This commit is contained in:
parent
89c7f6ef08
commit
826c428114
GPG key ID:
B66AEEDA9B645AD2
6 changed files with 81 additions and 6 deletions
|
|
@ -1,4 +1,4 @@
|
|||
#import "../lib.typ": todo, epigraph, eg
|
||||
#import "../lib.typ": todo, epigraph, eg, APK, jm-note
|
||||
|
||||
= Introduction <sec:intro>
|
||||
|
||||
|
|
@ -17,11 +17,10 @@ This threat model goes as far as to consider that an adversarie can have physica
|
|||
On the device, this security model imply the sandboxing of each applications, with a system of permissions to allow the applications to perform potentially unwanted actions.
|
||||
For example, an applications cannot access the contact list without requesting the permission to the user first.
|
||||
Android keep improving its security version from version, be it by improving the sandboxing (#eg starting with Android 10, application can no longer access the clipboard if they are not focused) or safer default (#eg since Android 9, by default, all network connection must use TLS).
|
||||
// Android Bouncer, ca marche pas tres bien quand même ect ect (stralker ware?)
|
||||
|
||||
|
||||
/*
|
||||
* A mettre qqp:
|
||||
* - "Evaluating the Reusability of Android Static Analysis Tools" https://dx.doi.org/10.1007/978-3-031-66459-5_10 10.1007/978-3-031-66459-5_10 21st International Conference on Software and Systems Reuse, ICSR 2024 https://hal.science/hal-04557993v1
|
||||
* - "Class Loaders in the Middle: Confusing Android Static Analyzers" in Digital Threats: Research and Practice http://dx.doi.org/10.1145/3754457
|
||||
*
|
||||
*
|
||||
*
|
||||
|
|
@ -46,4 +45,37 @@ Android keep improving its security version from version, be it by improving the
|
|||
|
||||
#todo[3) savent pas gerer le chargement dyn et reflection]
|
||||
|
||||
#[
|
||||
#set heading(numbering: none, outlined: false, bookmarked: false)
|
||||
|
||||
== Contributions
|
||||
|
||||
The contributions of this thesis are the following:
|
||||
|
||||
+ We evaluate the reusability of Android static analysis tools published by the community:
|
||||
We rebuild the tools in their original environment as container images.
|
||||
With those containers, those tools are now readilly available capable of running either Docker of Singularity.
|
||||
We also tested those tools on a dataset of real-life applications balanced in order to have a significant number of applications with different caracteristics to assess which caracteristic impact the success of a tools.
|
||||
This work was presented at the ICSR 2024 conference~@rasta.
|
||||
+ We model the default class loading behavior of Android.
|
||||
Based on this model, we defined a class of obfuscation technique that we called _shadow attacks_ where an class definition in an #APK shadows the actual class definition.
|
||||
We show that common state of the arts tools like Jadx or Flowdroid do not implement this model correctly and thus can fall for those shadow attacks.
|
||||
We surveilled a large number of rescent Android applications and found that applications with classes shadowing the actual definition do exists, those are the result of quirks in the #APK compilation process and not deliberate obfuscation attempts.
|
||||
This work was publish in the Digital Threats journal~@classloaderinthemiddle. #todo[update ref when not 'just published' anymore]
|
||||
+ We propose an approach to allow static analysis tools to analyse application that perform dynamic code loading:
|
||||
We collect at runtime the bytecode dynamically loaded and the reflection calls informations, an patch the #APK file to perform those operation statically.
|
||||
Finally, we evaluate the impact this transformation has on the #jm-note[resiliance][wrong word?] of the tools we containerized previously.
|
||||
|
||||
== Outline
|
||||
|
||||
This dissertation is composed of 6 chapters.
|
||||
This introduction is the first chapter.
|
||||
It is followed by @sec:bg that gives background information about Android and the different analysis techniques targetting Android applications.
|
||||
|
||||
The next 3 chapters are dedicated to the contributions of this thesis.
|
||||
First @sec:rasta studdies the reusability of static analysis tools.
|
||||
Next in @sec:cl, we model the default class loading algorithm used by Android and the show the consequences for reverse engineering tools that implement a wrong model.
|
||||
Then @sec:th presents an approach that allows for static analysis tools to analyse applications that load bytecode at runtime.
|
||||
|
||||
Finally, @sec:conclusion summarizes the contributions of this thesis and opens perspectives for futur work.
|
||||
]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue