ReDroid

Prioritizing data flows and sinks for app security transformation

Ke Tian, Gang Tan, Danfeng Daphne Yao, Barbara G. Ryder

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Security transformation is to transfer applications to meet security guarantees. How to prioritize Android apps and fnd suitable transformation options is a challenging problem. Typical real-world apps have a large number of sensitive flows and sinks. Thus, security analysts need to prioritize these flows and data sinks according to their risks, i.e., flow ranking and sink ranking. We present an efcient graph-algorithm based risk metric for prioritizing risky flows and sinks in Android grayware apps. Our risk prioritization produces orderings that are consistent with published security reports. We demonstrate a new automatic app transformation framework that utilizes the above prioritization technique to improve app security. The framework provides more rewriting options than the state-of-art solutions by supporting flow- and sink-based security checks. Our prototype ReDroid is designed for security analysts who manage organizational app repositories and customize thirdparty apps to satisfy organization imposed security requirements. Our framework enables application transformation for both benchmark apps and real-world grayware to strengthen their security guarantees.

Original languageEnglish (US)
Title of host publicationFEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017
PublisherAssociation for Computing Machinery, Inc
Pages35-41
Number of pages7
ISBN (Electronic)9781450353953
DOIs
StatePublished - Nov 3 2017
Event2nd Workshop on Forming an Ecosystem Around Software Transformation, FEAST 2017 - Dallas, United States
Duration: Nov 3 2017 → …

Publication series

NameFEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017

Other

Other2nd Workshop on Forming an Ecosystem Around Software Transformation, FEAST 2017
CountryUnited States
CityDallas
Period11/3/17 → …

Fingerprint

Application programs

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering
  • Safety, Risk, Reliability and Quality

Cite this

Tian, K., Tan, G., Yao, D. D., & Ryder, B. G. (2017). ReDroid: Prioritizing data flows and sinks for app security transformation. In FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017 (pp. 35-41). (FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017). Association for Computing Machinery, Inc. https://doi.org/10.1145/3141235.3141239
Tian, Ke ; Tan, Gang ; Yao, Danfeng Daphne ; Ryder, Barbara G. / ReDroid : Prioritizing data flows and sinks for app security transformation. FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017. Association for Computing Machinery, Inc, 2017. pp. 35-41 (FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017).
@inproceedings{6a213e1471344914a26e94b994efc383,
title = "ReDroid: Prioritizing data flows and sinks for app security transformation",
abstract = "Security transformation is to transfer applications to meet security guarantees. How to prioritize Android apps and fnd suitable transformation options is a challenging problem. Typical real-world apps have a large number of sensitive flows and sinks. Thus, security analysts need to prioritize these flows and data sinks according to their risks, i.e., flow ranking and sink ranking. We present an efcient graph-algorithm based risk metric for prioritizing risky flows and sinks in Android grayware apps. Our risk prioritization produces orderings that are consistent with published security reports. We demonstrate a new automatic app transformation framework that utilizes the above prioritization technique to improve app security. The framework provides more rewriting options than the state-of-art solutions by supporting flow- and sink-based security checks. Our prototype ReDroid is designed for security analysts who manage organizational app repositories and customize thirdparty apps to satisfy organization imposed security requirements. Our framework enables application transformation for both benchmark apps and real-world grayware to strengthen their security guarantees.",
author = "Ke Tian and Gang Tan and Yao, {Danfeng Daphne} and Ryder, {Barbara G.}",
year = "2017",
month = "11",
day = "3",
doi = "10.1145/3141235.3141239",
language = "English (US)",
series = "FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017",
publisher = "Association for Computing Machinery, Inc",
pages = "35--41",
booktitle = "FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017",

}

Tian, K, Tan, G, Yao, DD & Ryder, BG 2017, ReDroid: Prioritizing data flows and sinks for app security transformation. in FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017. FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017, Association for Computing Machinery, Inc, pp. 35-41, 2nd Workshop on Forming an Ecosystem Around Software Transformation, FEAST 2017, Dallas, United States, 11/3/17. https://doi.org/10.1145/3141235.3141239

ReDroid : Prioritizing data flows and sinks for app security transformation. / Tian, Ke; Tan, Gang; Yao, Danfeng Daphne; Ryder, Barbara G.

FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017. Association for Computing Machinery, Inc, 2017. p. 35-41 (FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - ReDroid

T2 - Prioritizing data flows and sinks for app security transformation

AU - Tian, Ke

AU - Tan, Gang

AU - Yao, Danfeng Daphne

AU - Ryder, Barbara G.

PY - 2017/11/3

Y1 - 2017/11/3

N2 - Security transformation is to transfer applications to meet security guarantees. How to prioritize Android apps and fnd suitable transformation options is a challenging problem. Typical real-world apps have a large number of sensitive flows and sinks. Thus, security analysts need to prioritize these flows and data sinks according to their risks, i.e., flow ranking and sink ranking. We present an efcient graph-algorithm based risk metric for prioritizing risky flows and sinks in Android grayware apps. Our risk prioritization produces orderings that are consistent with published security reports. We demonstrate a new automatic app transformation framework that utilizes the above prioritization technique to improve app security. The framework provides more rewriting options than the state-of-art solutions by supporting flow- and sink-based security checks. Our prototype ReDroid is designed for security analysts who manage organizational app repositories and customize thirdparty apps to satisfy organization imposed security requirements. Our framework enables application transformation for both benchmark apps and real-world grayware to strengthen their security guarantees.

AB - Security transformation is to transfer applications to meet security guarantees. How to prioritize Android apps and fnd suitable transformation options is a challenging problem. Typical real-world apps have a large number of sensitive flows and sinks. Thus, security analysts need to prioritize these flows and data sinks according to their risks, i.e., flow ranking and sink ranking. We present an efcient graph-algorithm based risk metric for prioritizing risky flows and sinks in Android grayware apps. Our risk prioritization produces orderings that are consistent with published security reports. We demonstrate a new automatic app transformation framework that utilizes the above prioritization technique to improve app security. The framework provides more rewriting options than the state-of-art solutions by supporting flow- and sink-based security checks. Our prototype ReDroid is designed for security analysts who manage organizational app repositories and customize thirdparty apps to satisfy organization imposed security requirements. Our framework enables application transformation for both benchmark apps and real-world grayware to strengthen their security guarantees.

UR - http://www.scopus.com/inward/record.url?scp=85037065662&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85037065662&partnerID=8YFLogxK

U2 - 10.1145/3141235.3141239

DO - 10.1145/3141235.3141239

M3 - Conference contribution

T3 - FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017

SP - 35

EP - 41

BT - FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017

PB - Association for Computing Machinery, Inc

ER -

Tian K, Tan G, Yao DD, Ryder BG. ReDroid: Prioritizing data flows and sinks for app security transformation. In FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017. Association for Computing Machinery, Inc. 2017. p. 35-41. (FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017). https://doi.org/10.1145/3141235.3141239