Home > Seminars > Joshua Garcia - Automated Android Security Assessment: Malware, Vulnerabilities, and Exploits

Joshua Garcia - Automated Android Security Assessment: Malware, Vulnerabilities, and Exploits


2/1/2018 at 3:30PM


2/1/2018 at 4:30PM


126 DeBartolo


College of Engineering close button

Jane Cleland-Huang

Jane Cleland-Huang

VIEW FULL PROFILE Email: janeclelandhuang@nd.edu
Phone: 574-631-3637
Website: http://sarec.nd.edu/pages/ClelandHuang.html
Office: 354 Fitzpatrick
Software requirements traceability, software architecture, and the application of machine learning and data mining methods to address large-scale software and systems engineering problems.
Click for more information about Jane
Add to calendar:
iCal vCal

Android has become the dominant mobile platform. Millions of Android 
apps have been produced and disseminated across app markets, spurred by 
the relative ease of construction using the Android development framework. Unfortunately, this ease of dissemination and construction, and access to millions of users, has attracted malicious app developers and contributed to a growing number of exploitable software vulnerabilities. In this talk, to address these aforementioned 
challenges, I present two approaches for Android security assessment that I have constructed: LetterBomb, the first approach for automatically generating exploits for Android apps, and RevealDroid, a lightweight, obfuscation-resilient approach for malware detection and family identification that leverages machine learning and static analysis of both conventional and unconventional code (i.e., reflective 
code and native code). 

In the first part of this talk, I introduce LetterBomb, which relies on a combined path-sensitive symbolic execution-based static analysis, and the use of software instrumentation and test oracles. I ran LetterBomb on 10,000 Android apps from Google Play, where I identified nearly 200 exploits from over 800 vulnerable apps, including popular apps with up to 10 million downloads. Compared to a state-of-the-art detection approach for three ICC-based vulnerabilities, LetterBomb obtains 30%-60% more vulnerabilities at a 7 times faster speed. 

In the second part of this talk, I present RevealDroid, which operates without the need to perform complex program analyses or to extract large sets of features, and examines unconventional code. Specifically, our selected features leverage categorized Android API usage, reflection-based features, and features from native binaries of apps. I assessed RevealDroid on more than 54,000 malicious and benign apps, where it achieved an accuracy of 98% for detection of malware, an 
accuracy of 95% for determination of their families, and very high obfuscation resiliency. I further demonstrate RevealDroid’s superiority against state-of-the-art approaches. 

Seminar Speaker:

Joshua Garcia

Joshua Garcia

University of California-Irvine

Joshua Garcia is a Postdoctoral Researcher at the Institute for Software Research at the University of California, Irvine (UCI) and the Software Engineering and Analysis Lab at UCI’s Department of Informatics in the Donald Bren School of Information and Computer Sciences. His current research interests including mobile security, testing, and analysis—and addressing problems of software architectural drift and erosion. He 
received three degrees from the University of Southern California: a B.S. in computer engineering and computer science, an M.S. in computer science, and a Ph.D. in computer science. His industrial experience includes software-engineering or research positions at the NASA Jet Propulsion Laboratory, the Southern California Earthquake Center, and Xerox Special Information Systems.