AutoPatchDroid: A framework for patching inter-app vulnerabilities in android application
Recently, an increasing number of inter-app attacks such as confused deputy attacks, data leakage attacks and collusion attacks spring up. However, there is no perfect defense method against them. As we all know, developers play an important role in android security, but their weak consciousness abo...
Saved in:
| Published in | 2017 IEEE International Conference on Communications (ICC) pp. 1 - 6 |
|---|---|
| Main Authors | , , , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
01.05.2017
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Recently, an increasing number of inter-app attacks such as confused deputy attacks, data leakage attacks and collusion attacks spring up. However, there is no perfect defense method against them. As we all know, developers play an important role in android security, but their weak consciousness about the security may lead to inter-app attacks. Therefore, considered for developers, it is important to investigate and try to defend against such attacks in android. This paper presents typical inter-app attacks in android and proposes AutoPatchDroid, an automatic framework to find the vulnerable code in apps and patch them automatically. We firstly find the vulnerable paths from sources to sinks, sources to execution exit points, execution entry points to sinks and execution entry points to execution exit points in the application using static analysis. Then we locate the vulnerable code pieces and insert the patch code to guard against such attacks. AutoPatchDroid prevent inter-app attacks in the application level rather than modifying the kernel or framework. We use DroidBench and IccRE to evaluate our framework, and find that AutoPatchDroid could effectively secure the apps. The runtime overhead introduced by AutoPatchDroid is 1.105% on average. |
|---|---|
| AbstractList | Recently, an increasing number of inter-app attacks such as confused deputy attacks, data leakage attacks and collusion attacks spring up. However, there is no perfect defense method against them. As we all know, developers play an important role in android security, but their weak consciousness about the security may lead to inter-app attacks. Therefore, considered for developers, it is important to investigate and try to defend against such attacks in android. This paper presents typical inter-app attacks in android and proposes AutoPatchDroid, an automatic framework to find the vulnerable code in apps and patch them automatically. We firstly find the vulnerable paths from sources to sinks, sources to execution exit points, execution entry points to sinks and execution entry points to execution exit points in the application using static analysis. Then we locate the vulnerable code pieces and insert the patch code to guard against such attacks. AutoPatchDroid prevent inter-app attacks in the application level rather than modifying the kernel or framework. We use DroidBench and IccRE to evaluate our framework, and find that AutoPatchDroid could effectively secure the apps. The runtime overhead introduced by AutoPatchDroid is 1.105% on average. |
| Author | Bin Luo Jiayun Xie Xiaojiang Du Xiao Fu Guizani, Mohsen |
| Author_xml | – sequence: 1 surname: Jiayun Xie fullname: Jiayun Xie organization: State Key Lab. for Novel Software Technol., Nanjing Univ., Nanjing, China – sequence: 2 surname: Xiao Fu fullname: Xiao Fu email: fuxiao@nju.edu.cn organization: State Key Lab. for Novel Software Technol., Nanjing Univ., Nanjing, China – sequence: 3 surname: Xiaojiang Du fullname: Xiaojiang Du email: dxj@ieee.org organization: Dept. of Comput. & Inf. Sci., Temple Univ., Philadelphia, PA, USA – sequence: 4 surname: Bin Luo fullname: Bin Luo email: luobin@nju.edu.cn organization: State Key Lab. for Novel Software Technol., Nanjing Univ., Nanjing, China – sequence: 5 givenname: Mohsen surname: Guizani fullname: Guizani, Mohsen email: mguizani@ieee.org organization: Dept. of Electr. & Comput. Eng., Univ. of Idaho, Moscow, ID, USA |
| BookMark | eNotkLtOwzAARQ0CiaawI7H4B5L6Eb_YovCqVKkMMDBVbmyDIbUjxwXx96Si0x2O7pHuLcBZiMECcI1RhTFSi2XbVgRhUQmlOJfkBBS45oJKpVR9CmZYUVliKekFKMbxEyFGFMUz8Nbsc3zWufu4S9GbW9hAl_TO_sT0BV1McDgwH96hD9mmUg8D_N73wSa99b3P3o4TgTqYQx1OuPedzj6GS3DudD_aq2POwevD_Uv7VK7Wj8u2WZUeC5bLremMIEJKjQhXTBCtGeGiZs52qOPM1IRybiRjkkvmpLKG8mmxcQQz5iidg5t_r7fWbobkdzr9bo430D_sHVNb |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/ICC.2017.7996682 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEL IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE/IET Electronic Library url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISBN | 1467389994 9781467389990 |
| EISSN | 1938-1883 |
| EndPage | 6 |
| ExternalDocumentID | 7996682 |
| Genre | orig-research |
| GroupedDBID | 29F 29I 6IE 6IF 6IH 6IK 6IM AAJGR ACGFS ALMA_UNASSIGNED_HOLDINGS CBEJK IPLJI JC5 M43 RIE RIO |
| ID | FETCH-LOGICAL-i175t-bdcd72788a0269572aa526745fec0c65d42366d8558685f89ed36109df2155f33 |
| IEDL.DBID | RIE |
| IngestDate | Wed Jun 26 19:29:07 EDT 2024 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i175t-bdcd72788a0269572aa526745fec0c65d42366d8558685f89ed36109df2155f33 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_7996682 |
| PublicationCentury | 2000 |
| PublicationDate | 2017-May |
| PublicationDateYYYYMMDD | 2017-05-01 |
| PublicationDate_xml | – month: 05 year: 2017 text: 2017-May |
| PublicationDecade | 2010 |
| PublicationTitle | 2017 IEEE International Conference on Communications (ICC) |
| PublicationTitleAbbrev | ICC |
| PublicationYear | 2017 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0052931 |
| Score | 2.1300156 |
| Snippet | Recently, an increasing number of inter-app attacks such as confused deputy attacks, data leakage attacks and collusion attacks spring up. However, there is no... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Android Bytecode Rewriting Information systems Inter-App Attack Security Static Analysis |
| Title | AutoPatchDroid: A framework for patching inter-app vulnerabilities in android application |
| URI | https://ieeexplore.ieee.org/document/7996682 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LS8NAEF5qT3rx0Ypv9uDRpDHJPuKtVKUKlR4s1FPZJxalCSXx4K93dtPUKh68hJBNSNgJM9_ufPMNQpeRVRx-DBHY2LcwIyyQriUgyyJjFUml8Zs5oyc6nKSPUzJtoat1LYwxxpPPTOhOfS5f56pyW2U95sA5B4e7xaO4rtVqvC6BsHXdpCGjrPcwGDjeFgtXz_xonuJjx_0uGjVvrSkjb2FVylB9_hJk_O9n7aHud5UeHq_jzz5qmcUB2tkQGOygl35V5mPwtq-3y3yub3Af24aNhQGu4sKNwa3YyUYsA1EU-KN6d0rUnjQLy2gYwcKpGsw13sh2d9Hk_u55MAxWzRSCOSCEMpBaacAqnAtYdYFJYiFITFlKrFGRokQDrqJUc0I45cTyzOjESbFrC6CA2CQ5RO1FvjBHCDMesYwzK-CYGku4TBIDtuU0M8RKcow6bpJmRa2XMVvNz8nfl0_RtjNUTSI8Q-1yWZlzCPSlvPAW_gLj7Kk1 |
| link.rule.ids | 310,311,786,790,795,796,802,23958,23959,25170,27956,55107 |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LT8JAEJ4QPKgXH2B8uwePtlTafdQbQQkoEA6Q4Im03d1ANLQhrQd_vbMtRTQevDRNt02bnWbm251vvgG4dXQk8McILN3MW5hRboWmJSD3HaUj6oUq38wZDFl34j1P6bQCd5taGKVUTj5TtjnNc_kyjjKzVdbgBpwLdLg7GOcdXlRrlX6XYuC6LxORjt_otduGucXt9VM_2qfk0aNzAIPyvQVp5M3O0tCOPn9JMv73ww6h_l2nR0abCHQEFbU8hv0ticEavLayNB6hv50_ruKFfCAtoks-FkHAShIzhrcSIxyxsoIkIR_Zu9GizmmzuJDGERIYXYOFJFv57jpMOk_jdtdat1OwFogRUiuUkUS0IkSA6y40SjMIaJNxj2oVORGjEpEVY1JQKpigWvhKukaMXWqEBVS77glUl_FSnQLhwuG-4DrAo6c0FaHrKrSuYL6iOqRnUDOTNEsKxYzZen7O_758A7vd8aA_6_eGLxewZ4xWUAovoZquMnWFYT8Nr3NrfwH8FKyJ |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=proceeding&rft.title=2017+IEEE+International+Conference+on+Communications+%28ICC%29&rft.atitle=AutoPatchDroid%3A+A+framework+for+patching+inter-app+vulnerabilities+in+android+application&rft.au=Jiayun+Xie&rft.au=Xiao+Fu&rft.au=Xiaojiang+Du&rft.au=Bin+Luo&rft.date=2017-05-01&rft.pub=IEEE&rft.eissn=1938-1883&rft.spage=1&rft.epage=6&rft_id=info:doi/10.1109%2FICC.2017.7996682&rft.externalDocID=7996682 |