TUM Logo

Leveraging Weighted Pushdown Systems for Taint Analysis of iOS Applications

Leveraging Weighted Pushdown Systems for Taint Analysis of iOS Applications

Supervisor(s): Alexander Küchler
Status: finished
Topic: Others
Author: Florian Walter
Submission: 2020-10-15
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Given the global popularity of the smartphone, the increasing value of data and how easily mobile applications can obtain 
even the most private user data, concerns have
arisen regarding the privacy and security of nearly half of the world’s population
of
smartphone users. While the Android community has developed a rich variety of analysis tools, the iOS ecosystem, in turn,
is a more unexplored area, which is due to
its closed nature. This makes the development of new analysis mechanisms for
iOS
apps to reliably and precisely assess how data flows through an app and what data leaves it, an endeavour of the uttermost
importance.
This thesis presents a generic way to approximate the data-flow of an iOS app binary by using a weighted pushdown
system (
WPDS), which constitutes a novelty in the domain of iOS. We leverage the WPDS to perform static taint analysis and,
as a proof
of concept, aim to find privacy leaks in iOS apps. However, the discovery of privacy leaks is merely one type of data-flow
related security problem where one can apply
our approach. In this context, we propose a tool which starts with the interprocedural
control-flow
graph (ICFG) of an iOS app binary and converts it to a WPDS. Along this binary-level conversion, we statically specify
the types of entry and exit points, between which
we want to track data-flow. This is the only non-generic component of our tool and
a
prerequisite for the taint analysis, where we aim to identify all tainted data-flow paths between the specified points. A set of the
discovered tainted paths forms the final
output of our tool.I n the evaluation process, we applied our tool to a case study with six
different
tainted paths representing the concepts we aimed to cover. Our tool could identify five of six cases correctly, with zero false
positives. This strongly indicates that WPDSs are
indeed a data-flow analysis framework, which can be leveraged for taint analysis of
iOS applications. Nevertheless, future work is required to establish how well the tool
performs on a real-world data set in practice.