当Android应用程序打开端口处理网络请求:功能还是安全漏洞?

H. Yue, Yuqing Zhang
{"title":"当Android应用程序打开端口处理网络请求:功能还是安全漏洞?","authors":"H. Yue, Yuqing Zhang","doi":"10.14257/ijsia.2017.11.8.05","DOIUrl":null,"url":null,"abstract":"Large amounts of Android apps (applications) are found to open network ports to handle network requests to realize some specific functions, e.g., access from web page to Android app, communication between computer and Android device, file transmission in LAN (Local Area Network) environment, etc. However, an opened network port also provides an interface for attackers to visit the app. If a network request can trigger sensitive behaviors of a port-opening app without being e ff ective authorized by the app, it would pose security threats to the user, and we consider this app has port-opening vulnerability. In this paper, we first study the universality of port-opening apps in current Android app stores, the purposes of opening network ports and the possible attacks that the vulnerable apps may su ff er from. Then we propose a detection method of port-opening vulnerability of Android app based on static analysis and implement a detection tool— APOVD (Android Port-Opening Vulnerability Detection). APOVD first judges whether an opened port can lead to the occurrence of sensitive behaviors by the method of reachability analysis and taint analysis. Then the technique of static program slicing is used to judge whether there exists adequate access controls in the paths to reach each sensitive behavior. If there exists a path to reach a sensitive behavior and no adequate access control in this path, APOVD considers that the app under test has port-opening vulnerability. 1187 port-opening Android apps are found in 15600 popular apps, and 407 of them are identified as having port-opening vulnerability with the help of APOVD. The result shows that APOVD is e ff ective in detecting port-opening vulnerability.","PeriodicalId":46187,"journal":{"name":"International Journal of Security and Its Applications","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-08-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"When Android Apps Open Ports to Handle Network Requests: Functionality or Security Vulnerability?\",\"authors\":\"H. Yue, Yuqing Zhang\",\"doi\":\"10.14257/ijsia.2017.11.8.05\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Large amounts of Android apps (applications) are found to open network ports to handle network requests to realize some specific functions, e.g., access from web page to Android app, communication between computer and Android device, file transmission in LAN (Local Area Network) environment, etc. However, an opened network port also provides an interface for attackers to visit the app. If a network request can trigger sensitive behaviors of a port-opening app without being e ff ective authorized by the app, it would pose security threats to the user, and we consider this app has port-opening vulnerability. In this paper, we first study the universality of port-opening apps in current Android app stores, the purposes of opening network ports and the possible attacks that the vulnerable apps may su ff er from. Then we propose a detection method of port-opening vulnerability of Android app based on static analysis and implement a detection tool— APOVD (Android Port-Opening Vulnerability Detection). APOVD first judges whether an opened port can lead to the occurrence of sensitive behaviors by the method of reachability analysis and taint analysis. Then the technique of static program slicing is used to judge whether there exists adequate access controls in the paths to reach each sensitive behavior. If there exists a path to reach a sensitive behavior and no adequate access control in this path, APOVD considers that the app under test has port-opening vulnerability. 1187 port-opening Android apps are found in 15600 popular apps, and 407 of them are identified as having port-opening vulnerability with the help of APOVD. The result shows that APOVD is e ff ective in detecting port-opening vulnerability.\",\"PeriodicalId\":46187,\"journal\":{\"name\":\"International Journal of Security and Its Applications\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-08-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Security and Its Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.14257/ijsia.2017.11.8.05\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Security and Its Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14257/ijsia.2017.11.8.05","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

大量安卓应用程序(应用程序)被发现打开网络端口来处理网络请求,以实现某些特定功能,例如从网页访问安卓应用、计算机与安卓设备之间的通信、局域网环境中的文件传输等。然而,打开的网络端口也为攻击者访问应用程序提供了接口。如果网络请求可以在未经应用程序有效授权的情况下触发端口打开应用程序的敏感行为,则会对用户构成安全威胁,我们认为该应用程序存在端口打开漏洞。在本文中,我们首先研究了当前安卓应用商店中端口开放应用程序的普遍性、开放网络端口的目的以及易受攻击的应用程序可能受到的攻击。然后,我们提出了一种基于静态分析的Android应用程序端口打开漏洞检测方法,并实现了一个检测工具——APOVD(Android端口打开漏洞)。APOVD首先通过可达性分析和污染分析的方法来判断一个开放的端口是否会导致敏感行为的发生。然后使用静态程序切片技术来判断路径中是否存在足够的访问控制以达到每个敏感行为。如果存在到达敏感行为的路径,并且该路径中没有足够的访问控制,APOVD认为测试中的应用程序存在端口打开漏洞。在15600个热门应用程序中发现1187个开放端口的安卓应用程序,其中407个应用程序在APOVD的帮助下被识别为存在端口开放漏洞。结果表明,APOVD能够有效地检测端口打开漏洞。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
When Android Apps Open Ports to Handle Network Requests: Functionality or Security Vulnerability?
Large amounts of Android apps (applications) are found to open network ports to handle network requests to realize some specific functions, e.g., access from web page to Android app, communication between computer and Android device, file transmission in LAN (Local Area Network) environment, etc. However, an opened network port also provides an interface for attackers to visit the app. If a network request can trigger sensitive behaviors of a port-opening app without being e ff ective authorized by the app, it would pose security threats to the user, and we consider this app has port-opening vulnerability. In this paper, we first study the universality of port-opening apps in current Android app stores, the purposes of opening network ports and the possible attacks that the vulnerable apps may su ff er from. Then we propose a detection method of port-opening vulnerability of Android app based on static analysis and implement a detection tool— APOVD (Android Port-Opening Vulnerability Detection). APOVD first judges whether an opened port can lead to the occurrence of sensitive behaviors by the method of reachability analysis and taint analysis. Then the technique of static program slicing is used to judge whether there exists adequate access controls in the paths to reach each sensitive behavior. If there exists a path to reach a sensitive behavior and no adequate access control in this path, APOVD considers that the app under test has port-opening vulnerability. 1187 port-opening Android apps are found in 15600 popular apps, and 407 of them are identified as having port-opening vulnerability with the help of APOVD. The result shows that APOVD is e ff ective in detecting port-opening vulnerability.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
International Journal of Security and Its Applications
International Journal of Security and Its Applications COMPUTER SCIENCE, INFORMATION SYSTEMS-
自引率
0.00%
发文量
0
期刊介绍: IJSIA aims to facilitate and support research related to security technology and its applications. Our Journal provides a chance for academic and industry professionals to discuss recent progress in the area of security technology and its applications. Journal Topics: -Access Control -Ad Hoc & Sensor Network Security -Applied Cryptography -Authentication and Non-repudiation -Cryptographic Protocols -Denial of Service -E-Commerce Security -Identity and Trust Management -Information Hiding -Insider Threats and Countermeasures -Intrusion Detection & Prevention -Network & Wireless Security -Peer-to-Peer Security -Privacy and Anonymity -Secure installation, generation and operation -Security Analysis Methodologies -Security assurance -Security in Software Outsourcing -Security products or systems -Security technology -Systems and Data Security
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信