@article{gorski_andow_nadkarni_manandhar_enck_bodden_bartel_2019, title={ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware}, DOI={10.1145/3292006.3300023}, abstractNote={Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks. ACMiner combines program and text analysis techniques to generate a rich set of authorization checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks. In doing so, we demonstrate ACMiner's ability to help domain experts process thousands of authorization checks scattered across millions of lines of code.}, journal={PROCEEDINGS OF THE NINTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY '19)}, author={Gorski, Sigmund Albert, III and Andow, Benjamin and Nadkarni, Adwait and Manandhar, Sunil and Enck, William and Bodden, Eric and Bartel, Alexandre}, year={2019}, pages={25–36} }
 @article{gorski_enck_2019, title={ARF: Identifying Re-Delegation Vulnerabilities in Android System Services}, DOI={10.1145/3317549.3319725}, abstractNote={Over the past decade, the security of the Android platform has undergone significant scrutiny by both academic and industrial researchers. This scrutiny has been largely directed towards third-party applications and a few critical system interfaces, leaving much of Android's middleware unstudied. Building upon recent efforts to more rigorously analyze authorization logic in Android's system services, we revisit the problem of permission re-delegation, but in the context of system service entry points. In this paper, we propose the Android Re-delegation Finder (ARF) analysis framework for helping security analysts identify permission re-delegation vulnerabilities within Android's system services. ARF analyzes an interconnected graph of entry points in system services, deriving calling dependencies, annotating permission checks, and identifying potentially vulnerable deputies that improperly expose information or functionality to third-party applications. We apply ARF to Android AOSP version 8.1.0 and find that it refines the set of 15,483 paths between entry points down to a manageable set of 490 paths. Upon manual inspection, we found that 170 paths improperly exposed information or functionality, consisting of 86 vulnerable deputies. Through this effort, we demonstrate the need for continued investigation of automated tools to analyze the authorization logic within the Android middleware.}, journal={PROCEEDINGS OF THE 2019 CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '19)}, author={Gorski, Sigmund Albert, III and Enck, William}, year={2019}, pages={151–162} }
 @article{shu_wang_gorski_andow_nadkarni_deshotels_gionta_enck_gu_2016, title={A Study of Security Isolation Techniques}, volume={49}, ISSN={["1557-7341"]}, DOI={10.1145/2988545}, abstractNote={Security isolation is a foundation of computing systems that enables resilience to different forms of attacks. This article seeks to understand existing security isolation techniques by systematically classifying different approaches and analyzing their properties. We provide a hierarchical classification structure for grouping different security isolation techniques. At the top level, we consider two principal aspects: mechanism and policy. Each aspect is broken down into salient dimensions that describe key properties. We break the mechanism into two dimensions, enforcement location and isolation granularity, and break the policy aspect down into three dimensions: policy generation, policy configurability, and policy lifetime. We apply our classification to a set of representative articles that cover a breadth of security isolation techniques and discuss tradeoffs among different design choices and limitations of existing approaches.}, number={3}, journal={ACM COMPUTING SURVEYS}, publisher={ACM}, author={Shu, Rui and Wang, Peipei and Gorski, Sigmund A. and Andow, Benjamin and Nadkarni, Adwait and Deshotels, Luke and Gionta, Jason and Enck, William and Gu, Xiaohui}, year={2016}, month={Dec} }
 @article{reaves_bowers_gorski_anise_bobhate_cho_das_hussain_karachiwala_scaife_et al._2016, title={droid: Assessment and Evaluation of Android Application Analysis Tools}, volume={49}, ISSN={["1557-7341"]}, DOI={10.1145/2996358}, abstractNote={The security research community has invested significant effort in improving the security of Android applications over the past half decade. This effort has addressed a wide range of problems and resulted in the creation of many tools for application analysis. In this article, we perform the first systematization of Android security research that analyzes applications, characterizing the work published in more than 17 top venues since 2010. We categorize each paper by the types of problems they solve, highlight areas that have received the most attention, and note whether tools were ever publicly released for each effort. Of the released tools, we then evaluate a representative sample to determine how well application developers can apply the results of our community’s efforts to improve their products. We find not only that significant work remains to be done in terms of research coverage but also that the tools suffer from significant issues ranging from lack of maintenance to the inability to produce functional output for applications with known vulnerabilities. We close by offering suggestions on how the community can more successfully move forward.}, number={3}, journal={ACM COMPUTING SURVEYS}, author={Reaves, Bradley and Bowers, Jasmine and Gorski, Sigmund Albert, III and Anise, Olabode and Bobhate, Rahul and Cho, Raymond and Das, Hiranava and Hussain, Sharique and Karachiwala, Hamza and Scaife, Nolen and et al.}, year={2016}, month={Dec} }