当前位置:
X-MOL 学术
›
IEEE Internet Things J.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
SoProtector: Safeguard Privacy for Native SO Files in Evolving Mobile IoT Applications
IEEE Internet of Things Journal ( IF 10.6 ) Pub Date : 2019-09-30 , DOI: 10.1109/jiot.2019.2944006 Guangquan Xu , Weizhe Wang , Litao Jiao , Xiaotong Li , Kaitai Liang , Xi Zheng , Wenjuan Lian , Hequn Xian , Honghao Gao
IEEE Internet of Things Journal ( IF 10.6 ) Pub Date : 2019-09-30 , DOI: 10.1109/jiot.2019.2944006 Guangquan Xu , Weizhe Wang , Litao Jiao , Xiaotong Li , Kaitai Liang , Xi Zheng , Wenjuan Lian , Hequn Xian , Honghao Gao
Android Apps have become the most important mobile applications in the evolving mobile IoT systems, whose security and privacy are confronted with ever more challenges, since such mobile devices as smartphones involve too much personal privacy information. Meanwhile, the developers prefer to put core functions (e.g., encryption function and T9 search function) of Android applications in the native layer for execution efficiency. However, there are no automated security analysis tools to protect the security and privacy of the Android native layer, especially for those dynamically loaded third-party SO libraries. In order to solve the previous problem, which is confusing, we propose a novel and scalable system, called SoProtector, to prevent privacy from leaking via the analysis of data flow between the Java and native layers. For detection of the malicious function implanted in the SO libraries, SoProtector realizes a real-time engine. We derive the malware features via three steps: 1) present binary files in native family as a grayscale image; 2) with use of the ARM instructions set reversely obtain the code of the SO file and using Python to obtain the opcode sequence; and 3) each file is transformed as the form of assembly language by IDA Pro, which includes a gdl file as an accompaniment. Our experiment, which involved 3400 applications, demonstrates that SoProtector is able to detect more sinks, sources, and smudges. It effectively inspects and blocks at least 82% of the applications that are loading malicious third-party SO dynamically, and it has relatively low overhead in the meantime, compared to most of the existing static analysis tools (e.g., FlowDroid and AndroidLeaks).
中文翻译:
SoProtector:在不断发展的移动物联网应用程序中保护本机SO文件的隐私
在不断发展的移动物联网系统中,Android Apps已成为最重要的移动应用程序,其安全性和隐私面临着越来越多的挑战,因为诸如智能手机之类的移动设备涉及太多的个人隐私信息。同时,为了提高执行效率,开发人员倾向于将Android应用程序的核心功能(例如,加密功能和T9搜索功能)放置在本机层中。但是,没有自动的安全分析工具来保护Android本机层的安全性和隐私,尤其是对于那些动态加载的第三方SO库。为了解决先前令人困惑的问题,我们提出了一种新颖且可扩展的系统,称为SoProtector,以通过分析Java和本机层之间的数据流来防止隐私泄漏。为了检测植入到SO库中的恶意功能,SoProtector实现了实时引擎。我们通过三个步骤得出恶意软件功能:1)将本地家族中的二进制文件呈现为灰度图像;2)使用ARM指令集反向获取SO文件的代码,并使用Python获取操作码序列;3)每个文件都由IDA Pro转换为汇编语言的形式,其中包括一个gdl文件作为伴奏。我们的实验涉及3400个应用程序,表明SoProtector能够检测更多的汇,源和污迹。与大多数现有的静态分析工具相比,它可以有效地检查和阻止至少82%的应用程序动态地加载恶意第三方SO,并且与此同时其开销相对较低。
更新日期:2020-04-22
中文翻译:
SoProtector:在不断发展的移动物联网应用程序中保护本机SO文件的隐私
在不断发展的移动物联网系统中,Android Apps已成为最重要的移动应用程序,其安全性和隐私面临着越来越多的挑战,因为诸如智能手机之类的移动设备涉及太多的个人隐私信息。同时,为了提高执行效率,开发人员倾向于将Android应用程序的核心功能(例如,加密功能和T9搜索功能)放置在本机层中。但是,没有自动的安全分析工具来保护Android本机层的安全性和隐私,尤其是对于那些动态加载的第三方SO库。为了解决先前令人困惑的问题,我们提出了一种新颖且可扩展的系统,称为SoProtector,以通过分析Java和本机层之间的数据流来防止隐私泄漏。为了检测植入到SO库中的恶意功能,SoProtector实现了实时引擎。我们通过三个步骤得出恶意软件功能:1)将本地家族中的二进制文件呈现为灰度图像;2)使用ARM指令集反向获取SO文件的代码,并使用Python获取操作码序列;3)每个文件都由IDA Pro转换为汇编语言的形式,其中包括一个gdl文件作为伴奏。我们的实验涉及3400个应用程序,表明SoProtector能够检测更多的汇,源和污迹。与大多数现有的静态分析工具相比,它可以有效地检查和阻止至少82%的应用程序动态地加载恶意第三方SO,并且与此同时其开销相对较低。
京公网安备 11010802027423号