TWC: Medium: Collaborative: Scaling and Prioritizing Market-Sized Application Analysis

TWC：媒介：协作：扩展和优先考虑市场规模的应用程序分析

• 批准号: 1564105
• 负责人: Patrick McDaniel
• 金额: $ 54.72万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-07-01 至 2021-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1564105&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Scaling; Prioritizing

The emergence of smartphones and more generally mobile platforms as a vehicle for communication, entertainment, and commerce has led to a revolution of innovation. Markets now provide a dizzying array of applications that inform and aid every conceivable human need or desire. At the same time, application markets allow previously unknown multitudes of application developers access to user devices through fast- tracked software publishing with well-documented consequent security concerns. The science and tools for performing security analysis of applications have vastly improved over the last decade. However, market providers have limited capability to apply those analyses at scale to the massive software markets. This project is a crosscutting research, educational, and outreach plan improving the scalability and accuracy of smartphone application analysis. The research effort focuses on the creation of new techniques and algorithms to enable analysis of large bodies of applications by reducing analysis cost and prioritizing identified security vulnerabilities by their expected impact. Explored within the context of Android Intent analysis resolution, the team is developing efficient algorithms and study the computational complexity of matching application communication sources and sinks thereby supporting phone-wide information flow analysis, developing empirical models for estimating the likelihoods of inter-component communication, and exploring features and metrics indicating their potential security impacts communication pathways. The approaches are being applied to a commercial markets (Apple iOS) and domains (web, desktop, and server environments) and massive application data sets.

智能手机和更普遍的移动平台作为通信、娱乐和商业工具的出现引发了一场创新革命。现在市场提供了一系列令人眼花缭乱的应用程序，这些应用程序可以满足和帮助每一种可以想象的人类需求或愿望。与此同时，应用程序市场允许以前未知的大量应用程序开发人员通过快速跟踪的软件发布访问用户设备，并记录了随之而来的安全问题。在过去十年中，用于执行应用程序安全分析的科学和工具有了很大的进步。然而，市场提供商将这些分析大规模应用于大规模软件市场的能力有限。该项目是一个跨领域的研究、教育和推广计划，旨在提高智能手机应用程序分析的可扩展性和准确性。研究工作的重点是创建新技术和算法，通过降低分析成本并根据预期影响对已识别的安全漏洞进行优先级排序，从而能够对大型应用程序进行分析。 在 Android Intent 分析解决方案的背景下进行探索，该团队正在开发高效的算法并研究匹配应用程序通信源和接收器的计算复杂性，从而支持手机范围的信息流分析，开发用于估计组件间通信可能性的经验模型，并探索表明其潜在安全影响通信路径的特征和指标。 这些方法正在应用于商业市场（Apple iOS）和领域（Web、桌面和服务器环境）以及海量应用程序数据集。