wala mobile - ibm research people and projects mobile why and how to run wala on your phone julian...
Post on 06-May-2018
222 Views
Preview:
TRANSCRIPT
WALA MobileWhy and How to run WALA on your phone
Julian Dolby Workshop on WALA
PLDI/FCRC - June 2015 - Portland
WALA Mobile• Why
• State on the phone
• Security issues
• How
• Powerful Android devices make it practical
• WALA Android projects
State on the Phone
• Phone has specific apps
• no single “app store”
• communication
• vulnerabilities
State on the Phone• Intents configure inter-app communication
• Control communication
• Register understanding
• Choice or default
• Set by user anytime
Security Issues• Static enforcement of policies
• Those requested by app
• No analysis of sufficiency
• No analysis of minimality
• No analysis of satisfiability
Security Issues• Security vulnerabilities within an app
• Security vulnerabilities across apps
WALA Mobile is practical• Android provides full Java support
• Eclipse, Maven support Android builds
WALA Mobile is practical• Analysis may drain battery
• installation already heavy weight on Android 5
• “limited-power mobile devices”
• wrong: 2.3 GHz, 4-core, 64 bit, 4GB is ample(Asus ZenFone 2)
WALA Mobile Status• WALA Mobile inherits all WALA code
• WALA Mobile on github
• parallel https://github.com/wala/WALA-Mobile
• Basic Android support
• a few simple JUnit tests
• a CallGraph builder service
WALA Mobile Future• Evaluate existing analyses
• basic analysis performance
• permissions analysis
• taint analysis
• Mobile extensions
• exploit phone state
Referenceshttps://www.eecs.berkeley.edu/~daw/papers/intents-mobisys11.pdf
http://www.gilith.com/research/talks/hcss2012.pdf
top related