SIS Research Seminar by WU Daoyuan | Boosting Android Security through App-, Network-, and System-level Vulnerability Analysis

Boosting Android Security through App-, Network-, and System-level Vulnerability Analysis

With Android being the most popular system for pervasive devices, there has been continuous efforts to improve its security. In this talk, I will introduce our multi-level vulnerability analysis works to boost up Android security. On the app level, we consider a long-standing IPC vulnerability that allows an attack app to hijack a victim app via inter-component communication on Android. To defend against this attack, we present SCLib, a secure component library that performs in-app mandatory access control on behalf of the app components. In this way, SCLib no longer requires firmware modification or app repackaging as in previous works. On the network level, we study threats stemmed from network-side open ports found in many Android apps. We design and deploy a novel on-device crowdsourcing app and its server-side analytic engine to continuously monitor open ports in the wild. This crowdsourcing platform has already reported the actual executions of open ports in 925 popular apps and 725 built-in system apps. On the system level, we perform the first systematic study of Android system vulnerabilities by comprehensively analyzing all 2,179 vulnerabilities on the Android Security Bulletin program over about three years. In particular, we propose a similarity-based algorithm to automatically cluster 16 vulnerability patterns, including six previously unreported ones.