Jean-Marie Mineau
parent
25c79da4f9
commit
021ac36e73
GPG key ID:
B66AEEDA9B645AD2
15 changed files with 110 additions and 75 deletions
|
|
@ -1,9 +1,20 @@
|
|||
#import "../lib.typ": todo, epigraph
|
||||
#import "../lib.typ": epigraph, ART, APK, ie, highlight-block
|
||||
#import "X_var.typ": nbapk
|
||||
|
||||
= Class Loaders in the Middle: Confusing Android Static Analyzers <sec:cl>
|
||||
= Class Loaders in the Middle: Confusing Android Static Analysers <sec:cl>
|
||||
|
||||
#epigraph("Esmerelda Weatherwax, Wyrd Sisters, Terry Pratchett")[Things that try to look like things often do look more like things than things.]
|
||||
|
||||
#align(center, highlight-block(inset: 15pt, width: 75%, block(align(left)[
|
||||
The dynamic linking and loading of the different classes by the #ART is a complex task that can eventually be exploited by an attacker.
|
||||
In particular, if the developer adds a class whose name collides with the name of a class of the Android operating system or another class in the application, they may confuse a reverse engineer in charge of studying such an application.
|
||||
In this chapter, we explore the consequences of those collisions.
|
||||
We highlight three attacks that we call shadow attacks because the class implementation that a reverser would find shadows a second implementation with a higher priority.
|
||||
In particular, we show that a static analysis tools used by a reverser choose the shadow implementation for most of the evaluated tools, and outputs a wrong result.
|
||||
In a dataset of #nbapk applications, we also investigate whether shadow attacks are used in the wild and show that, most of the time, there is no malicious behavior behind them.
|
||||
])))
|
||||
|
||||
|
||||
#include("0_intro.typ")
|
||||
#include("1_related_work.typ")
|
||||
#include("2_classloading.typ")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue