Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

A machine-learning approach for classifying and categorizing Android sources and sinks

: Rasthofer, Siegfried; Arzt, Steven; Bodden, Eric

Fulltext ()

Internet Society -ISOC-:
NDSS 2014, Network and Distributed System Security Symposium. Programme. Online resource : 23-26 February 2014, San Diego, California, USA
Reston, VA: ISOC, 2014
ISBN: 1-891562-35-5
15 pp.
Network and Distributed System Security Symposium (NDSS) <2014, San Diego/Calif.>
Conference Paper, Electronic Publication
Fraunhofer SIT ()

Todays smartphone users face a security dilemma: many apps they install operate on privacy-sensitive data, although they might originate from developers whose trustworthiness is hard to judge. Researchers have addressed the problem with more and more sophisticated static and dynamic analysis tools as an aid to assess how apps use private user data. Those tools, however, rely on the manual configuration of lists of sources of sensitive data as well as sinks which might leak data to untrusted observers. Such lists are hard to come by. We thus propose SUSI, a novel machine-learning guided approach for identifying sources and sinks directly from the code of any Android API. Given a training set of hand-annotated sources and sinks, SUSI identifies other sources and sinks in the entire API. To provide more fine-grained information, SUSI further categorizes the sources (e.g., unique identifier, location information, etc.) and sinks (e.g., network, file, etc.). For Android 4.2, SUSI identifies hundreds of sources and sinks with over 92% accuracy, many of which are missed by current information-flow tracking tools. An evaluation of about 11,000 malware samples confirms that many of these sources and sinks are indeed used. We furthermore show that SUSI can reliably classify sources and sinks even in new, previously unseen Android versions and components like Google Glass or the Chromecast API.