Static detection of API call vulnerabilities in iOS executables
Pages 394 - 395
Abstract
We propose a static analysis technique for iOS executables for checking API call vulnerabilities that can cause 1) app behaviors to be altered by malicious external inputs, and 2) sensitive user data to be illegally accessed by apps with stealthy private API calls that use string obfuscation. We identify sensitive functions that dynamically load classes/frameworks, and, for each parameter that corresponds to a dynamically loaded class/framework, we construct a dependency graph that shows the set of values that flow to that parameter. A sensitive function that has its class name or framework path parameter depending on external inputs is considered to contain a vulnerability. We further conduct string analysis on these dependency graphs to determine all potential string values that these parameters can take, which identifies the set of dynamically loaded classes/frameworks. Taking the intersection of these values with patterns that characterize Apple's API policies (such as restricted use of private/sensitive APIs), we are able to detect potential policy violations and vulnerabilities.
References
[1]
Paulo Barros, Rene Just, Suzanne Millstein, Paul Vines, Werner Dietl, Marcelo dAmorim, and Michael D. Ernst. 2015. Static Analysis of Implicit Control Flow: Resolving Java Reflection and Android Intents (T). In ASE. 669--679.
[2]
Zhui Deng, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu. 2015. iris: Vetting private api abuse in ios applications. In CCS. ACM, 44--56.
[3]
Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. 2011. PiOS: Detecting Privacy Leaks in iOS Applications. In NDSS.
[4]
Li Li, Tegawendé F Bissyandé, Damien Octeau, and Jacques Klein. 2016. DroidRA: taming reflection to support whole-program analysis of Android apps. In ISSTA. 318--329.
[5]
Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi, and Thorsten Holz. 2013. PSiOS: bring your own privacy & security to iOS devices. In ASIACCS. ACM, 13--24.
[6]
Fang Yu, Yuan-Chieh Lee, Steven Tai, and Wei-Shao Tang. 2013. AppBeach: Characterizing App Behaviors via Static Binary Analysis. In Mobile Services. IEEE Computer Society, 86.
Index Terms
- Static detection of API call vulnerabilities in iOS executables
Recommendations
Obfuscated malware detection using API call dependency
SecurIT '12: Proceedings of the First International Conference on Security of Internet of ThingsMalwares pose a grave threat to security of a network and host systems. Many events such as Distributed Denial-of-Service attacks, spam emails etc., often have malwares as their root cause. So a great deal of research is being invested in detection and ...
Malware Detection by Static Checking and Dynamic Analysis of Executables
The advanced malware continue to be a challenge in digital world that signature-based detection techniques fail to conquer. The malware use many anti-detection techniques to mutate. Thus no virus scanner can claim complete malware detection even for ...
Static Detection of API-Calling Behavior from Malicious Binary Executables
ICCEE '08: Proceedings of the 2008 International Conference on Computer and Electrical EngineeringThe broad spread of malware in recent years has presented a serious threat to our world. Because Windows API-calling sequence usually reflects the vicious behavior in a piece of particular code, more and more AV researchers like to detect malware based ...
Comments
Information & Contributors
Information
Published In
May 2018
231 pages
ISBN:9781450356633
DOI:10.1145/3183440
- Conference Chair:
- Michel Chaudron,
- General Chair:
- Ivica Crnkovic,
- Program Chairs:
- Marsha Chechik,
- Mark Harman
Copyright © 2018 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
- SIGSOFT: ACM Special Interest Group on Software Engineering
- IEEE-CS: Computer Society
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 27 May 2018
Check for updates
Author Tags
Qualifiers
- Poster
Funding Sources
Conference
ICSE '18
Sponsor:
- SIGSOFT
- IEEE-CS
ICSE '18: 40th International Conference on Software Engineering
May 27 - June 3, 2018
Gothenburg, Sweden
Acceptance Rates
Overall Acceptance Rate 276 of 1,856 submissions, 15%
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 338Total Downloads
- Downloads (Last 12 months)59
- Downloads (Last 6 weeks)8
Reflects downloads up to 23 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in