WALA Mobile - IBM Research People and Projects Mobile Why and How to run WALA on your phone Julian...
Transcript of WALA Mobile - IBM Research People and Projects Mobile Why and How to run WALA on your phone Julian...
WALA MobileWhy and How to run WALA on your phone
Julian Dolby Workshop on WALA
PLDI/FCRC - June 2015 - Portland
WALA Mobile• Why
• State on the phone
• Security issues
• How
• Powerful Android devices make it practical
• WALA Android projects
State on the Phone
• Phone has specific apps
• no single “app store”
• communication
• vulnerabilities
State on the Phone• Intents configure inter-app communication
• Control communication
• Register understanding
• Choice or default
• Set by user anytime
Security Issues• Static enforcement of policies
• Those requested by app
• No analysis of sufficiency
• No analysis of minimality
• No analysis of satisfiability
Security Issues• Security vulnerabilities within an app
• Security vulnerabilities across apps
WALA Mobile is practical• Android provides full Java support
• Eclipse, Maven support Android builds
WALA Mobile is practical• Analysis may drain battery
• installation already heavy weight on Android 5
• “limited-power mobile devices”
• wrong: 2.3 GHz, 4-core, 64 bit, 4GB is ample(Asus ZenFone 2)
WALA Mobile Status• WALA Mobile inherits all WALA code
• WALA Mobile on github
• parallel https://github.com/wala/WALA-Mobile
• Basic Android support
• a few simple JUnit tests
• a CallGraph builder service
WALA Mobile Future• Evaluate existing analyses
• basic analysis performance
• permissions analysis
• taint analysis
• Mobile extensions
• exploit phone state
Referenceshttps://www.eecs.berkeley.edu/~daw/papers/intents-mobisys11.pdf
http://www.gilith.com/research/talks/hcss2012.pdf