PhD Dissertation Defense by TANG Xiaoxiao | Sensitive Behavior Analysis of Android Applications on Unrooted Devices in the Wild

About The Talk

Dynamic analysis is widely used in malware detection, taint analysis, vulnerability detection, and other areas for enhancing the security of Android. Compared to static analysis, dynamic analysis is immune to common code obfuscation techniques and dynamic code loading. Existing dynamic analysis techniques rely on in-lab running environment (e.g., modified systems, rooted devices, or emulators) and require automatic input generators to execute the target app. However, these techniques could be bypassed by anti-analysis techniques that allow apps to hide sensitive behavior. Meanwhile, current input generators are still not intelligent enough to invoke adequate app behavior and provide sufficient code coverage. Therefore, it is an important research direction to investigate dynamic analysis techniques which enable a more complete execution under real running environments.

Our work focuses on dynamically analyzing app behavior by using public APIs and side-channel information, such that the techniques can be deployed on unrooted devices used by public users without system modification or app instrumentation. We first motivate the dynamic analysis with an advanced code obfuscation technique to hide small pieces of sensitive code with a code-reuse technique. Then, we propose a novel technique to dynamically monitoring apps by observing changes to public resources on the device and propose to use interrupt timing information to infer the launched app and concrete behavior in a running app, such as layout switching. These works demonstrate the effectiveness of dynamic analysis on unrooted devices. In the end, we build a simulation system for malware-spreading study using dynamic analysis on unrooted devices.

Speaker Biography

Xiaoxiao Tang is a Ph.D. candidate in the School of Information Systems, Singapore Management University under the supervision of Associate Professor Debin Gao and AXA Chair Professor Robert H. Deng. Her research interests focus on mobile application and system security.