Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

DaVinci: Android App Analysis beyond Frida via Dynamic System Call Instrumentation

 
: Druffel, Alexander; Heid, Kris

:

Zhou, J.:
Applied Cryptography and Network Security Workshops. ACNS 2020 Satellite Workshops. Proceedings : AIBlock, AIHWS, AIoTS, Cloud S&P, SCI, SecMT, and SiMLA, Rome, Italy, October 19-22, 2020, Virtual Conference
Cham: Springer Nature, 2020 (Lecture Notes in Computer Science 12418)
ISBN: 978-3-030-61637-3 (Print)
ISBN: 978-3-030-61638-0 (Online)
pp.473-489
International Conference on Applied Cryptography and Network Security (ACNS) <18, 2020, Online>
Workshop on Application Intelligence and Blockchain Security (AIBlock) <2, 2020, Online>
Workshop on Artificial Intelligence in Hardware Security (AIHWS) <1, 2020, Online>
Workshop on Artificial Intelligence and Industrial IoT Security (AIoTS) <2, 2020, Online>
Workshop on Cloud Security and Privacy (Cloud S&P) <2, 2020, Online>
Workshop on Secure Cryptographic Implementation (SCI) <1, 2020, Online>
Workshop on Security in Mobile Technologies (SecMT) <1, 2020, Online>
Workshop on Security in Machine Learning and its Applications (SiMLA) <2, 2020, Online>
English
Conference Paper
Fraunhofer SIT ()

Abstract
Today there are billions of mobile Android devices and the corresponding app stores contain millions of different apps. Due to their access to personal data and their commonly closed source nature, program analysis remains the only instrument to analyze app behavior and protect user data. At the same time, many measures for hardening apps have been developed to make analysis more difficult and to hide the inner workings of applications, making dynamic analysis a time-consuming task. We propose DaVinci, an Android kernel module for system call hooking, which allows a fully transparent and scalable dynamic analysis. DaVinci comes with preconfigured high level profiles to easily analyze the low level system calls. DaVinci works even on hardened apps without manual adjustments where common tools like Frida fail or require exhausting reverse engineering. We evaluate our approach against state-of-the-art hardening measures in a custom app as well as several hardened real-world examples and find that we successfully overcome all protection measures even when other tools fail. Our framework will be open-sourced and made available to the research and security communities.

: http://publica.fraunhofer.de/documents/N-618307.html