Dynamic Identification of Data Flows through iOS Runtime Functions via Input Manipulations
Dynamic Identification of Data Flows through iOS Runtime Functions via Input Manipulations
| Supervisor(s): | Alexander Küchler |
| Status: | finished |
| Topic: | Others |
| Author: | Anna Darii |
| Submission: | 2022-02-15 |
| Type of Thesis: | Bachelorthesis |
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching
|
|
DescriptionData flow analysers are much more common for iOS than Android. However, iOS applications also face security and privacy issues with undesired data flows. Thus, tools are needed to identify those. Static analysers often face issues with library functions. An existing dynamic analysis tool, DynaMiT, aims to support static analysers in that regard. This thesis introduces an extension to DynaMiT that uses input manipulation to improve the accuracy of the tool. By calling a function with different random and pre-defined inputs the tool identifies dependencies between data sources and destinations. The search for values changes is then performed using Object Trees, introduced in the original DynaMiT, avoiding monitoring of the whole memory space. Based on experiments conducted on a random sample, the extension improved the false negative rate from 48.0% to 26.0% and did not change the false positive rate. However, some technical limitations connected to the instrumentation process need further research. |
|