计算机科学 ›› 2018, Vol. 45 ›› Issue (4): 163-168.doi: 10.11896/j.issn.1002-137X.2018.04.027

• 信息安全 • 上一篇    下一篇

PDiOS:iOS应用程序中私有API的调用检测

吴姝,周安民,左政   

  1. 四川大学电子信息学院 成都610065,四川大学电子信息学院 成都610065,四川大学电子信息学院 成都610065
  • 出版日期:2018-04-15 发布日期:2018-05-11

PDiOS:Private API Call Detection in iOS Applications

WU Shu, ZHOU An-min and ZUO Zheng   

  • Online:2018-04-15 Published:2018-05-11

摘要: 苹果公司对App Store上的每一款应用程序都进行了审核,包括是否存在访问用户敏感信息的私有API调用,但是仍有恶意应用通过了该项审查。针对iOS应用程序中私有API的调用问题,提出了一种动、静态相结合的检测技术PDiOS。通过反向分片和常量传播的静态分析方式来处理大部分API调用,基于强制执行的动态迭代分析来处理剩余API。静态分析包含了对二进制文件的全面分析以及对资源文件中隐式调用的处理,动态分析主要依赖于二进制动态分析框架进行迭代分析。最后通过对比公开头文件中的API来确定私有API的调用。在对官方商店的1012款应用程序的检测中,确认有82款应用程序存在共128个不同的私有API调用。在对企业证书签名的32款应用程序的检测中,确认有26款使用了私有API调用。

关键词: 私有API,应用程序审查,反向分片,常量传播,强制执行

Abstract: Apple has reviewed every application in App Store,including private application programming interface(API) calls,but some malicious applications still escape from the review.Aiming at the private API call in iOS application,a detection technique combining dynamic and static analysis was proposed.Most of the API call sites were processed by static analysis of backward slicing and constant propagation,and the remaining APIs are dealt with by dynamic iterative analysis based on enforcement.Static analysis includes a comprehensive analysis of the binary file and the implicit call analysis in the resource file processing.Dynamic analysis mainly depends on the binary dynamic analysis framework for iterative analysis.Finally,the existence of private API is determined by comparing the API in the public header file.There are 82 applications with 128 different private API calls during the testing of 1012 applications in App Store,and 26 applications are sure to use private API calls in the 32 applications signed by the enterprise certificate.

Key words: Private application programming interface,Application vetting,Backward slicing,Constant propagation,Forced execution

[1] JOORABCHI M E,MESBAH A.Reverse engineering iOS mobile applications[C]∥2012 19th Working Conference on Reverse Engineering(WCRE).IEEE,2012:177-186.
[2] KURTZ A,GASCON H,BECKER T,et al.Fingerprinting mobile devices using personalized configurations[J].Proceedings on Privacy Enhancing Technologies,2016,6(1):4-19.
[3] EGELE M,KRUEGEL C,KIRDA E,et al.PiOS:Detecting Privacy Leaks in iOS Applications[C]∥NDSS.2011:177-183.
[4] DENG Z,SALTAFORMAGGIO B,ZHANG X,et al.iRiS:Vetting private api abuse in ios applications[C]∥Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.ACM,2015:44-56.
[5] SERIOT N.iPhone Privacy[EB/OL].[2010-02-03].http://seriot.ch/resources/talks_papers/iPhonePrivacy.pdf.
[6] iOS Technology Overview[EB/OL].[2016-05-01].https://developer.apple.com/library/content/documentation/Miscellaneous/Conceptual/iPhoneOSTechOverview/Introduction/Introduction.html#//apple_ref/doc/uid/TP40007898-CH1-SW1.
[7] 关东升.iOS开发指南[M].北京:人民邮电出版社,2016.
[8] AGARWAL Y,HALL M.ProtectMyPrivacy:detecting and mi-tigating privacy leaks on iOS devices using crowdsourcing[C]∥11th Annual International Conference on Mobile Systems,Applications,and Services.ACM,2013:97-110.
[9] GARCA L,RODRGUEZ R J.A Peek under the Hood of iOS Malware[C]∥2016 11th International Conference on Availability,Reliability and Security(ARES).IEEE,2016:590-598.
[10] MOU L,LU Z,LI H,et al.Coupling distributed and symbolicexecution for natural language queries[J].arXiv preprint arXiv:1612.02741,2016.
[11] PENG F,DENG Z,ZHANG X,et al.X-Force:Force-Executing Binary Programs for Security Applications[C]∥USENIX Security Symposium.2014:829-844.
[12] Hex-Rays.IDA Pro.http://www.hex-rays.com/idapro.
[13] WEISER M.Program slicing[C]∥International Conference on Software Engineering.IEEE Press,1981:439-449.
[14] SABELFELD A,MYERS A C.Language-based information-flow security[J].IEEE Journal on Selected Areas in Communications,2003,21(1):5-19.
[15] NETHERCOTE N,SEWARD J.Valgrind:a framework forheavy weight dynamic binary instrumentation[J].ACM Sigplan notices,ACM,2007,42(6):89-100.
[16] LEVIN J.Mac OS X and IOS Internals:To the Apple’s Core[M].England:John Wiley & Sons,2012.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!