Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android

Alexandre Bartel 1 Jacques Klein 1 Martin Monperrus 2 Yves Le Traon 1
1 SnT - Interdisciplinary Centre for Security, Reliability and Trust [Luxembourg]
2 SPIRALS - Self-adaptation for distributed services and large software systems
LIFL - Laboratoire d'Informatique Fondamentale de Lille, Inria Lille - Nord Europe
Abstract : A common security architecture is based on the protection of certain resources by permission checks (used e.g., in Android and Blackberry). It has some limitations, for instance, when applications are granted more permissions than they actually need, which facilitates all kinds of malicious usage (e.g., through code injection). The analysis of permission-based framework requires a precise mapping between API methods of the framework and the permissions they require. In this paper, we show that naive static analysis fails miserably when applied with off-the-shelf components on the Android framework. We then present an advanced class-hierarchy and field-sensitive set of analyses to extract this mapping. Those static analyses are capable of analyzing the Android framework. They use novel domain specific optimizations dedicated to Android.
Keywords : security Android Java static analysis Soot large scale framework permissions call-graph
Type de document :
Article dans une revue
IEEE Transactions on Software Engineering, Institute of Electrical and Electronics Engineers, 2014, 40, pp.617-632. 〈10.1109/TSE.2014.2322867〉
Liste complète des métadonnées

Littérature citée [30 références]  Voir  Masquer  Télécharger
https://hal.inria.fr/hal-01055656
Contributeur : Alexandre Bartel <>
Soumis le : mercredi 13 août 2014 - 11:21:03
Dernière modification le : jeudi 11 janvier 2018 - 06:25:38
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 00:16:43

Fichiers

full.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

INRIA | CRISTAL | CRISTAL-SPIRALS | UNIV-LILLE3

Citation

Alexandre Bartel, Jacques Klein, Martin Monperrus, Yves Le Traon. Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android. IEEE Transactions on Software Engineering, Institute of Electrical and Electronics Engineers, 2014, 40, pp.617-632. 〈10.1109/TSE.2014.2322867〉. 〈hal-01055656〉

Exporter

BibTeX TEI DC DCterms EndNote

Partager

Métriques

Consultations de la notice

374

Téléchargements de fichiers

335

Contact


archive-ouverte@inria.fr