in android apps. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE 2015), 2015.

Digital Library

Google Scholar

[13]

C. Marforio, H. Ritzdorf, A. Francillon, and S. Capkun. Analysis of the communication between colluding applications on modern smartphones. In Proceedings of the 28th Annual Computer Security Applications Conference, pages 51--60. ACM, 2012.

Digital Library

Google Scholar

Cited By

View all

Bhandari SHerbreteau FLaxmi VZemmari ARoop PGaur M(2017)SneakLeak: Detecting Multipartite Leakage Paths in Android Apps2017 IEEE Trustcom/BigDataSE/ICESS10.1109/Trustcom/BigDataSE/ICESS.2017.249(285-292)Online publication date: Aug-2017
https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.249

Index Terms

Detecting Inter-App Information Leakage Paths
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Privacy policies

Recommendations

COVERT: Compositional Analysis of Android Inter-App Permission Leakage
Android is the most popular platform for mobile devices. It facilitates sharing of data and services among applications using a rich inter-app communication system. While access to resources can be controlled by the Android permission system, enforcing ...
Inter-app communication between Android apps developed in app-inventor and Android studio
MOBILESoft '16: Proceedings of the International Conference on Mobile Software Engineering and Systems

Communications between mobile apps are an important aspect of mobile platforms. Android is specifically designed with inter-app communication in mind and depends on this to provide different platform specific functionalities. Android Apps can either be ...
App Store: IPod Touch, Apple Inc., ITunes Store, IPhone OS, Itunes, Piper Jaffray, List of digital distribution platforms for mobile devices, I Am Rich

Comments

Information & Contributors

Information

Published In

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

April 2017

952 pages

ISBN:9781450349444

DOI:10.1145/3052973

General Chairs:
Ramesh Karri
New York University, New York, USA
,
Ozgur Sinanoglu
New York University Abu Dhabi, UAE
,
Program Chairs:
Ahmad-Reza Sadeghi
Technische Universität Darmstadt, Germany
,
Xun Yi
RMIT University, Australia

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 April 2017

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

Department of Electronics and Information Technology Government of India
DST-CNRS project

Conference

ASIA CCS '17

Sponsor:

SIGSAC

ASIA CCS '17: ACM Asia Conference on Computer and Communications Security

April 2 - 6, 2017

Abu Dhabi, United Arab Emirates

Acceptance Rates

ASIA CCS '17 Paper Acceptance Rate 67 of 359 submissions, 19%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
236
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)3

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Bhandari SHerbreteau FLaxmi VZemmari ARoop PGaur M(2017)SneakLeak: Detecting Multipartite Leakage Paths in Android Apps2017 IEEE Trustcom/BigDataSE/ICESS10.1109/Trustcom/BigDataSE/ICESS.2017.249(285-292)Online publication date: Aug-2017
https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.249

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

COVERT: Compositional Analysis of Android Inter-App Permission Leakage

Inter-app communication between Android apps developed in app-inventor and Android studio

App Store: IPod Touch, Apple Inc., ITunes Store, IPhone OS, Itunes, Piper Jaffray, List of digital distribution platforms for mobile devices, I Am Rich