NDroid: Toward tracking information flows across multiple android contexts
Saved in:
| Title: | NDroid: Toward tracking information flows across multiple android contexts |
|---|---|
| Authors: | Xue, Lei, Qian, Chenxiong, Zhou, Hao, Luo, Xiapu, Zhou, Yajin, Shao, Yuru, Chan, Alvin T.S. |
| Publication Year: | 2019 |
| Collection: | University of Hong Kong: HKU Scholars Hub |
| Subject Terms: | Java native interface (JNI), Android application analysis, taint analysis |
| Description: | For performance and compatibility reasons, developers tend to use native code in their applications (or simply apps). This makes a bidirectional data flow through multiple contexts, i.e., the Java context and the native context, in Android apps. Unfortunately, this interaction brings serious challenges to existing dynamic analysis systems, which fail to capture the data flow across different contexts. In this paper, we first performed a large-scale study on apps using native code and reported some observations. Then, we identified several scenarios where data flow cannot be tracked by existing systems, leading to uncaught information leakage. Based on these insights, we designed and implemented NDroid, an efficient dynamic taint analysis system that could track the data flow between both Java context and native context. The evaluation of real apps demonstrated the effectiveness of NDroid in identifying information leakage with reasonable performance overhead. ; link_to_subscribed_fulltext |
| Document Type: | article in journal/newspaper |
| Language: | English |
| Relation: | IEEE Transactions on Information Forensics and Security; 828; WOS:000444795500010; 814; https://hub.hku.hk/handle/10722/303579; 14 |
| DOI: | 10.1109/TIFS.2018.2866347 |
| Availability: | https://hub.hku.hk/handle/10722/303579 https://doi.org/10.1109/TIFS.2018.2866347 |
| Accession Number: | edsbas.2A95FCA3 |
| Database: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | For performance and compatibility reasons, developers tend to use native code in their applications (or simply apps). This makes a bidirectional data flow through multiple contexts, i.e., the Java context and the native context, in Android apps. Unfortunately, this interaction brings serious challenges to existing dynamic analysis systems, which fail to capture the data flow across different contexts. In this paper, we first performed a large-scale study on apps using native code and reported some observations. Then, we identified several scenarios where data flow cannot be tracked by existing systems, leading to uncaught information leakage. Based on these insights, we designed and implemented NDroid, an efficient dynamic taint analysis system that could track the data flow between both Java context and native context. The evaluation of real apps demonstrated the effectiveness of NDroid in identifying information leakage with reasonable performance overhead. ; link_to_subscribed_fulltext |
|---|---|
| DOI: | 10.1109/TIFS.2018.2866347 |