wala mobile - ibm research people and projects mobile why and how to run wala on your phone julian...

WALA MobileWhy and How to run WALA on your phone

Julian Dolby Workshop on WALA

PLDI/FCRC - June 2015 - Portland

WALA Mobile• Why

• State on the phone

• Security issues

• How

• Powerful Android devices make it practical

• WALA Android projects

State on the Phone

• Phone has specific apps

• no single “app store”

• communication

• vulnerabilities

State on the Phone• Intents configure inter-app communication

• Control communication

• Register understanding

• Choice or default

• Set by user anytime

Security Issues• Static enforcement of policies

• Those requested by app

• No analysis of sufficiency

• No analysis of minimality

• No analysis of satisfiability

Security Issues• Security vulnerabilities within an app

• Security vulnerabilities across apps

WALA Mobile is practical• Android provides full Java support

• Eclipse, Maven support Android builds

WALA Mobile is practical• Analysis may drain battery

• installation already heavy weight on Android 5

• “limited-power mobile devices”

• wrong: 2.3 GHz, 4-core, 64 bit, 4GB is ample(Asus ZenFone 2)

WALA Mobile Status• WALA Mobile inherits all WALA code

• WALA Mobile on github

• parallel https://github.com/wala/WALA-Mobile

• Basic Android support

• a few simple JUnit tests

• a CallGraph builder service

WALA Mobile Future• Evaluate existing analyses

• basic analysis performance

• permissions analysis

• taint analysis

• Mobile extensions

• exploit phone state

Referenceshttps://www.eecs.berkeley.edu/~daw/papers/intents-mobisys11.pdf

http://www.gilith.com/research/talks/hcss2012.pdf