|
Mobile applications (i.e., apps) are becoming critical parts in our daily life. While these apps provide better customized services using users' personal data, certain behavior of the apps is less than desirable or harmful. For example, if an app's user interface (UI) has no texts or images to indicate that it will access users' personal data (e.g., GPS data), but the app discloses users' personal data when an action is performed (e.g., pressing a button), then red flags should be raised. Thus, it is crucial to understand the intents of the app to determine whether the app will perform within the user's expectation. Various research efforts have been dedicated to understand apps' intents via analyzing the semantics of texts in UI. However, images, especially icons, remain unexplored. In apps' UIs, icons are often used in interactive widgets (e.g., buttons) to express the intents to use sensitive data. It is often difficult to analyze the semantics of icons due to the varieties in image styles and the lack of descriptive texts.
The proposed research will build a knowledge base of icons' semantics via collecting icons from apps in major smartphone markets, and develop a framework to infer the semantics of icons based on the collected icons. More specifically, the PI proposes to adapt computer vision techniques to develop icon recognition techniques that identify similar icons based on the collected icons, and leverage program analysis techniques to check the compatibility between the icons and the program behaviors. Furthermore, this research will combine the semantics of both texts and icons to better detect undesired behavior in apps. The proposed research in understanding apps' intents improves mobile app security, which will have tremendous economical impact on society due to our increasing reliance on mobile apps. The proposed techniques will also benefit the security analysis of other event-driven GUI software applications, such as desktop applications, wearable apps, and web apps.
Dr. Xusheng Xiao is an assistant professor of Electrical Engineering and Computer Science at Case Western Reserve University. He received his Ph. D. degree in Computer Science at North Carolina State University in 2014. He was a visiting student in Computer Science department of the University of Illinois at Urbana-Champaign in 2013-2014. His research interests are in software engineering and computer security, with the focus on making software applications and computer systems more reliable and secure via program analysis, software testing, text analysis, and system monitoring. His research has been presented at top-tier venues such as ICSE, FSE, ISSTA, ASE, USENIX Security, CCS, and VLDB. His work in software testing received ICSE SRC Best Project Representing an Innovative Use of Microsoft Technology at ACM SRC Grand Final 2012. His work in mobile security was selected as one of the top ten finalists for CSAW Best Applied Security Paper Award 2015, and produced a static analysis tool that was deployed in TouchDevelop of Microsoft Research. He was a researcher at the computer security department of NEC Labs America, and the security intelligence solution built by his team won first place in the Town Life and Society Innovation Category at CEATEC Award.
|
CRII: SaTC: Enhancing Mobile App Security by Detecting Icon-Behavior Contradiction