TOWARDS ENHANCING ANDROID APPLICATION AND SYSTEM SECURITY

Open Access
Author:
Luo, Lannan
Graduate Program:
Information Sciences and Technology
Degree:
Doctor of Philosophy
Document Type:
Dissertation
Date of Defense:
May 16, 2017
Committee Members:
  • Peng Liu, Dissertation Advisor
  • Peng Liu, Committee Chair
  • Anna Squicciarini, Committee Member
  • Xingyu Xing, Committee Member
  • Minghui Zhu, Outside Member
Keywords:
  • Symbolic execution
  • Concolic execution
  • Vulnerability discovery
  • Exploit generation
  • Android Framewor
  • Code obfuscation
  • Android apps
  • Android app repackaging
  • Tamper-proofing
  • Obfuscation
Abstract:
The market for smartphones has been booming in the past few years. Android dominates the market with 87.5% of the global smartphone shipments and over 65 billion Android apps downloaded. With the unprecedented popularity of Android devices, however, a dramatically increasing number of security threats are posing to Android applications and systems. Tremendous efforts from both industry and academia have been made to mitigate the threats to secure Android. This dissertation mainly focuses on two severe threats: Android App repackaging and Android Framework vulnerabilities, and propose techniques and approaches to address them and, hence, enhance Android application and system security. First, we propose a decentralized Android app repackaging detection scheme to impede the prevalent app repackaging problem in the market. Existing countermeasures mostly detect repackaging based on app similarity measurement and rely on a central party to perform detection. However, the centralized scheme is unscalable and the detection techniques tend to be imprecise when handling obfuscated apps, resulting in many repackaged apps escaping detection and being widely distributed in the market. To solve the problem, we propose a decentralized repackaging detection scheme, which adds the repackaging detection capability into the code of an app, such that repackaging detection becomes an inherent part of the app when it is released. Second, we design and build the first system that enables symbolic execution of Android Framework to automatically discover vulnerabilities and generate exploits. Android Framework is an integral and foundational part of the Android system. Each of the 1.4 billion Android devices relies on the system services of Android Framework to manage applications and system resources. Given its critical role, a vulnerability in the framework can be exploited to launch large-scale cyber attacks and cause severe harms to user security and privacy. Recently, many vulnerabilities in Android Framework were exposed, showing that it is vulnerable and exploitable. However, most existing research has been limited to analyzing Android applications, while there are very few techniques and tools developed for analyzing Android Framework. To fill the gap, we develop the first system that analyzes the framework through symbolic execution, and demonstrate how the system can be applied to discovering new vulnerability instances and generating PoC exploits. Given that symbolic execution has proven to be a very useful technique, we plan to apply the system to other purposes in future work, such as automatic API specification generation, fine-grained malware analysis, and testing.