SLDroid:检测第三方市场DCL使用情况及风险
SLDroid: Detection of the Usage and Risk of DCL in the Third-Party Market
DOI: 10.12677/CSA.2018.811192, PDF,    国家自然科学基金支持
作者: 李天阳*, 崔浩亮, 牛少彰:北京邮电大学智能通信软件与多媒体北京市重点实验室,北京
关键词: 动态代码加载第三方市场自动检测Dynamic Code Loading Third-Party Market Automatic Detection
摘要: 由于应用市场对于移动应用的审查周期较长,并且出于减少APK包大小的考虑,现在主流的Android应用中都引入了动态代码加载(DCL)技术。DCL技术允许应用加载或者执行外部的二进制文件,二进制文件可以从本地加载,也可以从网络下载。很好的解决了应用市场上架慢审查周期长的问题。然而DCL技术也带来了一些安全问题:只有在应用运行时或者关键点才会触发DCL功能。这增加了市场审查应用的难度,同时也给了恶意攻击者攻击应用的机会。所以我们设计了一个自动检测和分析DCL使用情况的工具SLDroid,我们使用SLDroid分析了应用宝市场应用,我们的调查结果基于应用宝市场20种不同类型的1934款应用使用DCL的情况,调查应用可能存在的DCL使用风险。本文介绍了我们设计实现的工具SLDroid,以及针对应用宝市场中应用使用DCL情况的初步结果。
Abstract: Due to the long review cycle for mobile applications in the application market and the consideration of reducing the size of Android Package (APK), dynamic code loading (DCL) technology has been introduced into mainstream Android applications. DCL technology allows applications to load or execute external binaries, which can be loaded locally or downloaded from the network. It has solved the problem of long examination cycle in the application market. However, DCL technology also brings some security problems: only when the application runs or executes key points can trigger DCL. This increases the difficulty of market review application, and also gives malicious attackers an opportunity to attack applications. So we designed a tool SLDroid to automatically detect and analyze DCL. We used SLDroid to analyze the application of App Treasure Market. Our results were based on the use of DCL in 1934 apps of 20 different types in App Treasure Market. We investigated the possible risks of DCL usage in the application.
文章引用:李天阳, 崔浩亮, 牛少彰. SLDroid:检测第三方市场DCL使用情况及风险[J]. 计算机科学与应用, 2018, 8(11): 1734-1743. https://doi.org/10.12677/CSA.2018.811192

参考文献

[1] Richard Nieva, Google Is Doing Deep Surgery on Android.
https://www.cnet.com/news/google-io-2017-android-o-project-treble-tv-go/2017
[2] http://www.appbrain.com/stats/number-of-android-apps
[3] Qu, Z.Y., Alam, S., Chen, Y., Zhou, X.Y., et al. (2017) DYDROID: Measuring Dynamic Code Loading and Its Security Implications in Android Applications. 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, 26-29 June 2017, 415-426.
[4] Poeplau, S., Fratantonio, Y., Bianchi, A., et al. (2014) Execute This! Analyzing Un-safe and Malicious Dynamic Code Loading in Android Applications. NDSS Symposium, San Diego, 23-26 February 2014.
[5] Zhauniarovich, Y., Ahmad, M., Gadyatskaya, O., et al. (2015) StaDynA: Addressing the Problem of Dynamic Code Up-dates in the Security Analysis of Android Applications. Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. [Google Scholar] [CrossRef
[6] Tan, D.J.J., Chua, T.-W., Thing, V.L.L., et al. (2015) Securing Android: A Survey, Taxonomy, and Challenges. ACM Computing Surveys (CSUR), 47, 58.
[7] Grace, M.C., Zhou, W., Jiang, X. and Sadeghi, A.-R. (2012) Unsafe Exposure Analysis of Mobile In-App Advertisements. WiSec, Tucson, 16-18 April 2012.
[8] ANDRUBIS-1,000,000 Apps Later: A View on Current Android Malware Behaviors.
[9] Book, T., Pridgen, A., DanLongitudinal, S.W., et al. (2013) Analysis of Android Ad Library Permissions. Computer Science.
[10] Igor, S., Felix, B., Xabier, U.P. and Pablo, G.B. (2013) Opcode Sequences as Representation of Executables for Data-Mining-Based Unknown Malware Detec-tion. Information Science, 231, 64-82. [Google Scholar] [CrossRef
[11] Sahs, J. and Khan, L. (2012) A Machine Learning Approach to Android Malware Detection. European Intelligence & Security Informatics Conference, Odense, 22-24 August 2012, 141-147.
[12] Allix, K., Bissyandé, T.F., Jérome, Q., Klein, J., et al. (2016) Empirical Assessment of Machine Learning-Based Malware Detectors for Android. Empirical Software Engineering, 21, 183-211.
[13] Falsina, L., Fratantonio, Y., Zanero, S., et al. (2015) Grab’n Run: Secure and Practical Dy-namic Code Loading for Android Applications. Computer Security Applications Conference, Los Angeles, 7-11 December 2015, 201-210.
[14] https://www.seleniumhq.org/
[15] https://developer.android.com/reference/dalvik/system/DexClassLoader
[16] https://play.google.com/about/developer-content-policy-print/
[17] Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., et al. (2014) FlowDroid: Precise Context, Flow, Field, Object-Sensitive and Lifecycle-Aware Taint Analysis for Android Apps. ACM SIGPLAN Conference on Programming Language Design and Implementation, Edinburgh, 9-11 June 2014, Vol. 49, 259-269.
[18] Li, L., Bis-syande, T.F., Klein, J. and Traon, Y.L. (2016) An Investigation into the Use of Common Libraries in Android Apps. 23rd International Conference on Software Analysis, Evolution, and Reengineering, Suita, 14-18 March 2016, 403-414. [Google Scholar] [CrossRef
[19] Desnos, A. Androguard—Reverse Engineering, Malware and Goodwar Analysis of Android Applications and More (ninja!). http://code.google.com/p/androguard/
[20] https://github.com/asLody/VirtualApp