PhD Dissertation Proposal by TANG Xiaoxiao | Sensitive Behavior Analysis of Android Applications on Unrooted Devices in the Wild

About The Talk

Dynamic analysis is widely used in malware detection, taint analysis, vulnerability detection, and other areas for enhancing the security of Android. Compared to static analysis, dynamic analysis is immune to common code obfuscation techniques and dynamic code loading. Existing dynamic analysis techniques rely on in-lab running environment (e.g., modified systems, rooted devices, or emulators) and require automatic input generators to execute the target app. However, these techniques could be bypassed by anti-analysis techniques that allow apps to hide sensitive behavior when an in-lab environment is detected through predefined heuristics (e.g., IMEI number of the device is invalid). Meanwhile, current input generators are still not intelligent enough to invoke adequate app behavior and provide sufficient code coverage. Therefore, it is an important research direction to investigate dynamic analysis techniques which enable a more complete execution under real running environments.

This thesis focuses on dynamically analyzing app behavior by using public APIs and side-channel information, such that the techniques can be deployed on unrooted devices used by public users. We first motivate the dynamic analysis with an advanced code obfuscation technique to hide small pieces of sensitive code with a code-reuse technique. Then, we propose a novel technique to dynamically monitoring apps by observing changes to public resources on the device and propose to use interrupt timing information to infer the launched app and concrete behavior in a running app, such as layout switching. These works demonstrate the effectiveness of dynamic analysis on unrooted devices. In the end, we propose a malware-spreading study as an example of dynamic analysis on unrooted devices.

Speaker Biography

Xiaoxiao TANG is a Ph.D. candidate in the School of Information Systems, Singapore Management University under the supervision of Associate Professor Debin Gao and AXA Chair Professor Robert H. Deng. Her research interests focus on mobile application and system security.