TY - GEN
T1 - AutoPatchDroid
T2 - 2017 IEEE International Conference on Communications, ICC 2017
AU - Xie, Jiayun
AU - Fu, Xiao
AU - Du, Xiaojiang
AU - Luo, Bin
AU - Guizani, Mohsen
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/7/28
Y1 - 2017/7/28
N2 - Recently, an increasing number of inter-app attacks such as confused deputy attacks, data leakage attacks and collusion attacks spring up. However, there is no perfect defense method against them. As we all know, developers play an important role in android security, but their weak consciousness about the security may lead to inter-app attacks. Therefore, considered for developers, it is important to investigate and try to defend against such attacks in android. This paper presents typical inter-app attacks in android and proposes AutoPatchDroid, an automatic framework to find the vulnerable code in apps and patch them automatically. We firstly find the vulnerable paths from sources to sinks, sources to execution exit points, execution entry points to sinks and execution entry points to execution exit points in the application using static analysis. Then we locate the vulnerable code pieces and insert the patch code to guard against such attacks. AutoPatchDroid prevent inter-app attacks in the application level rather than modifying the kernel or framework. We use DroidBench and IccRE to evaluate our framework, and find that AutoPatchDroid could effectively secure the apps. The runtime overhead introduced by AutoPatchDroid is 1.105% on average.
AB - Recently, an increasing number of inter-app attacks such as confused deputy attacks, data leakage attacks and collusion attacks spring up. However, there is no perfect defense method against them. As we all know, developers play an important role in android security, but their weak consciousness about the security may lead to inter-app attacks. Therefore, considered for developers, it is important to investigate and try to defend against such attacks in android. This paper presents typical inter-app attacks in android and proposes AutoPatchDroid, an automatic framework to find the vulnerable code in apps and patch them automatically. We firstly find the vulnerable paths from sources to sinks, sources to execution exit points, execution entry points to sinks and execution entry points to execution exit points in the application using static analysis. Then we locate the vulnerable code pieces and insert the patch code to guard against such attacks. AutoPatchDroid prevent inter-app attacks in the application level rather than modifying the kernel or framework. We use DroidBench and IccRE to evaluate our framework, and find that AutoPatchDroid could effectively secure the apps. The runtime overhead introduced by AutoPatchDroid is 1.105% on average.
KW - Android
KW - Bytecode Rewriting
KW - Inter-App Attack
KW - Static Analysis
UR - http://www.scopus.com/inward/record.url?scp=85028334155&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85028334155&partnerID=8YFLogxK
U2 - 10.1109/ICC.2017.7996682
DO - 10.1109/ICC.2017.7996682
M3 - Conference contribution
AN - SCOPUS:85028334155
T3 - IEEE International Conference on Communications
BT - 2017 IEEE International Conference on Communications, ICC 2017
A2 - Debbah, Merouane
A2 - Gesbert, David
A2 - Mellouk, Abdelhamid
Y2 - 21 May 2017 through 25 May 2017
ER -