Embedded Files
For information leakage, AFs and EFs are orthogonally separated, which implies the independence between the choice of AFs and EFs. After AFs and EFs are selected by IBEA, the EFs are categorized into two types: flow based ones or transformation based ones.
Figure 1. The state diagram of evasion on source-sink flow
Evasion based on source-sink flow. This evasion is applied in constructing BDL models, and the purpose is to complicate the flow between the source and the sink. One malicious behavior may stretch through multiple components. To ensure a valid obfuscated
flow for malicious behaviors, we identify a state diagram for state transition in Fig. 1, of which states are presented with five binary flags: L, whether the current context has the local variable of sensitive information; G whether the current context has the global variable of sensitive information; I, whether the current context has the sensitive information received from ICC; S, whether the current context has carried on the source operation; K, whether the current context has carried on the sink operation. Note that we
consider one malicious behavior is completed once it carries on a sink operation.
Evasion based on transformation. This evasion is applied after the step of code assembly. DroidChameleon can directly work with the deployment package of Android app. For the 12 transformations, we provide 12 EFs. If any EFs are selected by IBEA in step 1, we will later apply the corresponding transformations
Page updated
Google Sites
Report abuse