TY - GEN
T1 - Duet
T2 - 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2014
AU - Hu, Wenhui
AU - Octeau, Damien
AU - McDaniel, Patrick Drew
AU - Liu, Peng
PY - 2014
Y1 - 2014
N2 - In recent years, the Android operating system has had an explosive growth in the number of applications containing third-party libraries for different purposes. In this paper, we identify three library-centric threats in the real-world Android application markets: (i) the library modification threat, (ii) the masquerading threat and (iii) the aggressive library threat. These three threats cannot effectively be fully addressed by existing defense mechanisms such as software analysis, anti-virus software and anti-repackaging techniques. To mitigate these threats, we propose Duet, a library integrity verification tool for Android applications at application stores. This is non-trivial because the Android application build process merges library code and application-specific logic into a single binary file. Our approach uses reverse-engineering to achieve integrity verification. We implemented a full working prototype of Duet. In a dataset with 100,000 Android applications downloaded from Google Play between February 2012 and September 2013, we verify integrity of 15 libraries. On average, 80.50% of libraries can pass the integrity verification. In-depth analysis indicates that code insertion, obfuscation, and optimization on libraries by application developers are the primary reasons for not passing integrity verification. The evaluation results not only indicate that Duet is an effective tool to mitigate library-centric attacks, but also provide empirical insight into the library integrity situation in the wild.
AB - In recent years, the Android operating system has had an explosive growth in the number of applications containing third-party libraries for different purposes. In this paper, we identify three library-centric threats in the real-world Android application markets: (i) the library modification threat, (ii) the masquerading threat and (iii) the aggressive library threat. These three threats cannot effectively be fully addressed by existing defense mechanisms such as software analysis, anti-virus software and anti-repackaging techniques. To mitigate these threats, we propose Duet, a library integrity verification tool for Android applications at application stores. This is non-trivial because the Android application build process merges library code and application-specific logic into a single binary file. Our approach uses reverse-engineering to achieve integrity verification. We implemented a full working prototype of Duet. In a dataset with 100,000 Android applications downloaded from Google Play between February 2012 and September 2013, we verify integrity of 15 libraries. On average, 80.50% of libraries can pass the integrity verification. In-depth analysis indicates that code insertion, obfuscation, and optimization on libraries by application developers are the primary reasons for not passing integrity verification. The evaluation results not only indicate that Duet is an effective tool to mitigate library-centric attacks, but also provide empirical insight into the library integrity situation in the wild.
UR - http://www.scopus.com/inward/record.url?scp=84907417558&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84907417558&partnerID=8YFLogxK
U2 - 10.1145/2627393.2627404
DO - 10.1145/2627393.2627404
M3 - Conference contribution
AN - SCOPUS:84907417558
SN - 9781450329729
T3 - WiSec 2014 - Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks
SP - 141
EP - 152
BT - WiSec 2014 - Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks
PB - Association for Computing Machinery
Y2 - 23 July 2014 through 25 July 2014
ER -