PDroid: Detecting Privacy Leakage on Android

The prevalence of Android makes it face the severe security threats from malicious apps. Many Android malware can steal users’ sensitive data and leak them out. The data flow analysis is a popular technique used to detect privacy leakages by tracking the sensitive information flow statically. In practice, an effective data flow analysis should employ inter-procedure information tracking. However, the Android event-driven programming model brings a challenge to construct the call graph (CG) for a target app. This paper presents a method which employs the inter-procedural and context-sensitive data flow analysis to detect privacy leakage in Android apps. To make the analysis accurate, a flow-sensitive and points-to call target analysis is employed to construct and improve the call graph. A prototype system, called PDroid, has been implemented and applied to some real malware. The experiment shows that our method can effective detect the privacy leakages cross multiple method call instances.

Download Full-text

Applications of Synchronized Pushdown Systems

Ernst Denert Award for Software Engineering 2019 ◽

10.1007/978-3-030-58617-1_3 ◽

2020 ◽

pp. 19-45

Author(s):

Johannes Späth

Keyword(s):

Data Flow ◽

Flow Analysis ◽

Computational Effort ◽

Pointer Analysis ◽

Sensitive Data ◽

Data Flow Analysis ◽

Context Sensitive ◽

Program Slice ◽

Static Data ◽

Per Se

AbstractA precise static data-flow analysis transforms the program into a context-sensitive and field-sensitive approximation of the program. It is challenging to design an analysis of this precision efficiently due to the fact that the analysis is undecidable per se. Synchronized pushdown systems (SPDS) present a highly precise approximation of context-sensitive and field-sensitive data-flow analysis. This chapter presents some data-flow analyses that SPDS can be used for. Further on, this chapter summarizes two other contributions of the thesis “Synchronized Pushdown System for Pointer and Data-Flow Analysis” called Boomerang and IDEal. Boomerang is a demand-driven pointer analysis that builds on top of SPDS and minimizes the highly computational effort of a whole-program pointer analysis by restricting the computation to the minimal program slice necessary for an individual query. IDEal is a generic and efficient framework for data-flow analyses, e.g., typestate analysis. IDEal resolves pointer relations automatically and efficiently by the help of Boomerang. This reduces the burden of implementing pointer relations into an analysis. Further on, IDEal performs strong updates, which makes the analysis sound and precise.

Download Full-text

Exploring context-sensitive data flow analysis for early vulnerability detection

Journal of Systems and Software ◽

10.1016/j.jss.2015.12.021 ◽

2016 ◽

Vol 113 ◽

pp. 337-361 ◽

Cited By ~ 9

Author(s):

Luciano Sampaio ◽

Alessandro Garcia

Keyword(s):

Data Flow ◽

Flow Analysis ◽

Vulnerability Detection ◽

Sensitive Data ◽

Data Flow Analysis ◽

Context Sensitive

Download Full-text

Semantic Foundations of Data Flow Analysis

DAIMI Report Series ◽

10.7146/dpb.v10i131.7585 ◽

1981 ◽

Vol 10 (131) ◽

Cited By ~ 1

Author(s):

Flemming Nielson

Keyword(s):

Program Analysis ◽

Abstract Interpretation ◽

Data Flow ◽

Flow Analysis ◽

Denotational Semantics ◽

System Of Equations ◽

Program Transformations ◽

Sensitive Data ◽

Data Flow Analysis ◽

Made In

Abstract Interpretation (P. Cousot, R. Cousot and others) is a method for program analysis that is able to describe many data flow analyses. We investigate and weaken the assumptions made in abstract interpretation and express abstract interpretation within Denotational Semantics. As an example we specify constant propagation.Some authors have used abstract interpretation to formulate ''available expressions'' (a so-called ''history-sensitive'' data flow analysis). Our development of ''available expressions'' is better justified, semantically.In traditional data flow analysis and abstract interpretation it is generally assumed that the ''Meet Over all Paths'' solution is wanted. We prove that the solution specified by our approach is the ''Meet Over all Paths'' solution to a certain system of equations obtained from the program.To indicate the usefulness of our approach we show how to validate a class of program transformations, including ''constant folding''.Throughout this paper we use a toy language consisting of declarations, expressions and commands (involving conditional and iteration). Excluded are procedures and jumps.

Download Full-text