The emergence of smartphones and more generally mobile platforms as a vehicle for communication, entertainment, and commerce has led to a revolution of innovation. Markets now provide a dizzying array of applications that inform and aid every conceivable human need or desire. At the same time, application markets allow previously unknown multitudes of application developers access to user devices through fast- tracked software publishing with well-documented consequent security concerns. The science and tools for performing security analysis of applications have vastly improved over the last decade. However, market providers have limited capability to apply those analyses at scale to the massive software markets.
This project is a crosscutting research, educational, and outreach plan improving the scalability and accuracy of smartphone application analysis. The research effort focuses on the creation of new techniques and algorithms to enable analysis of large bodies of applications by reducing analysis cost and prioritizing identified security vulnerabilities by their expected impact. Explored within the context of Android Intent analysis resolution, the team is developing efficient algorithms and study the computational complexity of matching application communication sources and sinks thereby supporting phone-wide information flow analysis, developing empirical models for estimating the likelihoods of inter-component communication, and exploring features and metrics indicating their potential security impacts communication pathways. The approaches are being applied to a commercial markets (Apple iOS) and domains (web, desktop, and server environments) and massive application data sets.
TWC: Medium: Collaborative: Scaling and Prioritizing Market-Sized Application Analysis