Title :
Protection against Code Obfuscation Attacks Based on Control Dependencies in Android Systems
Author :
Graa, Mariem ; Boulahia, Nora Cuppens ; Cuppens, Frederic ; Cavalliy, Ana
Author_Institution :
Telecom-Bretagne, Cesson Sévigne, France
fDate :
June 30 2014-July 2 2014
Abstract :
In Android systems, an attacker can obfuscate an application code to leak sensitive information. TaintDroid is an information flow tracking system that protects private data in smartphones. But, TainDroid cannot detect control flows. Thus, it can be circumvented by an obfuscated code attack based on control dependencies. In this paper, we present a collection of obfuscated code attacks on TaintDroid system. We propose a technical solution based on a hybrid approach that combines static and dynamic analysis. We formally specify our solution based on two propagation rules. Finally, we evaluate our approach and show that we can avoid the obfuscated code attacks based on control dependencies by using these propagation rules.
Keywords :
Android (operating system); data flow analysis; data protection; program control structures; Android systems; TaintDroid; code obfuscation attack protection; control dependencies; control flow detection; information flow tracking system; private data; sensitive information; smartphones; Androids; Context; Humanoid robots; Resists; Security; Smart phones; Android system; Code obfuscation attacks; Control dependencies; Information flow tracking; Leakage of sensitive information; Propagation rules;
Conference_Titel :
Software Security and Reliability-Companion (SERE-C), 2014 IEEE Eighth International Conference on
Conference_Location :
San Francisco, CA
DOI :
10.1109/SERE-C.2014.33
