Mobile devices have become the fabric of our current consumer computing landscape, driven by the diverse "apps" they support, which allow users to carry out complex computing tasks. These devices and apps have become deeply personal, and as such have access to privacy-sensitive resources and information. To prevent misuse of this access, it is imperative to understand the challenges in securing mobile apps, and in effect, the true capabilities of current approaches for security analysis. The first line of defense against malicious applications are tools that analyze applications to detect security vulnerabilities or malicious behavior, ideally before apps are published to application markets. It is important for such tools to be "sound", i.e., to detect all instances of bad behavior in the application being analyzed. Prior work has indicated that such tools may often sacrifice soundness for practical reasons (e.g., for a reasonable analysis time), leading to tools that are soundy (i.e., mostly sound, but with some unsound assumptions). However, the effectiveness of these security-focused program analysis techniques is not well understood, as the unsound assumptions may not be known beyond a small community of experts, leading to a false sense of security among the users of such tools. This research develops a framework for systematically evaluating existing security techniques to uncover previously unknown unsound assumptions. The methodology developed in the course of this research has the potential for a large economic and societal impact, as improving security tools improves the vetting of mobile applications and prevents or mitigates the loss or theft of private information. Moreover, while the far-reaching impact of this work will be in increasing reliability of applications for end users, more immediate impact can be seen in educational activities. That is, this project incorporates into software engineering and security courses the best-practices for secure mobile application development, and novel security evaluation techniques developed via this project, while disseminating awareness regarding the dangers of unsound analyses to the broader research community.
This research project develops a new methodology for assessing security-focused static analysis tools for Android, by adopting the principles of mutation analysis from the field of functional software testing to systematically identify unsound assumptions. This methodology consists of three major components: (1) empirical derivation of specifications for security-focused mutation operators (i.e., security operators) through the examination of claims by security analysis tools, security bugs in open source apps, and malware samples; (2) the instantiation and seeding operators in the context of the security technique being evaluated using context-specific mutation schemes; and (3) expansion of the sound core of static program analysis tools for Android by running static analysis tools on mutants and detecting and addressing vulnerabilities. This research project cuts across the complementary disciplines of computer security and software engineering and tackles several open research questions that are currently unaddressed in both disciplines. More specifically, this project builds upon the theoretical underpinnings of mutation analysis, which aims at evaluating the efficacy of functional software tests and instantiates them in a security-focused context.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.