透過跨程序數據流分析以達成Android應用程式敏感行為審查

Abstract

許多Android應用程式中存在對於敏感資料的不當使用，而這可能會造成嚴重的隱私危害。我們將對於敏感資料的存取和使用稱為敏感行為。透過對敏感資料進行數據流分析可以發掘這些敏感行為。然而傳統的數據流分析方法無法直接應用於Android環境中。一個Android應用程式中包含多個元件，而元件間可以直接地透過跨元件溝通（inter-component communication， ICC）或者間接地透過檔案系統來進行互動。此外，數據流也可能受到Android架構所呼叫的回呼函式所影響。傳統的數據流分析無法處理這些Android的特性，並且可能導致不精確的結果。在這篇論文中，我們提出了一個透過敏感數據流分析來發掘一個Android應用程式中的敏感行為的方法。對於一個Android應用程式，我們的系統會透過靜態分析建構一個富含語意資訊的圖──敏感行為圖。這個圖描述了一個應用程式的高階資訊，提供分析者敏感數據流的概觀。透過敏感行為圖，我們將Android中的敏感數據流分析轉換成一個跨程序數據流分析問題。最後，透過敏感數據流分析，我們可以將應用程式與敏感行為特徵值（一種用來描述感興趣的敏感數據流的高階特徵值）進行比對，以發掘其中的敏感行為。我們將此系統以一些真實的惡意程式以及Google Play上的前100名的免費應用程式來進行驗證。實驗顯示我們的系統可以有效的找出Android應用程式內的敏感行為，並且透過敏感行為圖的輔助，可以幫助找出應用程式中需要進一步研究的部分。

Many Android applications have improper use of sensitive data, which may introduce serious privacy violation. We call the access and use of sensitive data as sensitive behaviors. To discover sensitive behaviors, static analysis of sensitive data can be employed. However, conventional dataflow analysis techniques cannot be directly applied in Android environment. An Android application consists of several components which may interact with each other directly via inter-component communication (ICC), or indirectly via file system. Additionally, dataflow may also be affected by the callbacks invoked by the Android framework. Conventional dataflow analysis fails to consider these Android specific constructs, and may lead to imprecise result. In this paper, we propose an approach for discovering sensitive behaviors in an Android application with sensitive dataflow analysis. Given an Android application, our system constructs a semantic-rich graph model, Sensitive Behavior Graph, with static analysis. The graph describes high-level information of an application, which gives analysts an overview of the sensitive dataflow. We reduce sensitive dataflow analysis to inter-procedural dataflow analysis with our Sensitive Behavior Graph. Finally, using sensitive dataflow analysis, sensitive behaviors of an application can be found by matching with the sensitive behavior signatures, describing the sensitive dataflow of interest. We have evaluated our system on real-world malware samples and the top 100 free Android applications in Google Play. We show that our system can effectively find the sensitive behaviors of Android applications in practice, and help pin-point the parts of applications that need further investigation with the help of Sensitive Behavior Graph.