The Research On Network Service Security Of Mobile Applications

The widespread use of smartphones leads to the prosperity of mobile applications(app for short).The security of mobile app is now attracting more attention.Among the security threats,threat towards a vulnerable network service is severer than others.For example,an adversary can mount remote 0-click attacks(such as DoS or RCE of apps,stealing personal information for profit,etc.)by exploiting the vulnerability of network services.It's necessary to discover such vulnerabilities and eliminate the threat at scale to guarantee the health of app ecosystem.This dissertation focuses on vetting and analyzing network services of mobile apps.Methodologies and optimizations of binary analysis,third-party libraries identification and measurement,and the pipeline for large-scale analysis are proposed to achieve such a goal.The key contributions of this dissertation are as follows:(i)A state-of-the-practice data-flow analysis tool is developed.Besides data-flow analysis,this tool uses variable de-reference method to solve the pointer arithmetic that pervades exe-cutable programs.It uses read-before-write and read-after-write patterns to restore the symbol information,including actual parameters,formal parameters,return values and receivers of the return values.To fill the gap between relevant variables when slicing,abstract location is built for memory.To achieve a reasonable performance,we eliminate instructions,shrink storage to reduce memory usage;we propose on-demand and limited offline point-to analysis to promote the analysis speed.This tool is competent for real-world analysis tasks and we release this tool for community to foster further research.(ii)An iOS app third-party network service libraries identification method is proposed.Based on the call stack information,system network service libraries are extracted by backward traveling the stack,third-party network service libraries are collected by comparing the tokens originated from the stack;Large-scale measurement is carried out by taking signatures of the iOS app third-party network service libraries,measurement result reveals the prevalent usage of network services in iOS apps.Dataset is designed for evaluating the co-existence Android third-party library identification methodologies.Experiment reveals the high false positive rate of these methodologies.Based on this experiment,a novel signature of Android third-party libraries which is sensitive to specific version is proposed.The signature is built on an insightful study of ProGuard,which is resistant to shrinkage and optimization of Android third-party libraries.By using the established signature,we can detect the contained third-party libraries as well as their versions in Android apps.Based on the third-party libraries identification,the third-party libraries of Android ecosystem are systematically characterized and the security of third-party libraries is studied.(iii)This is the first work for vetting the security of network services of mobile apps at scale.The vetting work starts from seed apps.For seed apps,dynamic analysis is used to assess the interface of the network services and then static analysis is performed to further scrutinize the seed apps.Knowledge gained from seed apps is then applied to the large-scale analysis.To facilitate analysis,an app collection tool is designed and a big data platform is built.Over one hundred new vulnerabilities are identified.These vulnerable apps mentioned in the paper are reported to relevant stakeholders through the Security Response Center(SRC)of vendors.Three vulnerabilities have been acknowledged.Some vulnerabilities have been confirmed and collected by CVE(Common Vulnerabilities and Exposures)and CNNVD(China National Vulnerability Database).