M. Louw, Marc Krull, Tavaris J. Thomas, R. Cathey, Gregory L. Frazier, Mike Weber
{"title":"Automated Execution Control and Dynamic Behavior Monitoring for Android (TM) Applications","authors":"M. Louw, Marc Krull, Tavaris J. Thomas, R. Cathey, Gregory L. Frazier, Mike Weber","doi":"10.1109/MILCOM.2013.168","DOIUrl":null,"url":null,"abstract":"We explore techniques for eliciting a behavioral description from an Android smartphone app in a controlled manner. A description of app behavior is useful for performing subsequent analysis such as model checking, for example to verify the app satisfies a set of desirable security properties. Our solution is to dynamically execute the app in a customized version of the Android SDK emulator, which provides many of an app's inputs as responses to invoked API calls. A more focused set of input values computed offline are then injected to the app via hooks introduced into the Android API implementation. To dynamically monitor app behavior, we instrument the app bytecode to record control and data flows during execution. We also instrument the Android API to record all of the app's inputs and outputs. We have used this technique on the DARPA Automated Program Analysis for Cybersecurity (APAC) program to reveal hidden, triggerable attacks in independently developed challenge apps. Our framework for extracting app behavior is part of Droid Reasoning, Analysis, and Protection Engine (DRAPE), an integrated, semi-automated app behavior analysis system capable of discovering hidden malware in Android apps.","PeriodicalId":379382,"journal":{"name":"MILCOM 2013 - 2013 IEEE Military Communications Conference","volume":"138 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2013 - 2013 IEEE Military Communications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM.2013.168","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
We explore techniques for eliciting a behavioral description from an Android smartphone app in a controlled manner. A description of app behavior is useful for performing subsequent analysis such as model checking, for example to verify the app satisfies a set of desirable security properties. Our solution is to dynamically execute the app in a customized version of the Android SDK emulator, which provides many of an app's inputs as responses to invoked API calls. A more focused set of input values computed offline are then injected to the app via hooks introduced into the Android API implementation. To dynamically monitor app behavior, we instrument the app bytecode to record control and data flows during execution. We also instrument the Android API to record all of the app's inputs and outputs. We have used this technique on the DARPA Automated Program Analysis for Cybersecurity (APAC) program to reveal hidden, triggerable attacks in independently developed challenge apps. Our framework for extracting app behavior is part of Droid Reasoning, Analysis, and Protection Engine (DRAPE), an integrated, semi-automated app behavior analysis system capable of discovering hidden malware in Android apps.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
