An official website of the United States government
Mobile application security has been a major area of focus for security research over the course of the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However, existing tools, and specifically, static analysis tools, trade soundness of the analysis for precision and performance and are hence sound y . Unfortunately, the specific unsound choices or flaws in the design of these tools is often not known or well documented, leading to misplaced confidence among researchers, developers, and users. This article describes the Mutation-Based Soundness Evaluation (μSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix flaws, by leveraging the well-founded practice of mutation analysis. We implemented μSE and applied it to a set of prominent Android static analysis tools that detect private data leaks in apps. In a study conducted previously, we used μSE to discover 13 previously undocumented flaws in FlowDroid, one of the most prominent data leak detectors for Android apps. Moreover, we discovered that flaws also propagated to other tools that build upon the design or implementation of FlowDroid or its components. This article substantially extends our μSE framework and offers a new in-depth analysis of two more major tools in our 2020 study; we find 12 new, undocumented flaws and demonstrate that all 25 flaws are found in more than one tool, regardless of any inheritance-relation among the tools. Our results motivate the need for systematic discovery and documentation of unsound choices in soundy tools and demonstrate the opportunities in leveraging mutation testing in achieving this goal.
more »
« less
Mutation-based Evaluation of Cryptographic API Misuse Detectors
Thecorrectuse of cryptography is central to ensuring data security in modern software systems. Hence, several academic and commercial static analysis tools have been developed for detecting and mitigating crypto-API misuse. While developers are optimistically adopting these crypto-API misuse detectors (or crypto-detectors) in their software development cycles, this momentum must be accompanied by arigorous understanding of their effectiveness at finding crypto-API misuse in practice. This paper describes the MASC framework, which enables a systematic and data-driven evaluation of crypto-detectors using mutation testing. We ground MASC in a comprehensive view of the problem space by developing a data-driven taxonomy of existing crypto-API misuse, containing 107 misuse cases organized among nine semantic clusters. We develop 19 generalizableusage-based mutation operatorsand threemutation scopesthat can expressively instantiate thousands of compilable variants of the misuse cases for thoroughly evaluating crypto-detectors. Using MASC, in a previous study, we evaluatedninemajor crypto-detectors and discovered 19 unique, undocumented flaws that severely impact the ability of crypto-detectors to discover misuses in practice. This paper substantially extends our MASC framework and offers updated evaluation of the crypto-detectors in our 2022 study, in addition to 5 more, major crypto-detectors. Through this work, we find 6 new, undocumented flaws, and demonstrate that these flaws affect the crypto-detectors regardless of their origin; open-source community, industry, and/or research. We conclude with a discussion on the diverse perspectives that influence the design of crypto-detectors and future directions towards building security-focused crypto-detectors by design.
more »
« less
- Award ID(s):
- 2237012
- PAR ID:
- 10666815
- Publisher / Repository:
- ACM
- Date Published:
- Journal Name:
- ACM Transactions on Privacy and Security
- ISSN:
- 2471-2566
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Mobile application security has been one of the major areas of security research in the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However, existing tools, and specifically, static analysis tools, trade soundness of the analysis for precision and performance, and are hence soundy. Unfortunately, the specific unsound choices or flaws in the design of these tools are often not known or well-documented, leading to a misplaced confidence among researchers, developers, and users. This paper proposes the Mutation-based soundness evaluation (µSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix, flaws, by leveraging the well-founded practice of mutation analysis. We implement µSE as a semi-automated framework, and apply it to a set of prominent Android static analysis tools that detect private data leaks in apps. As the result of an in-depth analysis of one of the major tools, we discover 13 undocumented flaws. More importantly, we discover that all 13 flaws propagate to tools that inherit the flawed tool. We successfully fix one of the flaws in cooperation with the tool developers. Our results motivate the urgent need for systematic discovery and documentation of unsound choices in soundy tools, and demonstrate the opportunities in leveraging mutation testing in achieving this goal.more » « less
-
Cryptographic (crypto) API misuses often cause security vulnerabilities, so static and dynamic analyzers were recently proposed to detect such misuses. These analyzers differ in strengths and weaknesses, and they can miss bugs. Motivated by the inherent limitations of existing analyzers, we study runtime verification (RV) as an alternative for crypto API misuse detection. RV monitors program runs against formal specifications and was shown to be effective and efficient for amplifying the bug-finding ability of software tests. We focus on the popular JCA crypto API and write 22 RV specifications based on expert-validated rules in a static analyzer. We monitor these specifications while running tests in five benchmarks. Lastly, we compare the accuracy of our RV-based approach, RVSec, with those of three state-of-the-art crypto API misuses detectors: CogniCrypt, CryptoGuard, and CryLogger. RVSec has higher accuracy in four benchmarks and is on par with CryptoGuard in the fifth. Overall, RVSec achieves an average F1 measure of 95%, compared with 83%, 78%, and 86% for CogniCrypt, CryptoGuard, and CryLogger, respectively. We show that RV is effective for detecting crypto API misuses and highlight the strengths and limitations of these tools. We also discuss how static and dynamic analysis can complement each other for detecting crypto API misuses.more » « less
-
Regulation of cell growth and division is essential to achieve cell-size homeostasis. Recent advances in imaging technologies, such as “mother machines” for bacteria or yeast, have allowed long-term tracking of cell-size dynamics across many generations, and thus have brought major insights into the mechanisms underlying cell-size control. However, understanding the governing rules of cell growth and division within a quantitative dynamical-systems framework remains a major challenge. Here, we implement and apply a framework that makes it possible to infer stochastic-differential-equation models with Poisson noise directly from experimentally measured time series for cellular growth and division. To account for potential nonlinear memory effects, we parameterize the Poisson intensity of stochastic cell-division events in terms of both the cell’s current size and its ancestral history. By applying the algorithm to experimentally measured cell-size trajectories, we are able to quantitatively evaluate the linear one-step memory hypothesis underlying the popular “sizer,” “adder,” and “timer” models of cell homeostasis. ForEscherichia coliandBacillus subtilisbacteria,Schizosaccharomyces pombeyeast andDictyostelium discoideumamoebae, we find that in many cases, the inferred stochastic models have a substantial nonlinear memory component. This suggests a need to reevaluate and generalize some of the currently prevailing linear-memory paradigms of cell homeostasis. More broadly, the underlying inference framework is directly applicable to identify quantitative models for stochastic jump processes in a wide range of scientific disciplines.more » « less
-
Adaptation to novel environments requires genetic variation, but whether adaptation typically acts upon preexisting genetic variation or must wait for new mutations remains a fundamental question in evolutionary biology. Selection during domestication has been long used as a model to understand evolutionary processes, providing information not only on the phenotypes selected but also, in many cases, an understanding of the causal loci. For each of the causal loci that have been identified in maize, the selected allele can be found segregating in natural populations, consistent with their origin as standing genetic variation. The sole exception to this pattern is the well-characterized domestication locustga1(teosinte glume architecture1), which has long been thought to be an example of selection on a de novo mutation. Here, we use a large dataset of maize and teosinte genomes to reconstruct the origin and evolutionary history oftga1. We first estimated the age oftga1-maizeusing a genealogy-based method, finding that the allele arose approximately 42,000 to 49,000 y ago, predating the beginning of maize domestication. We also identifytga1-maizein teosinte populations, indicating that the allele can survive in the wild. Finally, we compare observed patterns of haplotype structure and mutational age distributions neartga1with simulations, finding that patterns neartga1in maize better resemble those generated under simulated selective sweeps on standing variation. These multiple lines of evidence suggest that maize domestication likely drew upon standing genetic variation attga1and cement the importance of standing variation in driving adaptation during domestication.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript
- Journal Article:
- https://doi.org/10.1145/3796221
