NLEU: A Semantic-based Taint Analysis for Vetting Apps in Android

NLEU: A Semantic-based Taint Analysis for Vetting Apps in Android

연구 분야: Strategies

학회: 2021 International Conference on Networking and Network Applications (NaNA)

Due to the widespread of Android apps in our daily life, vulnerable or malicious apps have become two major threats on clients’ privacy. Taint analysis is one of the most widely used approach for detecting information leakage by tracking sensitive flows through the apps in accord with specific taint propagation rules and predefined sensitive sources and sinks. However, most existing static taint analysis tools, including FlowDroid, IccTA, etc., neglect the semantics of detected flows, especially for conditional branch in apps, which may cause a precision loss in practical environment. In this paper, we propose NLEU, a semantic-based taint analysis approach to improve the precision of traditional flow tracking techniques, which introduce a new dimension of information, i.e., the program’s semantics, for vetting Android apps. At the same time, NLEU can eliminate the insensitive flows of flow tracking techniques. The NLP techniques are adopted to extract the program semantics from codes and their comments. Through the experiments and evaluations, the result show that NLEU can improve the overall performance effectively compared with the traditional tools.