System Calls Monitoring in Android: An Approach to Detect Debuggers, Anomalies and Privacy Issues

DSpace/Manakin Repository

Show simple item record

dc.contributor.advisor Falcarin, Paolo it_IT
dc.contributor.author De Giorgi, Matteo <1994> it_IT
dc.date.accessioned 2023-02-19 it_IT
dc.date.accessioned 2023-05-23T12:50:40Z
dc.date.available 2023-05-23T12:50:40Z
dc.date.issued 2023-03-20 it_IT
dc.identifier.uri http://hdl.handle.net/10579/22776
dc.description.abstract The proposed thesis explores monitoring system calls in Android environments to detect the presence of debuggers, identify anomalies that can be indicators of security issues, and observe how user-sensitive data is handled. System calls are fundamental for every application since they are the mandatory gateway to request an action from the operating system; therefore, accessing any resource implies performing one. To achieve these goals, a system call capturing and analyzing tool named Ptracer has been developed. It places itself between an application and kernel to intercept every interaction among them and gather information like the stack backtrace and used parameters for each observed system call. Moreover, the captured information can be represented in a model based on a Nondeterministic Finite state Automaton (NFA) and refined during multiple learning iterations, effectively linking all the observed kernel interactions by a causal relationship. Such a model describes what is considered a “normal” application behaviour and will be used to detect anomalies by enforcing it during future application executions. The collected information will be extremely useful in detecting whether an external actor is trying to debug, tamper or breach the application since such attempts would alter its normal behaviour, execution speed, or pace. The final results will show how system calls interception is a rich source of information that can be used to protect the application from various attacks. Furthermore, by analyzing what actions are requested to the kernel, it is possible to determine what sensitive data the application requests and how often, with the goal of identifying privacy issues. The proposed future developments aim to reduce Ptracer’s analysis overhead, actively protect user privacy, and provide new and more sophisticated techniques for detecting MATE attacks and anomalies. These future goals will be achieved by improving the analysis quality to reach a deeper insight into the application and expanding the behavioural model by including different data types to counter a wider variety of attacks (e.g., DoS attacks). Moreover, new interception technologies like eBPF will be considered and discussed. it_IT
dc.language.iso en it_IT
dc.publisher Università Ca' Foscari Venezia it_IT
dc.rights © Matteo De Giorgi, 2023 it_IT
dc.title System Calls Monitoring in Android: An Approach to Detect Debuggers, Anomalies and Privacy Issues it_IT
dc.title.alternative System Calls Monitoring in Android: An Approach to Detect Debuggers, Anomalies and Privacy Issues it_IT
dc.type Master's Degree Thesis it_IT
dc.degree.name Informatica - computer science it_IT
dc.degree.level Laurea magistrale it_IT
dc.degree.grantor Dipartimento di Scienze Ambientali, Informatica e Statistica it_IT
dc.description.academicyear 2021/2022 - appello sessione straordinaria it_IT
dc.rights.accessrights openAccess it_IT
dc.thesis.matricno 872029 it_IT
dc.subject.miur INF/01 INFORMATICA it_IT
dc.description.note it_IT
dc.degree.discipline it_IT
dc.contributor.co-advisor it_IT
dc.date.embargoend it_IT
dc.provenance.upload Matteo De Giorgi (872029@stud.unive.it), 2023-02-19 it_IT
dc.provenance.plagiarycheck Paolo Falcarin (paolo.falcarin@unive.it), 2023-03-06 it_IT


Files in this item

This item appears in the following Collection(s)

Show simple item record