Secure repackage-proofing framework for Android apps using Collatz conjecture
App repackaging has been raising serious concerns about the health of the Android ecosystem, and repackage-proofing is an important mitigation against threat of such attacks. However, existing app repackage-proofing schemes were only evaluated against trivial adversaries simulated using analyzers fo...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2021
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/6733 https://ink.library.smu.edu.sg/context/sis_research/article/7736/viewcontent/tdsc_2021_3.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-7736 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-77362022-01-27T11:09:22Z Secure repackage-proofing framework for Android apps using Collatz conjecture MA, Haoyu LI, Shijia GAO, Debin JIA, Chunfu App repackaging has been raising serious concerns about the health of the Android ecosystem, and repackage-proofing is an important mitigation against threat of such attacks. However, existing app repackage-proofing schemes were only evaluated against trivial adversaries simulated using analyzers for other purposes (e.g., disclosing privacy leakage vulnerabilities), hence were shown “effective” mainly because their key programming features were not even supported by those toolkits. Furthermore, existing works have also neglected dynamic adversaries capable of manipulating victim apps at runtime, making them vulnerable against such stronger opponents. In this paper, we propose a novel repackage-proofing framework, which deploys distributed detection and response sites into the subject app’s native partition to cross-verify all its code files. The detection sites transmit obtained integrity metrics to response sites via secure communication channels built on the subject app’s own control flows using a specialized obfuscation technique based on Collatz conjecture, turning the repackage-proofing process into complicated implicit flows that are intrinsically difficult to be resolved due to the conjecture’s nonlinear dynamical behaviors. We evaluated our framework using sophisticated Android data-flow analyzers. Results showed that our prototype effectively impeded analyses aiming to trace the information flows of its cross-verification. 2021-06-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/6733 info:doi/10.1109/TDSC.2021.3091654 https://ink.library.smu.edu.sg/context/sis_research/article/7736/viewcontent/tdsc_2021_3.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University App repackaging repackage-proofing code obfuscation Collatz conjecture Information Security Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
App repackaging repackage-proofing code obfuscation Collatz conjecture Information Security Software Engineering |
| spellingShingle |
App repackaging repackage-proofing code obfuscation Collatz conjecture Information Security Software Engineering MA, Haoyu LI, Shijia GAO, Debin JIA, Chunfu Secure repackage-proofing framework for Android apps using Collatz conjecture |
| description |
App repackaging has been raising serious concerns about the health of the Android ecosystem, and repackage-proofing is an important mitigation against threat of such attacks. However, existing app repackage-proofing schemes were only evaluated against trivial adversaries simulated using analyzers for other purposes (e.g., disclosing privacy leakage vulnerabilities), hence were shown “effective” mainly because their key programming features were not even supported by those toolkits. Furthermore, existing works have also neglected dynamic adversaries capable of manipulating victim apps at runtime, making them vulnerable against such stronger opponents. In this paper, we propose a novel repackage-proofing framework, which deploys distributed detection and response sites into the subject app’s native partition to cross-verify all its code files. The detection sites transmit obtained integrity metrics to response sites via secure communication channels built on the subject app’s own control flows using a specialized obfuscation technique based on Collatz conjecture, turning the repackage-proofing process into complicated implicit flows that are intrinsically difficult to be resolved due to the conjecture’s nonlinear dynamical behaviors. We evaluated our framework using sophisticated Android data-flow analyzers. Results showed that our prototype effectively impeded analyses aiming to trace the information flows of its cross-verification. |
| format |
text |
| author |
MA, Haoyu LI, Shijia GAO, Debin JIA, Chunfu |
| author_facet |
MA, Haoyu LI, Shijia GAO, Debin JIA, Chunfu |
| author_sort |
MA, Haoyu |
| title |
Secure repackage-proofing framework for Android apps using Collatz conjecture |
| title_short |
Secure repackage-proofing framework for Android apps using Collatz conjecture |
| title_full |
Secure repackage-proofing framework for Android apps using Collatz conjecture |
| title_fullStr |
Secure repackage-proofing framework for Android apps using Collatz conjecture |
| title_full_unstemmed |
Secure repackage-proofing framework for Android apps using Collatz conjecture |
| title_sort |
secure repackage-proofing framework for android apps using collatz conjecture |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2021 |
| url |
https://ink.library.smu.edu.sg/sis_research/6733 https://ink.library.smu.edu.sg/context/sis_research/article/7736/viewcontent/tdsc_2021_3.pdf |
| _version_ |
1770576056508481536 |