NLEU: A Semantic-based Taint Analysis for Vetting Apps in Android

2021 International Conference on Networking and Network Applications (NaNA) Pub Date : 2021-10-01 DOI:10.1109/NaNA53684.2021.00063

Yuanqing Liu, Ning Xi, Yongbo Zhi

{"title":"NLEU: A Semantic-based Taint Analysis for Vetting Apps in Android","authors":"Yuanqing Liu, Ning Xi, Yongbo Zhi","doi":"10.1109/NaNA53684.2021.00063","DOIUrl":null,"url":null,"abstract":"Due to the widespread of Android apps in our daily life, vulnerable or malicious apps have become two major threats on clients’ privacy. Taint analysis is one of the most widely used approach for detecting information leakage by tracking sensitive flows through the apps in accord with specific taint propagation rules and predefined sensitive sources and sinks. However, most existing static taint analysis tools, including FlowDroid, IccTA, etc., neglect the semantics of detected flows, especially for conditional branch in apps, which may cause a precision loss in practical environment. In this paper, we propose NLEU, a semantic-based taint analysis approach to improve the precision of traditional flow tracking techniques, which introduce a new dimension of information, i.e., the program’s semantics, for vetting Android apps. At the same time, NLEU can eliminate the insensitive flows of flow tracking techniques. The NLP techniques are adopted to extract the program semantics from codes and their comments. Through the experiments and evaluations, the result show that NLEU can improve the overall performance effectively compared with the traditional tools.","PeriodicalId":414672,"journal":{"name":"2021 International Conference on Networking and Network Applications (NaNA)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Networking and Network Applications (NaNA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NaNA53684.2021.00063","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Due to the widespread of Android apps in our daily life, vulnerable or malicious apps have become two major threats on clients’ privacy. Taint analysis is one of the most widely used approach for detecting information leakage by tracking sensitive flows through the apps in accord with specific taint propagation rules and predefined sensitive sources and sinks. However, most existing static taint analysis tools, including FlowDroid, IccTA, etc., neglect the semantics of detected flows, especially for conditional branch in apps, which may cause a precision loss in practical environment. In this paper, we propose NLEU, a semantic-based taint analysis approach to improve the precision of traditional flow tracking techniques, which introduce a new dimension of information, i.e., the program’s semantics, for vetting Android apps. At the same time, NLEU can eliminate the insensitive flows of flow tracking techniques. The NLP techniques are adopted to extract the program semantics from codes and their comments. Through the experiments and evaluations, the result show that NLEU can improve the overall performance effectively compared with the traditional tools.

查看原文本刊更多论文

NLEU:基于语义的Android应用程序污点分析

由于Android应用在我们日常生活中的广泛应用，漏洞或恶意应用已经成为客户隐私的两大威胁。根据特定的污染传播规则和预定义的敏感源和敏感汇，通过跟踪流经应用程序的敏感流来检测信息泄漏，是应用最广泛的方法之一。然而，现有的大多数静态污染分析工具，包括FlowDroid、IccTA等，都忽略了检测流的语义，特别是对于应用程序中的条件分支，这在实际环境中可能会造成精度损失。在本文中，我们提出了一种基于语义的污点分析方法NLEU，以提高传统流量跟踪技术的精度，该方法引入了一个新的信息维度，即程序的语义，用于审查Android应用程序。同时，NLEU可以消除流动跟踪技术中的不敏感流动。采用自然语言处理技术从代码及其注释中提取程序语义。通过实验和评估，结果表明，与传统工具相比，NLEU可以有效地提高整体性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 International Conference on Networking and Network Applications (NaNA)

自引率

0.00%

发文量