Description
Given the global popularity of the smartphone, the increasing value of data and how easily mobile applications can obtain
even the most private user data, concerns have arisen regarding the privacy and security of nearly half of the world’s population
of smartphone users. While the Android community has developed a rich variety of analysis tools, the iOS ecosystem, in turn,
is a more unexplored area, which is due to its closed nature. This makes the development of new analysis mechanisms for
iOS apps to reliably and precisely assess how data flows through an app and what data leaves it, an endeavour of the uttermost
importance.This thesis presents a generic way to approximate the data-flow of an iOS app binary by using a weighted pushdown
system (WPDS), which constitutes a novelty in the domain of iOS. We leverage the WPDS to perform static taint analysis and,
as a proof of concept, aim to find privacy leaks in iOS apps. However, the discovery of privacy leaks is merely one type of data-flow
related security problem where one can apply our approach. In this context, we propose a tool which starts with the interprocedural
control-flowgraph (ICFG) of an iOS app binary and converts it to a WPDS. Along this binary-level conversion, we statically specify
the types of entry and exit points, between which we want to track data-flow. This is the only non-generic component of our tool and
aprerequisite for the taint analysis, where we aim to identify all tainted data-flow paths between the specified points. A set of the
discovered tainted paths forms the final output of our tool.I n the evaluation process, we applied our tool to a case study with six
different tainted paths representing the concepts we aimed to cover. Our tool could identify five of six cases correctly, with zero false
positives. This strongly indicates that WPDSs are indeed a data-flow analysis framework, which can be leveraged for taint analysis of
iOS applications. Nevertheless, future work is required to establish how well the tool performs on a real-world data set in practice.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching