TY - GEN
T1 - Self-protection of android systems from inter-component communication attacks
AU - Hammad, Mahmoud
AU - Garcia, Joshua
AU - Malek, Sam
N1 - Publisher Copyright:
© 2018 Copyright held by the owner/author(s).
PY - 2018/9/3
Y1 - 2018/9/3
N2 - The current security mechanisms for Android apps, both static and dynamic analysis approaches, are insufficient for detection and prevention of the increasingly dynamic and sophisticated security attacks. Static analysis approaches suffer from false positives whereas dynamic analysis approaches suffer from false negatives. Moreover, they all lack the ability to efficiently analyze systems with incremental changes-such as adding/removing apps, granting/revoking permissions, and dynamic components' communications. Each time the system changes, the entire analysis needs to be repeated, making the existing approaches inefficient for practical use. To mitigate their shortcomings, we have developed SALMA, a novel self-protecting Android software system that monitors itself and adapts its behavior at runtime to prevent a wide-range of security risks. SALMA maintains a precise architectural model, represented as a Multiple-Domain-Matrix, and incrementally and efficiently analyzes an Android system in response to incremental system changes. The maintained architecture is used to reason about the running Android system. Every time the system changes, SALMA determines (1) the impacted part of the system, and (2) the subset of the security analyses that need to be performed, thereby greatly improving the performance of the approach. Our experimental results on hundreds of real-world apps corroborate SALMA's scalability and efficiency as well as its ability to detect and prevent security attacks at runtime with minimal disruption.
AB - The current security mechanisms for Android apps, both static and dynamic analysis approaches, are insufficient for detection and prevention of the increasingly dynamic and sophisticated security attacks. Static analysis approaches suffer from false positives whereas dynamic analysis approaches suffer from false negatives. Moreover, they all lack the ability to efficiently analyze systems with incremental changes-such as adding/removing apps, granting/revoking permissions, and dynamic components' communications. Each time the system changes, the entire analysis needs to be repeated, making the existing approaches inefficient for practical use. To mitigate their shortcomings, we have developed SALMA, a novel self-protecting Android software system that monitors itself and adapts its behavior at runtime to prevent a wide-range of security risks. SALMA maintains a precise architectural model, represented as a Multiple-Domain-Matrix, and incrementally and efficiently analyzes an Android system in response to incremental system changes. The maintained architecture is used to reason about the running Android system. Every time the system changes, SALMA determines (1) the impacted part of the system, and (2) the subset of the security analyses that need to be performed, thereby greatly improving the performance of the approach. Our experimental results on hundreds of real-world apps corroborate SALMA's scalability and efficiency as well as its ability to detect and prevent security attacks at runtime with minimal disruption.
KW - Android security
KW - Self-protecting system
KW - Software engineering
UR - https://www.scopus.com/pages/publications/85056550053
U2 - 10.1145/3238147.3238207
DO - 10.1145/3238147.3238207
M3 - Conference contribution
AN - SCOPUS:85056550053
T3 - ASE 2018 - Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering
SP - 726
EP - 737
BT - ASE 2018 - Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering
A2 - Kastner, Christian
A2 - Huchard, Marianne
A2 - Fraser, Gordon
PB - Association for Computing Machinery, Inc
T2 - 33rd IEEE/ACM International Conference on Automated Software Engineering, ASE 2018
Y2 - 3 September 2018 through 7 September 2018
ER -