TY - JOUR
T1 - Prioritizing data flows and sinks for app security transformation
AU - Tian, Ke
AU - Tan, Gang
AU - Ryder, Barbara G.
AU - (Daphne) Yao, Danfeng
N1 - Funding Information:
Dr. Gang Tan is the James F. Will Career Development Associate Professor in the Department of Computer Science and Engineering at the Pennsylvania State University, University Park, PA. He leads the Security of Software (SOS) Lab. His research is at the interface between computer security, programming languages, and formal methods. He received his bachelor’s degree in Computer Science with honors from Tsinghua University in 1999 and his Ph.D. degree from Princeton University in 2005. He has received an NSF CAREER award, two Google Research Awards, and a Francis Upton Graduate Fellowship. He is a member of IEEE and ACM.
Funding Information:
The authors would like to thank the anonymous reviewers for their insightful comments and suggestions on the work. This project was supported in part by NSF grant CNS-1717028 .
Publisher Copyright:
© 2020
PY - 2020/5
Y1 - 2020/5
N2 - There have been extensive investigations on identifying sensitive data flows in Android apps for detecting malicious behaviors. Typical real world apps have a large number of sensitive flows and sinks. Thus, security analysts need to prioritize these flows and data sinks according to their risks, i.e., flow ranking and sink ranking. In this paper, we present an efficient graph-algorithm based risk metric for prioritizing risky flows and sinks in Android grayware apps. The new risk metric is quantitative and can differentiate the sensitivities of flows and sinks in an app. In the experiments, our risk prioritization produces orderings that are highly consistent with manual inspection. To enable post-detection security enforcement of sensitive sinks, we also present an automatic rewriting framework that utilizes the above prioritization technique. Our rewriting strategies are more feasible than the state-of-art solutions by supporting flow- and sink-based rewriting. We implement our prototype as ReDroid. ReDroid is designed for security analysts who manage organizational app repositories and customize third-party apps to satisfy organization imposed security requirements. We use ReDroid to rewrite both benchmark apps and real world grayware.
AB - There have been extensive investigations on identifying sensitive data flows in Android apps for detecting malicious behaviors. Typical real world apps have a large number of sensitive flows and sinks. Thus, security analysts need to prioritize these flows and data sinks according to their risks, i.e., flow ranking and sink ranking. In this paper, we present an efficient graph-algorithm based risk metric for prioritizing risky flows and sinks in Android grayware apps. The new risk metric is quantitative and can differentiate the sensitivities of flows and sinks in an app. In the experiments, our risk prioritization produces orderings that are highly consistent with manual inspection. To enable post-detection security enforcement of sensitive sinks, we also present an automatic rewriting framework that utilizes the above prioritization technique. Our rewriting strategies are more feasible than the state-of-art solutions by supporting flow- and sink-based rewriting. We implement our prototype as ReDroid. ReDroid is designed for security analysts who manage organizational app repositories and customize third-party apps to satisfy organization imposed security requirements. We use ReDroid to rewrite both benchmark apps and real world grayware.
UR - http://www.scopus.com/inward/record.url?scp=85080023501&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85080023501&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2020.101750
DO - 10.1016/j.cose.2020.101750
M3 - Article
AN - SCOPUS:85080023501
VL - 92
JO - Computers and Security
JF - Computers and Security
SN - 0167-4048
M1 - 101750
ER -