Detecting Information Flow by Mutating Input data

Mathis, Björn and Avdiienko, Vitalii and Soremekun, Ezekiel and Böhme, Marcel and Zeller, Andreas
(2018) Detecting Information Flow by Mutating Input data.
In: Software Engineering (SE) 2018.
Conference: SE IASTED International Conference on Software Engineering

Full text not available from this repository.

Abstract

Analyzing information flow is central in assessing the security of applications. However, static and dynamic analyses of information flow are easily challenged by non-available or obscure code. We present a lightweight mutation-based analysis that systematically mutates dynamic values returned by sensitive sources to assess whether the mutation changes the values passed to sensitive sinks. If so, we found a flow between source and sink. In contrast to existing techniques, mutation-based flow analysis does not attempt to identify the specific path of the flow and is thus resilient to obfuscation. In its evaluation, our MUTAFLOW prototype for Android programs showed that mutation-based flow analysis is a lightweight yet effective complement to existing tools. Compared to the popular FLOWDROID static analysis tool, MUTAFLOW requires less than 10% of source code lines but has similar accuracy; on 20 tested real-world apps, it is able to detect 75 flows that FLOWDROID misses.

Item Type: Conference or Workshop Item (A Paper) (Paper)
Divisions: Andreas Zeller (Software Engineering, ST)
Conference: SE IASTED International Conference on Software Engineering
Depositing User: Björn Mathis
Date Deposited: 15 Feb 2018 08:09
Last Modified: 17 Oct 2022 10:08
Primary Research Area: NRA4: Secure Mobile and Autonomous Systems
URI: https://publications.cispa.saarland/id/eprint/1452

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.