Static Analysis of Android Applications

Grishchenko, Ilya

Static Analysis of Android Applications

Grishchenko, I. (2014). Static Analysis of Android Applications. Master Thesis, Universität des Saarlandes, Saarbrücken.

Item is 公開

表示: 全項目非表示: 全項目

基本情報

表示: 非表示:

アイテムのパーマリンク: https://hdl.handle.net/11858/00-001M-0000-0026-C962-6 版のパーマリンク: https://hdl.handle.net/11858/00-001M-0000-0029-76DD-5

資料種別: 学位論文

ファイル

表示: ファイル

非表示: ファイル

:

2014_Grishchenko_MScThesis.pdf (全文テキスト（全般）), 2MB

ファイルのパーマリンク:
-

ファイル名:
2014_Grishchenko_MScThesis.pdf

説明:
-

OA-Status:

閲覧制限:
制限付き (Max Planck Institute for Informatics, MSIN; )

MIMEタイプ / チェックサム:
application/pdf

技術的なメタデータ:

著作権日付:
-

著作権情報:
-

CCライセンス:
-

作成者

表示:

非表示:

作成者:
Grishchenko, Ilya¹, 著者
Maffei, Matteu², 学位論文主査
Hammer, Christian³, 監修者

所属:
1International Max Planck Research School, MPI for Informatics, Max Planck Society, Campus E1 4, 66123 Saarbrücken, DE, ou_1116551
2Cluster of Excellence Multimodal Computing and Interaction, ou_persistent22
3External Organizations, ou_persistent22

内容説明

表示:

非表示:

キーワード: -

要旨: Mobile and portable devices are machines that users carry with them everywhere, they can be seen as constant personal assistants of modern human life. Today the Android operating system for mobile devices is the most popular one and the number of users still grows: as of September 2013, 1 billion devices have been activated [Goob]. This makes the Android market attractive for developers willing to provide new functionality. As a consequence, 48 billion applications ("apps") have been installed from the Google Play store [BBC]. Apps often require user data in order to perform the intended activity. At the same time parts of this data can be treated as sensitive private information, for instance, authentication credentials for accessing the bank account. The most significant built-in security measure in Android, the permission system, provides only little control on how the app is using the supplied data. In order to mitigate the threat mentioned above, the hidden unintended app activity, the recent research goes in three main directions: inline-reference monitoring modifies the app to make it safe according to user defined restrictions, dynamic analysis monitors the app execution in order to prevent undesired activity, and static analysis verifies the app properties from the app code prior to execution. As we want to have provable security guarantees before we execute the app, we focus on static analysis. This thesis presents a novel static analysis technique based on Horn clause resolution. In particular, we propose the small-step concrete semantics for Android apps, we develop a new form of abstraction which is supported by general theorem provers. Additionally, we have proved the soundness of our analysis technique. We have developed a tool that takes the bytecode of the Android app and makes it accessible to the theorem prover. This enables the automated verification of a variety of security properties, for instance, whether a certain functionality is preceded by a particular one, for instance, whether the output of a bank transaction is secured before sending it to the bank, or on which values it operates, for instance, whether the IP-address of the bank is the only possible transaction destination. A case study as well as a performance evaluation of our tool conclude this thesis.

資料詳細

表示:

非表示:

言語: eng - English

日付: 出版: 2014

出版の状態: 出版

ページ: 96 p.

出版情報: Saarbrücken : Universität des Saarlandes

目次: -

査読: -

識別子（DOI, ISBNなど）: BibTex参照ID: 2014Grishchenko

学位: 修士号 (Master)

アイテム詳細

基本情報

ファイル

関連URL

作成者

内容説明

資料詳細

関連イベント

訴訟

Project information

出版物