Precise Static Analysis of Taint Flow for Android Application Sets

Abstract

Malicious and unintentionally insecure Android applications can leak users sensitive data. One approach to defending against data leaks is to analyze applications to detect potential information leaks. This thesis describes a new static taint analysis for Android that combines and augments the FlowDroid and Epicc analyses to precisely track both inter-component and intra-component data flow in a set of Android applications. The analysis takes place in two phases: given a set of applications, we first determine the data flows enabled individually by each application and the conditions under which these are possible; we then build on these results to enumerate the potentially dangerous data flows enabled by the set of applications as a whole. Our method requires analysis of the source code or bytecode of each app only once, and results can be used for analysis of tainted flows possible for any combination of apps. This analysis can be used to ensure that a set of installed apps meets the users dataflow policy requirements. This thesis describes our analysis method, implementation, and experimental results.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 09, 2014
Accession Number
AD1145873

Entities

People

  • Amar S. Bhosale

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • C4I

DTIC Thesaurus Topics

  • Computer Programming
  • Computer Programs
  • Computers
  • Data Analysis
  • Engineering
  • Information Security
  • Java Programming Language
  • Language
  • Mobile Computing
  • Mobile Operating Systems
  • Object Code
  • Operating Systems
  • Programming Languages
  • Smartphones
  • Software Development
  • Text Messaging
  • User Interface

Fields of Study

  • Computer science
  • Engineering

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Cybersecurity.
  • Software Engineering.