Towards understanding Android system vulnerabilities: Techniques and insights

Towards understanding Android system vulnerabilities: Techniques and insights

As a common platform for pervasive devices, Android has been targeted by numerous attacks that exploit vulnerabilities in its apps and the operating system. Compared to app vulnerabilities, systemlevel vulnerabilities in Android, however, were much less explored in the literature. In this paper, we...

Full description

Saved in:
Bibliographic Details
Main Authors: WU, Daoyuan, GAO, Debin, CHENG, Eric K. T., CAO, Yichen, JIANG, Jintao, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Android Security
Patch Code Clustering
System Vulnerability
Information Security
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/4318
https://ink.library.smu.edu.sg/context/sis_research/article/5321/viewcontent/AsiaCCS19_AndroVulns.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-5321
record_format dspace
spelling sg-smu-ink.sis_research-53212020-04-03T07:56:42Z Towards understanding Android system vulnerabilities: Techniques and insights WU, Daoyuan GAO, Debin CHENG, Eric K. T. CAO, Yichen JIANG, Jintao DENG, Robert H. As a common platform for pervasive devices, Android has been targeted by numerous attacks that exploit vulnerabilities in its apps and the operating system. Compared to app vulnerabilities, systemlevel vulnerabilities in Android, however, were much less explored in the literature. In this paper, we perform the first systematic study of Android system vulnerabilities by comprehensively analyzing all 2,179 vulnerabilities on the Android Security Bulletin program over about three years since its initiation in August 2015. To this end, we propose an automatic analysis framework, upon a hierarchical database structure, to crawl, parse, clean, and analyze vulnerability reports and their publicly available patches. This framework includes (i) a lightweight technique to pinpoint the affected modules of given vulnerabilities; (ii) a robust method to study the complexity of patch code; and most importantly, (iii) a similarity-based algorithm to cluster patch code patterns. Our clustering algorithm first extracts patch code's essential changes that not only concisely reflect syntactic changes but also keep important semantics, and then leverages affinity propagation to automatically generate clusters based on their pairwise similarity. It allows us to obtain 16 vulnerability patterns, including six new ones not known in the literature, and we further analyze their characteristics via case studies. Besides identifying these useful patterns, we also find that 92% Android vulnerabilities are located in the low-level modules (mostly in native libraries and the kernel), whereas the framework layer causes only 5% vulnerabilities, and that half of the vulnerabilities can be fixed in fewer than 10 lines of code each, with 110 out of 1,158 cases requiring only one single line of code change. We further discuss the implications of all these results. Overall, we provide a clear overview and new insights about Android system vulnerabilities. 2019-07-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4318 info:doi/10.1145/3321705.3329831 https://ink.library.smu.edu.sg/context/sis_research/article/5321/viewcontent/AsiaCCS19_AndroVulns.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android Security Patch Code Clustering System Vulnerability Information Security Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Android Security
Patch Code Clustering
System Vulnerability
Information Security
Software Engineering
spellingShingle Android Security
Patch Code Clustering
System Vulnerability
Information Security
Software Engineering
WU, Daoyuan
GAO, Debin
CHENG, Eric K. T.
CAO, Yichen
JIANG, Jintao
DENG, Robert H.
Towards understanding Android system vulnerabilities: Techniques and insights
description As a common platform for pervasive devices, Android has been targeted by numerous attacks that exploit vulnerabilities in its apps and the operating system. Compared to app vulnerabilities, systemlevel vulnerabilities in Android, however, were much less explored in the literature. In this paper, we perform the first systematic study of Android system vulnerabilities by comprehensively analyzing all 2,179 vulnerabilities on the Android Security Bulletin program over about three years since its initiation in August 2015. To this end, we propose an automatic analysis framework, upon a hierarchical database structure, to crawl, parse, clean, and analyze vulnerability reports and their publicly available patches. This framework includes (i) a lightweight technique to pinpoint the affected modules of given vulnerabilities; (ii) a robust method to study the complexity of patch code; and most importantly, (iii) a similarity-based algorithm to cluster patch code patterns. Our clustering algorithm first extracts patch code's essential changes that not only concisely reflect syntactic changes but also keep important semantics, and then leverages affinity propagation to automatically generate clusters based on their pairwise similarity. It allows us to obtain 16 vulnerability patterns, including six new ones not known in the literature, and we further analyze their characteristics via case studies. Besides identifying these useful patterns, we also find that 92% Android vulnerabilities are located in the low-level modules (mostly in native libraries and the kernel), whereas the framework layer causes only 5% vulnerabilities, and that half of the vulnerabilities can be fixed in fewer than 10 lines of code each, with 110 out of 1,158 cases requiring only one single line of code change. We further discuss the implications of all these results. Overall, we provide a clear overview and new insights about Android system vulnerabilities.
format text
author WU, Daoyuan
GAO, Debin
CHENG, Eric K. T.
CAO, Yichen
JIANG, Jintao
DENG, Robert H.
author_facet WU, Daoyuan
GAO, Debin
CHENG, Eric K. T.
CAO, Yichen
JIANG, Jintao
DENG, Robert H.
author_sort WU, Daoyuan
title Towards understanding Android system vulnerabilities: Techniques and insights
title_short Towards understanding Android system vulnerabilities: Techniques and insights
title_full Towards understanding Android system vulnerabilities: Techniques and insights
title_fullStr Towards understanding Android system vulnerabilities: Techniques and insights
title_full_unstemmed Towards understanding Android system vulnerabilities: Techniques and insights
title_sort towards understanding android system vulnerabilities: techniques and insights
publisher Institutional Knowledge at Singapore Management University
publishDate 2019
url https://ink.library.smu.edu.sg/sis_research/4318
https://ink.library.smu.edu.sg/context/sis_research/article/5321/viewcontent/AsiaCCS19_AndroVulns.pdf
_version_ 1770574618839482368

Similar Items