報告題目：Automated forensic analysis of mobile applications on Android devices
報告人：Xiaodong Lin, PhD, Associate Professor, IEEE Fellow
It is not uncommon that mobile phones are involved in criminal activities, e.g., the surreptitious collection of credit card information. Forensic analysis of mobile applications plays a crucial part in order to gather evidences against criminals. However, traditional forensic approaches, which are based on manual investigation, are not scalable to the large number of mobile applications. On the other hand, dynamic analysis is hard to automate due to the burden of setting up the proper runtime environment to accommodate OS differences and dependent libraries and activate all feasible program paths. In this talk, we introduce a fully automated tool, Fordroid for the forensic analysis of mobile applications on Android. Fordroid conducts inter-component static analysis on Android APKs and builds control flow and data dependency graphs. Furthermore, Fordroid identifies what and where information written in local storage with taint analysis. Data is located by traversing the graphs. This addresses several technique challenges, which include inter-component string propagation, string operations (e.g., append) and API invocations. Also, Fordroid identifies how the information is stored by parsing SQL commands, i.e., the structure of database tables. Finally, we selected 100 random Android applications consisting of 2841 components from four categories for evaluation. Analysis of all apps took 64 h. Fordroid discovered 469 paths in 36 applications that wrote sensitive information (e.g., GPS) to local storage. Furthermore, Fordroid successfully located where the information was written for 458 (98%) paths and identified the structure of all (22) database tables.
Xiaodong Lin received the PhD degree in Information Engineering from Beijing University of Posts and Telecommunications, China, and the PhD degree (with Outstanding Achievement in Graduate Studies Award) in Electrical and Computer Engineering from the University of Waterloo, Canada. He is currently a tenured Associate Professor at the School of Computer Science at the University of Guelph, Canada. His research interests include wireless communications and network security, computer forensics, software security, and applied cryptography. Dr. Lin serves as an Associate Editor for many international journals. He has served or is serving as a guest editor for many special issues of IEEE, Elsevier and Springer journals and as a symposium chair or track chair for IEEE/ACM conferences. He also served on many program committees. He was Chair of Communications and Information Security Technical Committee (CISTC) – IEEE Communications Society (2016-2017). He is a Fellow of the IEEE.