Modelling the Impact of the iOS Runtime on Data Flows in Applications
Modelling the Impact of the iOS Runtime on Data Flows in Applications
| Supervisor(s): | Alexander Küchler, Maximilian Kaul |
| Status: | finished |
| Topic: | Others |
| Author: | Leonhard Kurthen |
| Submission: | 2021-04-15 |
| Type of Thesis: | Masterthesis |
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching
|
|
DescriptionData flow analyses for mobile systems such as Android and iOS are important to detect privacy violations, security issues, or analyzing malware.
Many existing taint analyzers or other program analyzers face problems when library functions are called, since the library code is often not present
during the analysis or chosen to be skipped for performance reasons. In these cases, data flow heuristics are used as a replacement for analyzing the
library code. These heuristics can introduce errors into the analysis when either false data flows are asserted or when some types of data flows are
ignored completely.
To replace these flawed heuristics, this thesis presents a novel approach, called DynaMiT, that models the data flows of iOS API methods. The novelty
lies in the code-independent approach to create these models. It leverages dynamic analysis to inspect the memory state before and after a method call
to infer the data flows through this function. A method’s call arguments,self-object, and return value are stored in tree structures that retain the reference
hierarchy of the involved values. These trees are combined in a systematic way to infer data flows between them.
With DynaMiT, an analysis was conducted on the public iOS frameworks that were used by a few third-party apps from the App Store. Of all 281,405 public
API methods, 2,053 methods were analyzed, of which 40.87% were detected to feature any data flow. In the evaluation, the results of 50 randomly selected
methods were checked against their official documentation. To those, a false positive rate of 0 % and a false negative rate of 40.63 % was found.
|
|