Over recent years, the mobile device ecosystem has seen a surge in mobile applications, with Google’s Android hosting in excess of 2.5 million apps alone, and generating over $7 billion in global revenue. Unfortunately, the rapid expansion of the ecosystem brought its unique challenges in preserving of application security and data privacy through policy enforcement systems. Modern apps, in general, are an amalgamation of developer-authored (i.e., first-party) and “external” (i.e., third party) library code, both of which can generate network traffic, and hence making it difficult to attribute distinct libraries to network communications for policy enforcement purposes. Another challenge is the identification of additional functionalities that are attached to library functions. Seemingly inconspicuous background functionalities, bundled with other library functions, often leads to unintended data flows from end-user devices. Researchers have developed a variety of systems and policies to restrict communications, monitor application utilization, and ensure application security. However, such solutions are constrained by the lack of fine-grained on-device data to generate mobile-specific and efficient policies.
In this thesis, we propose an array of mobile-specific data analysis and enforcement frameworks to bridge the gap between fine-grained contextual data and policy enforcement. We first present Libspector, which demonstrates accurate attribution of network data to specific app libraries, to measure the prevalence of third-party library activities across real-world apps. Our results show that a quarter of network data belongs to advertisement and tracking libraries. We then present BorderPatrol, which uses the association of libraries and methods to app functions, to selectively enforce fine-grained policies on specific application functionalities. We successfully demonstrate decoupling of common functions such as account login and analytical data transmission. Our third framework, Janus, presents a novel methodology to create optimized mobile-specific network blocking policies for widely deployed browser-based enforcement systems. We achieve up to 3.6 times better policy coverage on network blocking, only with 5% of the size of similar policies. Finally, we present AppJitsu, a measurement system to detect applications’ adherence to platform-wide security policies and self-resiliency against malicious techniques. Through our system, we conduct an analysis of security-focused apps and observe that most apps lack self-resiliency against known attacks.
In summary, by providing attribution of network packets to third-party libraries, we increase contextual awareness, and demonstrate an improved security posture along fine-grained policy enforcement on app functionalities. We further apply the principles of contextual awareness to app domain and measure implementations of app-security policies, and finally provide contextual enforcement on the network with a mobile-specific focus. / 2023-05-31T00:00:00Z
| Identifer | oai:union.ndltd.org:bu.edu/oai:open.bu.edu:2144/44787 |
| Date | 31 May 2022 |
| Creators | Zungur, Onur |
| Contributors | Egele, Manuel |
| Source Sets | Boston University |
| Language | en_US |
| Detected Language | English |
| Type | Thesis/Dissertation |
Page generated in 0.0023 seconds