Mutation-based Modeling And Precise Taint Analysis Of Android Native Code

In recent years,the use of Android operating system has become more and more common around the world,and there are more and more applications based on the Android platform in various fields.Applications on the Android platform bring great convenience to our life,but also bring a lot of security issues.Among these security issues,information flow security is one of the main security issues.In order to detect information flow security issue in Android applications,taint analysis of Android applications is a common detection method.Currently the existing Android application static taint analysis tools(such as Amandroid,Flow Droid,Droid Safe,etc.)can perform effective taint analysis on most Android applications with a certain degree of accuracy.However,more and more malicious behaviors are related to native code: on the one hand,the Android native method code will secretly disclose sensitive information;On the other hand,the malicious behavior can be placed in the native code of the application by the attacker to avoid Android static analysis tools' detection.In the existing Android application static taint analysis tools,Droid Safe is unable to describe taints propagation in the application's native code.Flow Droid and Amandroid only construct coarse-grained data dependency models in a conservative way for native methods,and the analysis accuracy is poor.How to improve the accuracy of the current static taint analysis method for representing the information flow of native code is an unresolved problem.To resolve this problem,this paper proposes using mutation-based dependency generation and stub generation algorithm to implement more fine-grained automated modeling for the information flow characteristics of native methods in Android applications,while detecting source and sink invocation in native code and updating the list of sources and sinks.We implement an extension of Droid Safe static analysis tool,and the information flow results in new analytical tools are more accurate,more comprehensive.The research of this paper are mainly divided into the following four aspects:(1).Based on mutation technology,native code is regarded as a black box,and a dynamic approch of dependency generation is designed and implemented to extract the dependencies between parameters and return value of native method interface.(2).We proposed IDA Pro lightweight native code analysis approach,which analyze native shared binary library of application,acquire native functions that call source or sink.We then find the Java side native methods corresponding to the native functions,which are used to update the source or sink list.(3).Based on the extracted dependency,the stub automatic generation algorithm is studied to obtain an accurate analysis stub that can match the native method and can be combined with the static taint analysis of Droid Safe tool to realize the analysis of the malicious behavior in native code.(4).On the benchmark,the accuracies of this paper's tools and existing tools are evaluated.By using the application set,containing native code,composed of 5096 real applications and 1109 malicious applications,we evaluates the scheme of this paper in terms of detection effect.By comparing with the original Droid Safe tool,it was shown that this scheme significantly increased the detection amount in a variety of sensitive information flow categories.By comparing with the JN-SAF tool,the difference in detection capability between the scheme in this paper and the summary-based bottom-up dataflow analysis adopted by JN-SAF is analyzed.