ASVAAN: Semi-automatic side-channel analysis of Android NDK
Valerio Brussani
TL;DR
This paper presents ASVAAN, a semi-automatic method for discovering side-channel vulnerabilities in Android NDK, identifying new leaks that can infer user activity with high accuracy, marking the first such findings in this domain.
Contribution
Introduces a novel semi-automatic approach for detecting Android NDK side-channel leaks, uncovering the first known vulnerabilities in this area.
Findings
Discovered over 8 new side-channel leaks in Android NDK functions.
Leaks enable accurate inference of app and website launches.
Findings responsibly disclosed to Google.
Abstract
Android is the most popular operating systems for smartphones and is also well-known for its flexibility and security. However, although it is overall considered very secure, there are still some vulnerabilities occasionally discovered that allow getting user sensitive information bypassing security controls and boundaries: among these, side-channel vulnerabilities are a significant concern these days. Although there are several types of side-channel vulnerabilities, ones focused on APIs still represent a great area to explore, which, until now, has often been analysed manually. Only in the latest years, there have been published some automatic solutions which focus on performing automatic scanning of side-channel flaws in Android, created due to the increasing codebase of the operating system; however, they present some limitations. This paper introduces a new approach to discover…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Security and Verification in Computing · Digital and Cyber Forensics