Title :
Modelling Analysis and Auto-detection of Cryptographic Misuse in Android Applications
Author :
Shao Shuai ; Dong Guowei ; Guo Tao ; Yang Tianchang ; Shi Chenjie
Author_Institution :
China Inf. Technol. Security Evaluation Center, Beijing, China
Abstract :
Cryptographic misuse affects a sizeable portion of Android applications. However, there is only an empirical study that has been made about this problem. In this paper, we perform a systematic analysis on the cryptographic misuse, build the cryptographic misuse vulnerability model and implement a prototype tool Crypto Misuse Analyser (CMA). The CMA can perform static analysis on Android apps and select the branches that invoke the cryptographic API. Then it runs the app following the target branch and records the cryptographic API calls. At last, the CMA identifies the cryptographic API misuse vulnerabilities from the records based on the pre-defined model. We also analyze dozens of Android apps with the help of CMA and find that more than a half of apps are affected by such vulnerabilities.
Keywords :
Android (operating system); application program interfaces; cryptography; program diagnostics; Android application; CMA; cryptographic API; cryptographic misuse autodetection; cryptographic misuse vulnerability model; prototype tool crypto misuse analyser; static analysis; Analytical models; Androids; Encryption; Humanoid robots; Runtime; Android; Cryptographic Misuse; Modelling Analysis; Vulnerability;
Conference_Titel :
Dependable, Autonomic and Secure Computing (DASC), 2014 IEEE 12th International Conference on
Conference_Location :
Dalian
Print_ISBN :
978-1-4799-5078-2
DOI :
10.1109/DASC.2014.22
