Android Permission Analysis: Pscout Tool Overview

pscout analyzing the android permission n.w
1 / 24
Embed
Share

Explore the Pscout tool's analysis of Android permissions, extraction from source code, and mapping with API calls for security and stability. Understand the trade-offs between least privilege and system stability.

  • Android
  • Permission Analysis
  • Pscout Tool
  • Security
  • Stability
rayaanacharya
merrit Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Pscout: Analyzing the Android Permission Specification OS 2015. 05. 26

  2. Contents Abstract Introduction Pscout design and implementation Evaluation Permission system analysis Conclusion Computer Security & OS Lab. 2

  3. Abstract There are many redundant permissions Pscout, extracts permission from Android OS source code using static analysis How are permission mapping interconnected? Trade-off between least-privilege and maintaining stability Computer Security & OS Lab. 3

  4. Introduction Android s 79 permissions available to third party application as of Android 4.0? Undocumented APIs are used by third party application? How complex is the specification and how heavily interconnected are different API calls with different permissions? Computer Security & OS Lab. 4

  5. Introduction PScout, version-independent tool compared with stowaway tool Android OS 2.2 ~ 4.0 PScout, analysis between API calls and permission check to produce a list of permissions that every Android API call requires PScout, mapping permission with APIs PScout, analysis Android functions and components such as Binder, Intents, Content Providers and permission check functions. Computer Security & OS Lab. 5

  6. PScout design and implementation PScout identifies all the permissions check in the Android framework and label checked permissions Builds a call graph over the entire Android framework including IPC and RPC calls. Performs a backwards reachability traversal over the graph to identify all API calls API calls that could reach a particular permission check In some cases, the reachability traversal may find additional permission check These permissions check missed first phase Computer Security & OS Lab. 6

  7. PScout design and implementation Computer Security & OS Lab. 7

  8. PScout design and implementation PScout extracts a permission specification from Android 4.0 framework on Intel Core 2 Duo 2.53 GHz CPU with 4 GB of memory in 33 hours. The majority of time is spent in two iteration of using Soot to extract information needed by PScout from the bytecode. PScout analysis non-system permissions implemented Android Open Source Project(AOSP) PScout cannot find permission mapping in native C/C++ code Computer Security & OS Lab. 8

  9. Permission check identification Explicit Call String literals in the framework source code String passed to the checkpermission function along with the App s UID Permission string is passed to a function that is not a checkpermission This permission string pass wrapper function(checkpermission) If no-checkpermission function PScout check if it is Intents Intents Extracting Intent action string from AndroidManifest.xml file Permission send/receive expressed programmatically sendBroadcast registerReceiver Content Provider PScout parse the manifest file to extract information Mapping between content provider URI and permissions Identify all actions on content providers with required permissions Computer Security & OS Lab. 9

  10. Call graph generation PScout analysis all class in Android framework including application and system level classes. PScout only uses Soot to extract the class hierarchy for each class Class hierarchy analysis using generating call graph PScout add execution flows across IPCs and RPCs into the call graph In Android, RPCs flow through Android s Binder class PScout adds Message Handlers IPCs to the call graph Computer Security & OS Lab. 10

  11. Reachability analysis Checkpermission function always succed Between these calls clearCallingIdentity and restoreCallingIdentity These function temporarily set the UID to the system services. Computer Security & OS Lab. 11

  12. Reachability analysis Access to a content provider made with virtual call to the generic ContentProvider class. PScout stops reachability traversal When it reaches a class or subclass of ContentProvider Documented APIs have a generic parent class This parent class is called by many other methods. PScout reached documented APIs, stop traversal. Computer Security & OS Lab. 12

  13. Evaluation PScout extract declared permission of 1,260 App from Android Market Extracted permissions using Android UI fuzzing Compare against a permission mapping produced by API fuzzing in the Stowaway project Compared with Android OS 2.2 Computer Security & OS Lab. 13

  14. Application UI fuzzer Stowaway Fuzzing Fuzzing directly Android API PScout UI Fuzzing Fuzzer select Android App s UI Check App has UI, find UI handler Generate candidate action for the screen Fuzzer heuristically identify UI handler(i.e., username, password) Collecting results Computer Security & OS Lab. 14

  15. Completeness PScout permission list cannot occur permission error Fuzzer cannot trigger permission error Third party App over declaration permission in AndroidManifest.xml file PScout permission list can occur permission error API permission mapping is missing API PScout vs Stowaway PScout code coverage higher than Stowaway Extra PScout Fuzzer using UI Extracting UI element from xml file Excepting service App Computer Security & OS Lab. 15

  16. Permission system analysis Are there any redundant permission? Are undocumented APIs used? How complex is the Android specification? How has it evolved over time? Computer Security & OS Lab. 16

  17. Are there any redundant permissions? Redundant relationship Both permission are always checked together P(Y|X) = 100% and P(X|Y) = 100% truly redundant KILL_BACKGROUND_PROCESSES and RESTART_PACKAGES RESTART_PACKAGES is a deprecated permission Computer Security & OS Lab. 17

  18. Are there any redundant permissions? Implicative relationship P(Y|X) = 100% and P(X|Y) = ? Found 14 pairs Write permissions imply read permission for content providers Ex) WRITE_CONTACTS implies READ_CONTACTS reciprocative relationship The checking of either permission by an API means that the other permission will also be checked with a probability higher than 90% P(Y|X) = 90% and P(X|Y) = 90% Found 1 pair ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION Computer Security & OS Lab. 18

  19. Are there any redundant permissions? Undocumented API usage 22~26% of declared permissions are only checked through undocumented API Undocumented API is hidden to developers Ex) SET_ALWAYS_FINISH, SET_DEBUG_APP are removed to system level permission in Android 4.1 3.7% App use undocumented APIs Computer Security & OS Lab. 19

  20. Are there any redundant permissions? Specification complexity 75% of permissions have fewer than 20 API calls Computer Security & OS Lab. 20

  21. Are there any redundant permissions? Specification complexity Over 80% of APIs only require at most 1 permission, and very few require more then 2 or 3. Computer Security & OS Lab. 21

  22. Are there any redundant permissions? Changes over time New API introduced with permissions Undocumented API documented API Small changes can lead to permission changes Computer Security & OS Lab. 22

  23. Conclusion Android permission system has little redundancy in its set of non-system permission Small subset of the permission can be hidden from most developers These permissions undocumented API There is a trade-off between fine-grain permission and permission specification stability. Computer Security & OS Lab. 23

  24. .

Related


No related presentations.

More Related Content