Browse > Article
http://dx.doi.org/10.7472/jksii.2019.20.4.13

Development of LLDB module for potential vulnerability analysis in iOS Application  

Kim, Min-jeong (Dept. of Computer Science & Engineering, Chungnam National Univ.)
Ryou, Jae-cheol (Dept. of Computer Science & Engineering, Chungnam National Univ.)
Publication Information
Journal of Internet Computing and Services / v.20, no.4, 2019 , pp. 13-19 More about this Journal
Abstract
In order to register an application with Apple's App Store, it must pass a rigorous verification process through the Apple verification center. That's why spyware applications are difficult to get into the App Store. However, malicious code can also be executed through normal application vulnerabilities. To prevent such attacks, research is needed to detect and analyze early to patch potential vulnerabilities in applications. To prove a potential vulnerability, it is necessary to identify the root cause of the vulnerability and analyze the exploitability. A tool for analyzing iOS applications is the debugger named LLDB, which is built into Xcode, the development tool. There are various functions in the LLDB, and these functions are also available as APIs and are also available in Python. Therefore, in this paper, we propose a method to efficiently analyze potential vulnerabilities of iOS application by using LLDB API.
Keywords
iOS; vulnerability analysis; debugger; LLDB;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Kwanghoon Choi, Myungpil Ko and Byeong-Mo Chang, "A Practical Intent Fuzzing Tool for Robustness of Inter-Component Communication in Android Apps", KSII Transactions on Internet and Information Systems, Vol.12, No.9, pp.4248-4270, 2018. http://doi.org/10.3837/tiis.2018.09.008   DOI
2 Huang, Xinyue, et al. "Fuzzing the Android Applications With HTTP/HTTPS Network Data", IEEE Access 7, pp.59951-59962, 2019. https://doi.org/10.1109/ACCESS.2019.2915339   DOI
3 Dong-Wook Kim, Kyung-Gi Na, Myung-Mook Han, Mijoo Kim, Woong Go, & Jun Hyung Park. "Malware Application Classification based on Feature Extraction and Machine Learning for Malicious Behavior Analysis in Android Platform", Journal of Internet Computing and Services, Vol.19, No.1, pp.27-36, 2018. http://doi.org/10.7472/jksii.2018.19.1.27   DOI
4 Peng, Jianshan, Mi Zhang, and Qingxian Wang. "Deduplication and Exploitability Determination of UAF Vulnerability Samples by Fast Clustering", KSII Transactions on Internet & Information Systems, Vol.10, No.10, pp.4933-4956, 2016. https://doi.org/10.3837/tiis.2016.10.016   DOI
5 Baldoni, Roberto, et al. "A survey of symbolic execution techniques", ACM Computing Surveys (CSUR) 51.3, 50, 2018. https://doi.org/10.1145/3182657
6 Marco Prandini, Marco Ramilli, "Return-Oriented Programming", IEEE Security & Privacy, Vol.10(6), pp.84-87, 2012. https://doi.org/10.1109/MSP.2012.152
7 Bletsch, Tyler, et al. "Jump-oriented programming: a new class of code-reuse attack", Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security. ACM, pp.30-40, 2011. https://doi.org/10.1145/1966913.1966919
8 Rasthofer, Siegfried, et al. "Making malory behave maliciously: Targeted fuzzing of android execution environments", 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE). IEEE, pp.300-311, 2017. https://doi.org/10.1109/ICSE.2017.35
9 Padmanabhuni, Bindu Madhavi, and Hee Beng Kuan Tan. "Auditing buffer overflow vulnerabilities using hybrid static-dynamic analysis", IET Software, Vol.10.2, pp.54-61, 2016. https://doi.org/10.1049/iet-sen.2014.0185   DOI
10 Stephens, Nick, et al. "Driller: Augmenting Fuzzing Through Selective Symbolic Execution", NDSS, Vol. 16. No.2016, pp.1-16, 2016. http://dx.doi.org/10.14722/ndss.2016.23368
11 Garcia, Laura, and Ricardo J. Rodriguez. "A Peek under the Hood of iOS Malware", 2016 11th International Conference on Availability, Reliability and Security (ARES). IEEE, pp.590-598, 2016. https://doi.org/10.1109/ARES.2016.15
12 Tam, Kimberly, et al. "The evolution of android malware and android analysis techniques", ACM Computing Surveys (CSUR), Vol.49.4, No.76, 2017. https://doi.org/10.1145/3017427
13 Machado, Pedro, Jose Campos, and Rui Abreu. "MZoltar: automatic debugging of Android applications." Proceedings of the 2013 International Workshop on Software Development Lifecycle for Mobile. ACM, pp.9-16, 2013. https://doi.org/10.1145/2501553.2501556