Android ApplicationImplementation

Android ApplicationImplementation

To ease this problem, the author first intuitively transformsthe refined protocol into an intermediate representation whichis close to typed Pi-calculus. Later, the intermediate repre-sentation can be translated to typed Pi-calculus much easier.The refined protocol is then modelled in a basic formal modelin typed Pi-calculus which contains no adversaries. Based onthe basic model, the author introduces four different attackerson top of the model and derives four formal models withproperties to be check. The first attacker model is the networkattacker which the attacker eavesdrops on the communicationchannel, namely, the network; the second is the maliciousSP which provides the user with services and let the userslogin with their identities on the IdP; the third and fourthare a malicious app in the system and they differs only atwhether the malicious app in the system can obtain the rootprivilege or not. The properties defined by security analyston these four attacker models include authentication property,authorization property and secrecy property which are mostrelevant to protocol security and user’s privacy.3) Verification and Analysis:The four formal models ofthe refined protocol derived in the last stage are used as inputsto be checked against the security analyst defined propertiesin this stage. After the verification, Proverif generates theverification reports for the models. By inspecting the reports,security analyst identifies violations of the properties beingchecked and possible vulnerabilities of the protocol. If so, thesecurity analyst reconstructs attacks on the real world device.D. Verification ResultsProverif generates verification reports for the four attackermodels after the verification process terminates. Only one ofthe authorization properties can be proved true and the otherare either false or can not be proved. The models verifiedshow that in all attacker models, Facebook server will finishthe authorization process at the wish of a “user” whether it isthe real user or is the attacker who compromised the user’scredentials and is pretending to be that user. The results alsoindicate that in some cases, there might exist replay attackfor the SP. However, this is not a vulnerability in real worldbecause of the widely adopted https [17] protocol in networkcommunication and it is an false positive in verification resultsof the models.For the network attacker and malicious app in the systemwithout root privilege attacker models, all the secretes the userenters and returned from Facebook server are safe, the secrecyproperties are all proved to be true. Because for the networkattacker, although the attacker can eavesdrop on the channelbut due to the encryption of the channel, it can not decrypt orforge messages. For the malicious app without root privilege,it can not access to other apps private data so it certainly cannot obtain the secretes from user and Facebook server. Asfor the malicious SP attacker model, there is no doubt thatall the credentials user entered will be stolen and the secrecyproperties are all proved false.For the result of the malicious app with root privilege, theuser’s credentials are proved safe with the secrecy propertiesproved true while the credentials returned from Facebookserver are not safe. This actually reveals a major implemen-tation flaws as it violates the Single Origin Policy (SOP) [2].Although it’s reasonable to store the access token in the SP’sprivate storage, but it’s not right to store cookies of Facebookwhich belongs to Facebook in the SP’s storage as this willviolates SOP.Targeting this implementation flaw, anyone that can accessto SP’s private storage can steal the cookies of Facebook anduses the cookie on a browser to login to the victim’s Facebookaccount. The author has constructed the attack and confirmedit is possible.CodeShoppy

 Android ApplicationImplementation

INFORMATIONFLOWANALYSISInformation leak occurs when a malicious application col-lects sensitive personal information and sends the informationto an adversary without user’s acknowledgement and consent.It is becoming one of the most significant security issues inrecent years [18], [19].The topic of information flow or data flow is an oldtopic and it has been studied quite a lot in the past. Taintanalysis is a method to track the information flow in theapplications. Basically, it labels the interested variables astainted variables and through monitoring all the access tothose tainted variables, taints of the tainted variables willbe propagated into new variables which has relations to theoriginal tainted variables.However, taint analysis suffers from problem of precise andaccuracy paradox. On one hand, if the taint analysis sets a toocoarse grained taint propagating rule such as for every variablethat reads the tainted variable, it will also become taintedvariable, then under this rule it may taint too many variables.However, not all of the tainted variables are actually relatedto the origin tainted variables in the information flow and thusit reduces the precision of the analysis; on the other hand,if it sets a too rigorous propagating rule, it may miss certainvariables that are actually related to the tainted variables andas a result reduces the accuracy of the analysis.Like normal program analysis approaches, it can also becarried out dynamically or statically. Both of them have theiradvantages and disadvantages. Normally, dynamic analysis ismore precise than the static analysis because dynamic analysiscan access to runtime information of the program. However,it also suffers from low code coverage problem. It can hardlycover all the branches and codes in the program and may misssome information flows. In some extreme cases, the maliciousapplication can detect whether it is being analyzed and changeits behaviour which renders dynamic analysis in vain.While contrary to dynamic analysis, static analysis has highcode coverage which potentially enables it to identify all thepossible information flows. However, it is hard to scale to alarge application as there might exists so many informatioflows. Without the runtime information, however, it weakensthe precision of static information flow analysis.https://codeshoppy.com/android-app-ideas-for-students-college-project.html

Categories