On the effectiveness of API-level access control using bytecode rewriting in Android

Hao Hao, Vicky Singh, Wenliang Du

Research output: Chapter in Book/Report/Conference proceedingConference contribution

41 Scopus citations

Abstract

Bytecode rewriting on Android applications has been widely adopted to implement fine-grained access control. It endows more flexibility and convenience without modifying the Android platform. Bytecode rewriting uses static analysis to identify the usage of security-sensitive API methods, before it instruments the bytecode to control the access to these API calls. Due to the significance of this technique, the effectiveness of its performance in providing fine-grained access control is crucial. We have provided a systematic evaluation to assess the effectiveness of API-level access control using bytecode rewriting on Android Operating System. In our evaluation, we have identified a number of potential attacks targeted at incomplete implementations of bytecode rewriting on Android OS, which can be applied to bypass access control imposed by bytecode rewriter. These attacks can either bypass the API-level access control or make such access control difficult to implement, exposing weak links in the bytecode rewriting process. Recommendations on engineering secure bytecode rewriting tools are presented based on the identified attacks. This work is the first systematic study on the effectiveness of using bytecode rewriting for API-level access control.

Original languageEnglish (US)
Title of host publicationASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security
Pages25-36
Number of pages12
DOIs
StatePublished - May 27 2013
Event8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013 - Hangzhou, China
Duration: May 8 2013May 10 2013

Publication series

NameASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security

Other

Other8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013
CountryChina
CityHangzhou
Period5/8/135/10/13

Keywords

  • Android
  • access control
  • bytecode rewriting

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Fingerprint Dive into the research topics of 'On the effectiveness of API-level access control using bytecode rewriting in Android'. Together they form a unique fingerprint.

  • Cite this

    Hao, H., Singh, V., & Du, W. (2013). On the effectiveness of API-level access control using bytecode rewriting in Android. In ASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security (pp. 25-36). (ASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security). https://doi.org/10.1145/2484313.2484317