| With the development of Android system and the popularity of Android devices,Android apps become rich and diversified.At the same time,Android apps have a growing variety of vulnerabilities and security threats to users.There is already a lot of work in academia and industry to detect vulnerabilities in Android apps.Unfortunately,most of existing tools detecting vulnerabilities in Android apps are not performing well.These studies have two main disadvantages:one is that some studies are limited to detecting a certain vulnerability and lack comprehensive analysis;the other is the lack of valid evidence for vulnerability verification,which leads to high false alarms rate and requires massive manual efforts.To solve the above problems,we first propose the concept of vulnerability pattern to abstract the characteristics of different attacks,e.g.,their prerequisites and attack paths,so as to support detecting multiple kinds of vulnerabilities.Also,we present a zero false alarms framework which can find vulnerability instances precisely and generate test cases and triggers to validate the findings,by combing symbolic execution and dynamic binary instrumentation techniques.We implement our method in a tool named Witness,which currently can detect 12 different types of vulnerabilities and is extensible to support more.We evaluated Witness with 5271 Android apps downloaded from different application markets,and found that Witness successfully detected 530 vulnerability instances,with better accuracy and more vulnerability verification information than 5 existing Android apps vulnerability detection tools. |
PDF Full Text Request