Abstract
As a common platform for pervasive devices, Android has been targeted by numerous attacks that exploit vulnerabilities in its apps and the operating system. Compared to app vulnerabilities, system-level vulnerabilities in Android, however, were much less explored in the literature. In this paper, we perform the first systematic study of Android system vulnerabilities by comprehensively analyzing all 2,179 vulnerabilities on the Android Security Bulletin program over about three years since its initiation in August 2015. To this end, we propose an automatic analysis framework, upon a hierarchical database structure, to crawl, parse, clean, and analyze vulnerability reports and their publicly available patches. This framework includes (i) a lightweight technique to pinpoint the affected modules of given vulnerabilities; (ii) a robust method to study the complexity of patch code; and most importantly, (iii) a similarity-based algorithm to cluster patch code patterns. Our clustering algorithm first extracts patch code's essential changes that not only concisely reflect syntactic changes but also keep important semantics, and then leverages affinity propagation to automatically generate clusters based on their pairwise similarity. It allows us to obtain 16 vulnerability patterns, including six new ones not known in the literature, and we further analyze their characteristics via case studies. Besides identifying these useful patterns, we also find that 92% Android vulnerabilities are located in the low-level modules (mostly in native libraries and the kernel), whereas the framework layer causes only 5% vulnerabilities, and that half of the vulnerabilities can be fixed in fewer than 10 lines of code each, with 110 out of 1,158 cases requiring only one single line of code change. We further discuss the implications of all these results. Overall, we provide a clear overview and new insights about Android system vulnerabilities.
| Original language | English |
|---|---|
| Title of host publication | Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security |
| Editors | Steven GALBRAITH, Giovanni RUSSELLO, Willy SUSILO, Dieter GOLLMANN, Engin KIRDA, Zhenkai LIANG |
| Publisher | Association for Computing Machinery, Inc |
| Chapter | Session 4A: Mobile Security |
| Pages | 295-306 |
| Number of pages | 12 |
| ISBN (Electronic) | 9781450367523 |
| DOIs | |
| Publication status | Published - 2 Jul 2019 |
| Externally published | Yes |
| Event | 2019 ACM Asia Conference on Computer and Communications Security - Auckland, New Zealand Duration: 9 Jul 2019 → 12 Jul 2019 |
Conference
| Conference | 2019 ACM Asia Conference on Computer and Communications Security |
|---|---|
| Abbreviated title | Asia CCS '19 |
| Country/Territory | New Zealand |
| City | Auckland |
| Period | 9/07/19 → 12/07/19 |
Bibliographical note
Acknowledgements:We thank all the reviewers of this paper for their valuable comments. We especially thank Prof. Lingxiao Jiang for his helpful discussion on clustering diff code.
Publisher Copyright:
© 2019 Association for Computing Machinery.
Funding
This work is partially supported by the Singapore National Research Foundation under NCR Award Number NRF2014NCR-NCR001-012.
Keywords
- Android Security
- System Vulnerability
- Patch Code Clustering
Fingerprint
Dive into the research topics of 'Towards Understanding Android System Vulnerabilities: Techniques and Insights'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver