Skip to main content
SpringerLink
Log in

SoProtector: Securing Native C/C++ Libraries for Mobile Applications

  • Conference paper
  • First Online:
Book cover Algorithms and Architectures for Parallel Processing (ICA3PP 2018)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11336))

Abstract

Java code is easy to be decompiled, and third-party SO files are used frequently by developers to improve development efficiency. Therefore, more and more core functions of Android applications are implemented in the native layer. However, there is neither comprehensive security research work nor automated security analysis tools on Android native layer, especially for third-party SO files that are dynamically loaded within the applications. To solve this problem, SoProtector, a novel and effective system is proposed to defend against the privacy leaks, which mainly analyzes the data stream between two levels: application and Native layers. In addition, SoProtector includes a real-time monitor to detect malicious functions in binary code. Our evaluation using 3400 applications has demonstrated that SoProtector can detect more sources, sinks and smudges than most static analysis tools; And it detects and effectively blocks more than 82% of applications that dynamically load malicious third-party SO files with low performance overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Symantec index. http://www.symantec.com/connect/blogs/norton-mobile-insight-discovers-facebook-privacyleak

  2. Ball index. http://www.theguardian.com/world/2014/jan/27/nsa-gchqsmartphone-app-angry-birds-personal-data

  3. Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.Jean, Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30921-2_17

    Chapter  Google Scholar 

  4. Kaspersky index. http://usa.kaspersky.com/about-us/press-center/pressreleases

  5. Symantec index. http://www..com/connect/blogs/yet-another-bunchmalicious-apps-found-google-play

    Google Scholar 

  6. News index. https://www.csc2.ncsu.edu/faculty/xjiang4/DroidKungFu2/

  7. GingerMaster index. https://www.csc2.ncsu.edu/faculty/xjiang4

  8. News index. https://blog.lookout.com/blog/2011/03/02/android-malware-droiddream-how-it-works/. Accessed 4 Mar 2017

  9. Liu, Z.: Verifiable searchable encryption with aggregate keys for data sharing system. Future Gener. Comput. Syst. 78, 778–788 (2018)

    Article  Google Scholar 

  10. Enck, W.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst., 2–32 (2014)

    Google Scholar 

  11. Hornyack, P.: These aren’t the droids you are looking for: retrofitting Android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 639–652 (2011)

    Google Scholar 

  12. Arzt, S.: Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM SIGPLAN Not. 49, 259–269 (2014)

    Article  Google Scholar 

  13. Chen, X.: N-Mobishare: new privacy-perserving location-sharing system for mobile online social networks. Int. J. Comput. Math. 93, 384–400 (2018)

    Google Scholar 

  14. Li, T.: CDFS: a cryptographic data publishing system. J. Comput. Syst. Sci., 80–91 (2018)

    Article  MathSciNet  Google Scholar 

  15. Fischer, F.: Stack overflow considered harmful? the impact of copy & paste on android application security. In: IEEE Symposium on Security and Privacy (SP), pp. 121–136 (2017)

    Google Scholar 

  16. Xu, D.: Cryptographic function detection in obfuscated binaries via bit-precise symbolic loop mapping. In: IEEE Symposium on Security and Privacy (SP), pp. 921–937 (2017)

    Google Scholar 

  17. Eschweiler, S.: Efficient cross-architecture identification of bugs in binary code. In: The Network and Distributed System Security Symposium (2016)

    Google Scholar 

  18. Pewny, J.: Cross-architecture bug search in binary executables. In: IEEE Symposium on Security and Privacy, pp. 709–724 (2015)

    Google Scholar 

  19. Feng, Q.: Scalable graph-based bug search for firmware images. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 480–491 (2016)

    Google Scholar 

  20. Geoffrey, H.: Deep learning. Nature 521, 436–444 (2015)

    Article  Google Scholar 

  21. Richard, S.: Recognizing functions in binaries with neural networks. In: USENIX Security, pp. 611–626 (2015)

    Google Scholar 

  22. Xiao, J.: Neural network-based graph embedding for cross-platform binary code similarity detection. In: ACM Conference on Computer and Communications Security, pp. 435–446 (2017)

    Google Scholar 

  23. Wang, H.: A secure, usable, and transparent middleware for permission managers on Android. In: IEEE Transactions on Dependable and Secure Computing, pp. 350–362 (2017)

    Article  Google Scholar 

  24. Wandoujia Store Index. http://www.wandoujia.com/apps

  25. VirusShare Index. https://virusshare.com

  26. Krupp, B.: SPE: security and privacy enhancement framework for mobile devices. IEEE Trans. Dependable Sec. Comput. 14, 433–446 (2017)

    Article  Google Scholar 

  27. Saracino, A.: MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Dependable Sec. Comput. 15, 83–97 (2018)

    Article  Google Scholar 

  28. Tongxin, L.: Unleashing the walking dead: understanding cross-app remote infections on mobile WebViews. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 829–844 (2017)

    Google Scholar 

  29. Paranthaman, R.: Malware collection and analysis. In: 2017 IEEE International Conference on Information Reuse and Integration, pp. 26–31 (2017)

    Google Scholar 

  30. Files Websites index. http://cs.tju.edu.cn/csweb/cyxz

Download references

Acknowledgement

This work has been partially sponsored by the National Key R&D Program of China (No. 2017YFE0111900), the National Science Foundation of China (No. 61572355, U1736115), the Tianjin Research Program of Application Foundation and Advanced Technology (No. 15JCYBJC15700), and the Fundamental Research of Xinjiang Corps (No. 2016AC015).

Author information

Authors and Affiliations

  1. Tianjin Key Laboratory of Advanced Networking (TANK), School of Computer Science and Technology, Tianjin University, Tianjin, 300350, China

    Ning Zhang & Guangquan Xu

  2. Nanyang Technological University, Singapore, Singapore

    Guozhu Meng

  3. Department of Computing, Macquarie University, Sydney, Australia

    Xi Zheng

Authors
  1. Ning Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guangquan Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guozhu Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xi Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guangquan Xu .

Editor information

Editors and Affiliations

  1. Rutgers University–Newark, Newark, NJ, USA

    Jaideep Vaidya

  2. Guangzhou University, Guangzhou, China

    Jin Li

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, N., Xu, G., Meng, G., Zheng, X. (2018). SoProtector: Securing Native C/C++ Libraries for Mobile Applications. In: Vaidya, J., Li, J. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2018. Lecture Notes in Computer Science(), vol 11336. Springer, Cham. https://doi.org/10.1007/978-3-030-05057-3_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-05057-3_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-05056-6

  • Online ISBN: 978-3-030-05057-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation