{"id":837,"date":"2014-04-30T18:49:00","date_gmt":"2014-04-30T16:49:00","guid":{"rendered":"http:\/\/sseblog.ec-spride.de\/?p=837"},"modified":"2014-04-30T18:49:00","modified_gmt":"2014-04-30T16:49:00","slug":"iccta","status":"publish","type":"post","link":"https:\/\/blogs.uni-paderborn.de\/sse\/2014\/04\/30\/iccta\/","title":{"rendered":"IccTA vs. DidFail: Inter-Component, Inter-Application Data Flow Analysis in Android Applications"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_837 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_837')){$('.twoclick_social_bookmarks_post_837').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blogs.uni-paderborn.de\\\/sse\\\/2014\\\/04\\\/30\\\/iccta\\\/\",\"post_id\":837,\"post_title_referrer_track\":\"IccTA+vs.+DidFail%3A+Inter-Component%2C+Inter-Application+Data+Flow+Analysis+in+Android+Applications\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>We are happy to announce\u00a0<strong>IccTA<\/strong>, a new tool for tracking data flows between Android components and even between Android applications. <strong>IccTA<\/strong>\u00a0is a joined work together with <a href=\"http:\/\/wwwde.uni.lu\/snt\/people\/li_li\">Li Li<\/a>, <a href=\"http:\/\/www.abartel.net\/\">Alexandre Bartel<\/a>, <a href=\"http:\/\/wwwde.uni.lu\/snt\/people\/jacques_klein\">Jacques Klein<\/a>, <a href=\"http:\/\/wwwde.uni.lu\/research\/fstc\/computer_science_and_communications_research_unit\/members\/yves_le_traon\">Yves Le Traon<\/a> from the University of Luxembourg, <a href=\"http:\/\/www.cse.psu.edu\/~duo114\/\">Damien Octeau<\/a> and <a href=\"http:\/\/www.patrickmcdaniel.org\/\">Patrick McDaniel<\/a> from the Pennsylvania State University, <a href=\"http:\/\/www.ec-spride.tu-darmstadt.de\/en\/research-groups\/secure-software-engineering-group\/staff\/steven-arzt\/\">Steven Arzt<\/a>, <a href=\"http:\/\/www.ec-spride.tu-darmstadt.de\/en\/research-groups\/secure-software-engineering-group\/staff\/siegfried-rasthofer\/\">Siegfried Rasthofer<\/a> and <a href=\"http:\/\/www.bodden.de\/\">Eric Bodden<\/a>\u00a0from EC SPRIDE. <a href=\"https:\/\/sites.google.com\/site\/icctawebpage\/\">IccTA<\/a> is a tool performing static taint analysis for one or multiple Android applications.\u00a0It leverages <a href=\"http:\/\/siis.cse.psu.edu\/epicc\/\">Epicc<\/a> to connect Android components and <a href=\"http:\/\/sseblog.ec-spride.de\/tools\/flowdroid\/\">FlowDroid<\/a> to model the life-cycles of components and perform the taint analysis.<\/p>\n<p>The taint analysis is performed intra- and inter-components, which improves the precision of the analysis.\u00a0<strong>IccTA<\/strong> outperforms all other available tools (FlowDroid and AppScan) by reaching a precision of 95.0% and a recall of 82.6% on <a title=\"DroidBench \u2013 Benchmarks\" href=\"http:\/\/sseblog.ec-spride.de\/tools\/droidbench\/\">DroidBench<\/a>.<br \/>\nWhen analyzing multiple applications, <strong>IccTA<\/strong> first merges them into one then performs the analysis.<\/p>\n<p>Almost exactly the same moment, there came up an additional tool call\u00a0<a href=\"https:\/\/www.cert.org\/secure-coding\/tools\/didfail.cfm\"><em>DidFail<\/em><\/a> from the Carnegie Mellon University, which is a similar approach to <strong>IccTA<\/strong>.<br \/>\n<strong>IccTA<\/strong> and DidFail both rely on Epicc and FlowDroid to find data leaks between components of Android applications.\u00a0They can both detect intra- and inter-component leaks within a single application or between multiple applications.\u00a0Even though they leverage the same tools to compute links between components and perform data-flow analysis, the implementations differ in term of precision.<\/p>\n<p>In the following we would like to do a rough\u00a0comparison of both tools:<br \/>\n<!--more--><\/p>\n<h1><span style=\"text-decoration: underline\">IccTA vs. DidFail:<\/span><\/h1>\n<p>Currently, FlowDroid does not support callbacks for bound services.\u00a0DidFail does not support these either since it relies on FlowDroid.\u00a0On the other hand, IccTA does add its own implementation for bound services callbacks.\u00a0This can quickly be fixed in FlowDroid, but at the moment lowers the precision of DidFail.<\/p>\n<p>DidFail uses a &#8220;path matching&#8221; approach.\u00a0This means that leaks between components cannot be computed in a single step but in two steps.\u00a0In the first step, partial paths are computed in components (that is from &#8220;source&#8221; to an &#8220;inter-component-method&#8221; such as &#8220;startActivity&#8221; in the first component and from &#8220;getIntent()&#8221; to &#8220;sink&#8221; in the second component).<br \/>\nIn the second step, partial paths are combined using the path matching approach.<br \/>\nThe combinations yield full data flow paths from sources to sinks.\u00a0The problem is that in some situations the path matching approach over-approximates the number of possible paths.\u00a0Take the following example:<\/p>\n<p><a href=\"http:\/\/blogs.uni-paderborn.de\/sse\/files\/2014\/04\/intercomponent.png\"><img decoding=\"async\" src=\"http:\/\/blogs.uni-paderborn.de\/sse\/files\/2014\/04\/intercomponent.png\" alt=\"intercomponent\" \/><\/a><\/p>\n<p>First, let&#8217;s start with the intra-component flows:<\/p>\n<p>&#8211; <em>ButtonOnClickListener<\/em>: FlowDroid detects\u00a0a flow from &#8220;getDeviceId()&#8221; to &#8220;startActivityForResult()&#8221; which is an &#8220;inter-component-method&#8221; (<span style=\"color: #ff0000\">red arrows<\/span>)<\/p>\n<p>&#8211; <em>Activity 3<\/em>: FlowDroid detects\u00a0a flow from &#8220;getIntent()&#8221; to &#8220;setResult()&#8221; which is also an &#8220;inter-component-method&#8221; (<span style=\"color: #00ff00\">green arrow<\/span>)<\/p>\n<p>&#8211; <em>Activity 2<\/em>: FlowDroid detects a flow from &#8220;getStringExtra()&#8221; to &#8220;Log.i()&#8221; (<span style=\"color: #3366ff\">blue arrow<\/span>)<\/p>\n<p>&#8211; Activity 1: FlowDroid detects a flow from &#8220;getStringExtra()&#8221; to &#8220;Log.i()&#8221; (<span style=\"color: #3366ff\">blue arrow<\/span>)<\/p>\n<p>Well, this are\u00a0no news. The news are the ability to track inter-component flows in a really precise way. There are two privacy leaks through inter-component flows:<\/p>\n<p>&#8211; (a1) -&gt; (c1)<\/p>\n<p>&#8211; (a2) -&gt; (c2)<\/p>\n<p>&#8220;Path matching&#8221; approaches such as\u00a0DidFail may\u00a0produce four privacy leaks (two false positives):<\/p>\n<p>&#8211; (a1) -&gt; (c1)<\/p>\n<p>&#8211; (a2) -&gt; (c2)<\/p>\n<p>&#8211; (a1) -&gt; (c2), false positive<\/p>\n<p>&#8211; (a2) -&gt; (c1), false positive<\/p>\n<p>For future work, we will intensively compare both tools to get a better understanding about precision and recall. It&#8217;s great to see DidFail being open source and we greatly encourage others to follow this example.<\/p>\n<p>&nbsp;<\/p>\n<p>(This article was written by\u00a0<a href=\"http:\/\/wwwde.uni.lu\/snt\/people\/li_li\">Li Li<\/a>,\u00a0<a href=\"http:\/\/www.abartel.net\/\">Alexandre Bartel<\/a>\u00a0and\u00a0<a href=\"http:\/\/www.ec-spride.tu-darmstadt.de\/en\/research-groups\/secure-software-engineering-group\/staff\/siegfried-rasthofer\/\">Siegfried Rasthofer<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We are happy to announce\u00a0IccTA, a new tool for tracking data flows between Android components and even between Android applications. IccTA\u00a0is a joined work together with Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon from the University of Luxembourg, &hellip; <a href=\"https:\/\/blogs.uni-paderborn.de\/sse\/2014\/04\/30\/iccta\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6581,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,1,51,71],"tags":[],"class_list":["post-837","post","type-post","status-publish","format-standard","hentry","category-android","category-general","category-security-analysis","category-static-analysis"],"_links":{"self":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/837","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/users\/6581"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/comments?post=837"}],"version-history":[{"count":0,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/837\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/media?parent=837"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/categories?post=837"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/tags?post=837"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}