Please use this identifier to cite or link to this item: https://ah.nccu.edu.tw/handle/140.119/111453


Title: AppScan:手機應用程式行為靜態偵測掃描-以iOS為例
AppScan : Static mobile application behavior scanning on iOS executable
Authors: 王韋仁
Wang, Wei Ren
Contributors: 郁方
Yu, Fang
王韋仁
Wang, Wei Ren
Keywords: 行動應用程式
靜態分析
行為分析
語法分析
Mobile apps
Static analysis
Behavior analysis
Syntax analysis
Date: 2017
Issue Date: 2017-07-31 10:58:40 (UTC+8)
Abstract: 行動應用程式是當今最受歡迎和最主要的軟體應用程式,因此應用程式的實際行為以及相關的安全和隱私問題變得越來越重要。另一方面,隨著時間的推移,AppStore上有越來越多的應用程式已經停止更新或停止服務,但沒有從AppStore中刪除。然而,用戶對於缺少維護問題一無所知,仍然下載並使用它。在本研究中,我們將解決在應用程式中檢查特定屬性方法序列的問題。通過使用IDApro生成Function call dependency graph和Subroutine control flow graph,我們使用語法分析方式來進行跨子程式的序列檢查方案。我們將通過預先定義屬性的方法序列作為模型來檢查應用程式行為。這個分析方法可以說明在App Store中可用的應用程式中是否存在屬性方法序列。有助於我們在應用程式中檢查一些惡意行為屬性方法序列或特定行為方法序列(例如使用不推薦的api方法)。
我們的網絡爬蟲從官方文件中摘取了的所有可用的iOS SDK方法,並從中提取做為我們的模型序列。我們將檢查應用程式是否包含所準備的模型序列。如果應用程式中存在該序列,我們將在應用程式中記錄子程式中包含的方法序列調用。然後將結果數據匯總到我們的數據庫中,並將結果視覺化、數據化,並建立系統的的API服務。最後,我們構建了一個使用上述檢查功能所識做的的分析系統,並以Web服務形式顯示結果。
Mobile application is the most popular and dominant software applications nowadays, so the actual behaviors of the application and the related security and privacy issues become more and more important. On the other hand, as time goes by, there are more and more applications on the AppStore stop to update or being abandoned but not removed from AppStore. However, the users know nothing about the lack of maintenance problems and still download and use it. In this research, we will resolve the issue for checking specific property method sequence within an application. By using IDApro to generate function call graph and the subroutine control flow graphs, we use syntax checking strategy to perform a across subroutines sequential checking solution. We will check the application behavior by predefining a property method sequence as pattern and then check with applications’. The analysis method can illustrate whether a property method sequence exists in the application which is available on App Store. This may help us to check some malicious behavior property method sequence or specific behavior method sequence (ex. using deprecated api methods) in the applications. We have prepared some property method sequence as our system input pattern extracted from all the available iOS SDK methods fetching by our web crawler. We will check whether an application contains the prepared method sequence or not. If the sequence exists in the application, we would record the method sequence call included in the subroutine within the application. Then the results data will be aggregated in our database, and export as api service for visualizing and statistic uses. Finally, we construct a call sequence analysis system for the above checking functions and show the result in a web service form
Reference: [1] Apache hadoop. http://hadoop.apache.org/.
[2] ios developer api reference. https://developer.apple.com/reference/.
[3] ios release notes. https://developer.apple.com/library/content/ releasenotes/General/WhatsNewIniOS/.
[4] Pangu ios 9. Available online at urlhttp://www.pangu.io.
[5] stefanesser umpdecrypted. Available online at url- https://github.com/stefanesser/dumpdecrypted.
[6] ios developer program license agreement. https://developer.apple.com/programs/terms/ios/standard/ ios program standard agreement 20140909.pdf, jan 2016.
[7] Yuvraj Agarwal and Malcolm Hall. Protectmyprivacy: detecting and mitigating privacy leaks on ios devices using crowdsourcing. In Proceeding of the 11th annual international conference on Mobile systems, applications, and services, pages 97–110. ACM, 2013.
[8] Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for an- droid apps. Acm Sigplan Notices, 49(6):259–269, 2014.
[9] User Interface Design Group at MIT. Sikuli. http://www.sikuli.org/.
[10] Gleison Brito, Andre Hora, Marco Tulio Valente, and Romain Robbes. Do developers deprecate apis with replacement messages? a large-scale analysis on java systems. In Software Analysis, Evolution, and Reengineering (SANER), 2016 IEEE 23rd Inter- national Conference on, volume 1, pages 360–369. IEEE, 2016.
[11] Jeffrey Dean and Sanjay Ghemawat. Mapreduce: Simplified data processing on large clusters. Commun. ACM, 51(1):107–113, January 2008.
[12] Jeffrey Dean and Sanjay Ghemawat. Mapreduce: simplified data processing on large clusters. Communications of the ACM, 51(1):107–113, 2008.
[13] Zhui Deng, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu. iris: Vetting private API abuse in ios applications. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-6, 2015, pages 44–56, 2015.
[14] Adam Shook Donald Miner. MapReduce Design Patterns. O’Reilly Media, May 2012.
[15] Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. Pios: De-
tecting privacy leaks in ios applications. In NDSS, 2011.
[16] William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2):5, 2014.
[17] Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steve Hanna, and David Wag- ner. A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pages 3–14. ACM, 2011.
[18] Yu Feng, Saswat Anand, Isil Dillig, and Alex Aiken. Apposcopy: Semantics-based detection of android malware through static analysis. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 576–587. ACM, 2014.
[19] Alessandra Gorla, Ilaria Tavecchia, Florian Gross, and Andreas Zeller. Checking app behavior against app descriptions. In Proceedings of the 36th International Confer- ence on Software Engineering, pages 1025–1035. ACM, 2014.
[20] Jin Han, Qiang Yan, Debin Gao, Jianying Zhou, and Huijie Robert DENG. Android or ios for better privacy protection? 2014.
[21] Jianjun Huang, Xiangyu Zhang, Lin Tan, Peng Wang, and Bin Liang. Asdroid: Detecting stealthy behaviors in android applications by user interface and program behavior contradiction. In Proceedings of the 36th International Conference on Soft- ware Engineering, pages 1036–1046. ACM, 2014.
[22] Apple Inc. Apple worldwide developers conference 2015. https://developer. apple.com/videos/wwdc2015/, 2015.
[23] Mariantonietta La Polla, Fabio Martinelli, and Daniele Sgandurra. A survey on security for mobile devices. IEEE communications surveys & tutorials, 15(1):446– 471, 2013.
[24] Li Li, Alexandre Bartel, Tegawend ́e F Bissyand ́e, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick Mc- Daniel. Iccta: Detecting inter-component privacy leaks in android apps. In Proceed- ings of the 37th International Conference on Software Engineering-Volume 1, pages 280–291. IEEE Press, 2015.
[25] Li Li, Tegawend ́e F Bissyand ́e, Damien Octeau, and Jacques Klein. Droidra: Taming reflection to support whole-program analysis of android apps. In Proceedings of the 25th International Symposium on Software Testing and Analysis, pages 318–329. ACM, 2016.
[26] Benjamin Livshits and Jaeyeon Jung. Automatic mediation of privacy-sensitive re- source access in smartphone applications. In Proceedings of the 22th USENIX Secu- rity Symposium, Washington, DC, USA, August 14-16, 2013, pages 113–130.
[27] Tyler McDonnell, Baishakhi Ray, and Miryung Kim. An empirical study of api stability and adoption in the android ecosystem. In Software Maintenance (ICSM), 2013 29th IEEE International Conference on, pages 70–79. IEEE, 2013.
[28] Shinya Kasatani Patrick Lightbody Julian Harty Jennifer Bevan Haw-Bin Chai Philippe Hanrigou, Jason Huggins et al. selenium. http://www.seleniumhq. org/, 2008. [Online; accessed 19-July-2008].
[29] Hex-Rays SA. Ida pro. https://www.hex-rays.com/products/ida/ index.shtml.
[30] N. Seriot. ios-runtime-headers. url = https://github.com/nst/iOS-Runtime-Headers. (Visited on 10/31/2015).
[31] Paulo de Barros SILVA FILHO. Static analysis of implicit control flow: resolving java reflection and android intents. 2016.
[32] Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee. Jekyll on ios: When benign apps become evil. In Presented as part of the 22nd USENIX Secu- rity Symposium (USENIX Security 13), pages 559–572, Washington, D.C., 2013. USENIX.
[33] Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi, and Thorsten Holz. Psios: bring your own privacy & security to ios devices. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pages 13–24. ACM, 2013.
[34] Tom White. Hadoop: The Definitive Guide, 3rd Edition. O’Reilly Media / Yahoo Press, May 2012.
[35] Zhemin Yang, Min Yang, Yuan Zhang, Guofei Gu, Peng Ning, and X Sean Wang. Appintent: Analyzing sensitive data transmission in android for privacy leakage de- tection. In Proceedings of the 2013 ACM SIGSAC conference on Computer & com- munications security, pages 1043–1054. ACM, 2013.
[36] Fang Yu, Yuan-Chieh Lee, Steven Tai, and Wei-Shao Tang. Appbeach: Characteriz- ing app behaviors via static binary analysis. In Proceedings of the 2013 IEEE Second International Conference on Mobile Services, page 86. IEEE Computer Society, 2013.
[37] Jing Zhou and Robert J Walker. Api deprecation: a retrospective analysis and detection method for code examples on the web. In Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 266–277. ACM, 2016.
[38] Yajin Zhou, Zhi Wang, Wu Zhou, and Xuxian Jiang. Hey, you, get off of my mar- ket: detecting malicious apps in official and alternative android markets. In NDSS, volume 25, pages 50–52, 2012.
Description: 碩士
國立政治大學
資訊管理學系
103356019
Source URI: http://thesis.lib.nccu.edu.tw/record/#G0103356019
Data Type: thesis
Appears in Collections:[資訊管理學系] 學位論文

Files in This Item:

File SizeFormat
601901.pdf4777KbAdobe PDF242View/Open


All items in 學術集成 are protected by copyright, with all rights reserved.


社群 sharing