Abstract
Inter-component communication (ICC) among Android apps is shown to be the source of many security vulnerabilities. Prior research has developed compositional analyses to detect the existence of ICC vulnerabilities in a set of installed apps. However, they all lack the ability to efficiently respond to incremental system changes—such as adding/removing apps. Every time the system changes, the entire analysis has to be repeated, making them too expensive for practical use, given the frequency with which apps are updated, installed, and removed on a typical Android device. This paper presents a novel technique, dubbed FLAIR, for efficient, yet formally precise, security analysis of Android apps in response to incremental system changes. Leveraging the fact that the changes are likely to impact only a small fraction of the prior analysis results, FLAIR recomputes the analysis only where required, thereby greatly improving analysis performance without sacrificing the soundness and completeness thereof. Our experimental results using numerous collections of real-world apps corroborate that FLAIR can provide an order of magnitude speedup over prior techniques.
Similar content being viewed by others
References
Jackson D (2012) Software Abstractions, 2nd edn., MIT Press, Cambridge
Alloy Models from the Covert project (2015) https://seal.ics.uci.edu/projects/covert
Malgenome Project (2017) http://www.malgenomeproject.org
DroidBench (2018). https://github.com/secure-software-engineering/DroidBench/
ICC-Bench (2018) https://github.com/fgwei/ICC-Bench
Bazaar (2019). https://cafebazaar.ir//
F-Droid (2019) https://f-droid.org/
Flair web page (2019) https://sites.google.com/view/flairappanalysis
Google Play Market (2019) http://play.google.com/store/apps/
Number of available apps in the Google Play Store (2019) https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/
About Android App Bundles (2020) https://developer.android.com/guide/app-bundle
About Dynamic Delivery (2020) https://developer.android.com/guide/app-bundle/dynamic-delivery
GitHub Repository (2020) https://github.com/
Mobile Operating System Market Share Worldwide (2020) https://gs.statcounter.com/os-market-share/mobile/worldwide
Alhanahnah M, Yan Q, Bagheri H, Zhou H, Tsutano Y, Srisa-an W, Luo X (2019) Detecting vulnerable android inter-app communication in dynamically loaded code. In: IEEE International conference on computer communications, INFOCOM, Paris, France, April 29 - May 2, 2019, pp 550–558. https://doi.org/10.1109/INFOCOM.2019.8737637
Alhanahnah M, Yan Q, Bagheri H, Zhou H, Tsutano Y, Srisa-an W, Luo X (2020) DINA: detecting hidden android inter-app communication in dynamic loaded code. IEEE Trans Inf Forensics Secur 15:2782–2797. https://doi.org/10.1109/TIFS.2020.2976556
Armando A, Costa G, Merlo A (2012) Formal modeling and reasoning about the android security framework Palamidessi C, Ryan MD (eds). https://doi.org/10.1007/978-3-642-41157-1_5
Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P (2014) Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: ACM SIGPLAN Conference on programming language design and implementation, PLDI ’14, Edinburgh, United Kingdom - June 09 - 11, 2014, PLDI’14.ACM, Edinburgh, pp 29
Bagheri H, Garcia J, Sadeghi A, Malek S, Medvidovic N (2016) Software architectural principles in contemporary mobile software: from conception to practice. J Syst Softw 119:31–44. https://doi.org/10.1016/j.jss.2016.05.039
Bagheri H, Kang E, Malek S, Jackson D (2015) Detection of design flaws in the android permission protocol through bounded verification. In: Bjørner N, de Boer F (eds) FM 2015: formal methods, Lecture Notes in Computer Science, vol 9109, pp 73–89. Springer International Publishing. https://doi.org/10.1007/978-3-319-19249-9_6
Bagheri H, Kang E, Malek S, Jackson D (2018) A Formal Approach for Detection of Security Flaws in the Android Permission System. Form Asp Comput 30(5):525–544. https://doi.org/10.1007/s00165-017-0445-z
Bagheri H, Malek S (2016) Titanium: efficient analysis of evolving alloy specifications. In: Proceedings of the ACM SIGSOFT International symposium on the foundations of software engineering, FSE’16
Bagheri H, Sadeghi A, Behrouz RJ, Malek S (2016) Practical, formal synthesis and automatic enforcement of security policies for android. In: 46th Annual IEEE/IFIP international conference on dependable systems and networks, DSN 2016, Toulouse, France, June 28 - July 1, 2016. IEEE Computer Society, pp 514–525. https://doi.org/10.1109/DSN.2016.53
Bagheri H, Sadeghi A, Garcia J, Malek S (2015) COVERT: compositional analysis of android inter-app permission leakage IEEE. Trans Softw Eng (TSE)
Bagheri H, Song Y, Sullivan KJ (2010) Architectural style as an independent variable. In: Pecheur C, Andrews J, Nitto ED (eds) ASE 2010, 25th IEEE/ACM International conference on automated software engineering, Antwerp, Belgium, September 20-24, 2010. ACM, pp 159–162. https://doi.org/10.1145/1858996.1859026
Bagheri H, Sullivan KJ (2012) Pol: specification-driven synthesis of architectural code frameworks for platform-based applications. In: Ostermann K, Binder W (eds) Generative programming and component engineering, GPCE’12, Dresden, Germany, September 26-28, 2012. ACM, pp 93–102. https://doi.org/10.1145/2371401.2371416
Bagheri H, Sullivan KJ (2013) Bottom-up model-driven development. In: Notkin D, Cheng BHC, Pohl K (eds) 35th International conference on software engineering, ICSE ’13, San Francisco, CA, USA, May 18-26, 2013. IEEE Computer Society, pp 1221–1224. https://doi.org/10.1109/ICSE.2013.6606683
Bagheri H, Sullivan KJ (2016) Model-driven synthesis of formally precise, stylized software architectures. Formal Asp Comput 28 (3):441–467. https://doi.org/10.1007/s00165-016-0360-8
Bagheri H, Tang C, Sullivan KJ (2014) TradeMaker: Automated dynamic analysis of synthesized tradespaces. In: Jalote P, Briand LC, van der Hoek A (eds) 36th International conference on software engineering, ICSE ’14, Hyderabad, India - May 31 - June 07, 2014. ACM, pp 106–116. https://doi.org/10.1145/2568225.2568291
Bagheri H, Tang C, Sullivan KJ (2017) Automated synthesis and dynamic analysis of tradeoff spaces for object-relational mapping. IEEE Trans Software Eng 43(2):145–163. https://doi.org/10.1109/TSE.2016.2587646
Bagheri H, Wang J, Aerts J, Malek S (2018) Efficient, evolutionary security analysis of interacting android apps. In: 2018 IEEE International conference on software maintenance and evolution (ICSME), pp 357–368. https://doi.org/10.1109/ICSME.2018.00044
Bosu A, Liu F, Yao DD, Wang G (2017) Collusive data leak and more: large-scale threat analysis of inter-app communications. In: Proceedings of the 2017 ACM on Asia conference on computer and communications security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, April 2-6, 2017. pp 71–85
Bugiel S, Davi L, Dmitrienko A, Fischer T, Sadeghi A (2011) Xmandroid: a new android evolution to mitigate privilege escalation attacks. Technische UniversitÃt Darmstadt Technical Report TR-2011-04
Bugiel S, David L, Dmitrienko A, Fischer T, Sadeghi A, Shastry B (2012) Towards taming privilege-escalation attacks on android. In: 19th Annual network and distributed system security symposium, NDSS 2012, San Diego, California, USA, February 5-8
Bugliesi M, Calzavara S, Spanà A (2013) Lintent: Towards security type-checking of android applications. In: Beyer D, Boreale M (eds) Formal techniques for distributed systems, no. 7892 in Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-642-38592-6_20. Springer, Berlin, pp 289–304
Chaudhuri A (2009) Language-based security on Android. In: Proceedings of programming languages and analysis for security (PLAS’09). pp 1–7
Chin E, Felt AP, Greenwood K, Wagner D (2011) Analyzing inter-application communication in android. In: Proceedings of the 9th international conference on mobile systems, applications, and services. ACM, Washington, pp 239–252
Cozza R, Durand I, Gupta A (2014) Market share: ultramobiles by region, OS and Form Factor, 4Q13 and 2013 Gartner market research report
Davi L, Dmitrienko A, Sadeghi A, Winandy M Burmester M, Tsudik G, Magliveras S, Ilić I (eds) (2010) Privilege escalation attacks on android. Springer, Berlin
Dietz M, Shekhar S, Pisetsky Y, Shu A, Wallach DS (2011) QUIRE: Lightweight provenance for smart phone operating systems. In: USENIX Security symposium. San Francisco, CA
Felt AP, Chin E, Hanna S, Song D, Wagner D (2011) Android permissions demystified. In: Proceedings of the 18th ACM Conference on computer and communications security, CCS ’11. https://doi.org/10.1145/2046707.2046779. ACM, Chicago, pp 627–638
Felt AP, Hanna S, Chin E, Wang HJ, Moshchuk E (2011) Permission re-delegation: attacks and defenses. In: In 20th Usenix security symposium. San Francisco, CA
Fragkaki E, Bauer L, Jia L, Swasey D (2012) Modeling and enhancing android’s permission system. In: 17th European symposium on research in computer security (ESORICS), pp 1–18
Fuchs AP, Chaudhuri A, Foster JS (2009) SCanDroid: automated security certification of Android applications
Ganov S, Khurshid S, Perry DE (2012) Annotations for alloy: automated incremental analysis using domain specific solvers. In: Proceedings of ICFEM, pp 414–429
Hammad M, Bagheri H, Malek S (2017) Determination and enforcement of least-privilege architecture in android. In: 2017 IEEE International conference on software architecture, ICSA 2017, Gothenburg, Sweden, April 3-7, 2017. IEEE, pp 59–68. https://doi.org/10.1109/ICSA.2017.18
Hammad M, Bagheri H, Malek S (2019) DelDroid: An automated approach for determination and enforcement of least-privilege architecture in android. J Syst Softw 149:83–100
Jackson D (2002) Alloy: a lightweight object modelling notation. ACM Trans Softw Eng Methodol (TOSEM) 11(2):256–290
Khurshid S, Marinov D (2004) TestEra: specification-based testing of java programs using SAT. Autom Softw Eng 11(4):403–434
Klieber W, Flynn L, Bhosale A, Jia L, Bauer L (2014) Android taint flow analysis for app sets. In: Proceedings of the 3rd ACM SIGPLAN International workshop on the state of the art in java program analysis. ACM, Edinburgh, UK, pp 1–6
Lee YK, Bang JY, Safi G, Shahbazian A, Zhao Y, Medvidovic N (2017) A SEALANT for inter-app security holes in android. In: Proceedings of the 39th International conference on software engineering, ICSE 2017, Buenos Aires, Argentina, May 20-28, 2017. pp 312–323
Li L, Bartel A, Bissyandé TF, Klein J, Traon YL (2015) ApkCombiner: combining multiple android apps to support inter-app analysis. In: Federrath H, Gollmann D (eds) ICT Systems security and privacy protection - 30th IFIP TC 11 International conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings, ICT SEC’15, vol 455. Springer, pp 513–527. https://doi.org/10.1007/978-3-319-18467-8_34
Li L, Bartel A, Bissyande T, Klein J, Traon YL, Arzt S, Rasthofer S, Bodden E, Octeau D, McDaniel P (2015) IccTA: Detecting inter-component privacy leaks in android apps. In: Proceedings of the 37th International conference on software engineering, ICSE 2015. Florence, Italy
Li L, Bartel A, Klein J, Traon YL, Arzt S, Rasthofer S, Bodden E, Octeau D, McDaniel P (2014) I know what leaked in your pocket: uncovering privacy leaks on android apps with static taint analysis. arXiv:1404.7431 [cs]
Lu L, Li Z, Wu Z, Lee W, Jiang G (2012) Chex: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the 2012 ACM conference on computer and communications security. ACM, Raleigh, pp 229–240
Marforio C, Ritzdorf H, Francillo A, Capkun S (2012) Analysis of the communication between colluding applications on modern smartphones. In: The annual computer security applications conference (ACSAC), ACSAC’12
Mirzaei N, Garcia J, Bagheri H, Sadeghi A, Malek S (2016) Reducing combinatorics in GUI testing of android applications. In: Dillon LK, Visser W, Williams L (eds) Proceedings of the 38th International conference on software engineering, ICSE 2016, Austin, TX, USA, May 14-22, 2016. ACM, pp 559–570. https://doi.org/10.1145/2884781.2884853
Near JP, Jackson D (2014) Derailer: interactive security analysis for web applications. In: Proceedings of the 29th ACM/IEEE International conference on automated software engineering, ASE ’14. https://doi.org/10.1145/2642937.2643012. ACM, New York, pp 587–598
Octeau D, Jha S, Dering M, McDaniel P, Bartel A, Li L, Klein J, Traon YL (2016) Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. In: Bodík R, Majumdar R (eds) Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT symposium on principles of programming languages, POPL 2016, St. Petersburg, FL, USA, January 20 - 22, 2016. ACM, pp 469–484. https://doi.org/10.1145/2837614.2837661
Octeau D, Luchaup D, Dering M, Jha S, McDaniel P (2015) Composite constant propagation: application to android inter-component communication analysis. In: International conference on software engineering. IEEE, Florence
Octeau D, McDaniel P, Jha S, Bartel A, Bodden E, Klein J, Le Traon Y (2013) Effective inter-component communication mapping in android with epicc: an essential step towards holistic security analysis. In: Proceedings of the 22Nd USENIX Conference on security, SEC’13. USENIX Association, pp 543–558
Ravitch T, Creswick ER, Tomb A, Foltzer A, Elliott T, Casburn L (2014) Multi-app security analysis with FUSE: statically detecting android app collusion. In: Proceedings of the 4th Program protection and reverse engineering workshop, PPREW-4. ACM, New Orleans pp 4:1–4:10. https://doi.org/10.1145/2689702.2689705
Rosner N, Siddiqui JH, Aguirre N, Khurshid S, Frias MF (2013) Ranger: parallel analysis of alloy models by range partitioning. In: Proceeding of the 28th IEEE/ACM International conference on automated software engineering (ASE). pp 147–157
Sadeghi A, Bagheri H, Garcia J, Malek S (2017) A taxonomy and qualitative comparison of program analysis techniques for security assessment of android software. IEEE Trans Software Eng 43(6):492–530. https://doi.org/10.1109/TSE.2016.2615307
Sadeghi A, Bagheri H, Malek S (2015) Analysis of android inter-app security vulnerabilities using COVERT. In: Bertolino A, Canfora G, Elbaum SG (eds) 37th IEEE/ACM International conference on software engineering, ICSE 2015, Florence, Italy, May 16-24, 2015, vol 2. IEEE Computer Society, pp 725–728. https://doi.org/10.1109/ICSE.2015.233
Sadeghi A, Jabbarvand R, Ghorbani N, Bagheri H, Malek S (2018) A temporal permission analysis and enforcement framework for android. In: Proceedings of the 40th International conference on software engineering, ICSE’18. pp 846–857
Schmerl BR, Gennari J, Sadeghi A, Bagheri H, Malek S, Cámara J, Garlan D (2016) Architecture modeling and analysis of security in android systems. In: Tekinerdogan B, Zdun U, Babar MA (eds) Software architecture - 10th european conference, ECSA 2016, Copenhagen, Denmark, November 28 - December 2, 2016, Proceedings, Lecture Notes in Computer Science, vol 9839. pp 274–290. https://doi.org/10.1007/978-3-319-48992-6_21
Seneviratne S, Seneviratne A, Mohapatra P, Mahanti A (2014) Predicting user traits from a snapshot of apps installed on a Smartphone. ACM SIGMOBILE Mobil Comput Commun Rev 18(2):1–8
Smith E, Coglio A (2015) Android platform modeling and android app verification in the ACL2 theorem prover. In: Proceedings of the 7th International conference on verified software: theories, tools, and experiments, VSTTE’15, pp 183–201
Taghdiri M (2004) Inferring specifications to detect errors in code. In: Proceedings of the 19th IEEE International conference on automated software engineering, ASE ’04. https://doi.org/10.1109/ASE.2004.42. IEEE Computer Society, Washington, pp 144–153
Torlak E (2009) A constraint solver for software engineering: finding models and cores of large relational specifications. PhD thesis, MIT. http://alloy.mit.edu/kodkod/
Uzuncaova E, Khurshid S (2007) Kato: A Program Slicing Tool for Declarative Specifications. In: Proceedings of international conference on software engineering, ICSE’07, pp 767–770
Uzuncaova E, Khurshid S (2008) Constraint prioritization for efficient analysis of declarative models. In: Proceedings of international symposium on formal methods, FM’08
Wei F, Roy S, Ou X (2014) Robby: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, CCS ’14. https://doi.org/10.1145/2660267.2660357. ACM, Scottsdale, pp 1329–1341
Zheng G, Bagheri H, Rothermel G, Wang J (2020) Platinum: Reusing Constraint Solutions in Bounded Analysis of Relational Logic. In: Wehrheim H, Cabot J (eds) Fundamental approaches to software engineering - 23rd international conference, FASE 2020, Held as part of the european joint conferences on theory and practice of software, ETAPS 2020, Dublin, Ireland, April 25-30, 2020, Proceedings, Lecture Notes in Computer Science, vol 12076. Springer, pp 29–52
Acknowledgements
We thank Alireza Sadeghi for his help with the COVERT framework and helpful feedback on an early draft of the paper. This work was supported in part by an NSF EPSCoR FIRST award, and awards CCF-1618132, CCF-1755890, and CNS-1823262 from the National Science Foundation.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by: David Lo and Foutse Khomh
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article belongs to the Topical Collection: Software Maintenance and Evolution (ICSME)
Rights and permissions
About this article
Cite this article
Bagheri, H., Wang, J., Aerts, J. et al. Flair: efficient analysis of Android inter-component vulnerabilities in response to incremental changes. Empir Software Eng 26, 54 (2021). https://doi.org/10.1007/s10664-020-09932-6
Accepted:
Published:
DOI: https://doi.org/10.1007/s10664-020-09932-6