Androsia - A Tool for Securing In Memory Sensitive Data
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore a novel approach to securing sensitive data in Android applications through this AppSecUSA 2017 conference talk. Learn about Androsia, a tool that uses static program analysis techniques to identify and clear security-critical objects from memory immediately after their last use. Discover how this method provides defense in depth, protecting sensitive information even after a potential app compromise. Delve into the intricacies of data flow analysis, bytecode transformation, and the implementation of flow functions to detect Last Usage Points (LUP) of objects. Gain insights into leveraging the Soot framework for Java bytecode analysis and understand the inter-procedural summary-based analysis approach. Follow along as the speaker demonstrates the practical application of Androsia on Android apps, showcasing its potential to enhance mobile application security.
Syllabus
Intro
Agenda
Main Takeaway
Garbage Collector
destroy API
static secret
background
simple
dalvik to simple
flow droid
dummy main method
design overview
stringbuilder objects
instance fields
demo
static field
method bar
output format
power method
last users point
DEF set
Dataflow equations
Recap
Instance Field Approach
Reset Methods
Github repo
Taught by
OWASP Foundation
Related Courses
Android Penetration TestingYouTube OWASP TOP 10 Mobile - Riesgos de las aplicación móviles
Udemy Android Penetration Testing
Udemy Automated Third-Party Library Detection for Android Applications - Are We There Yet?
Association for Computing Machinery (ACM) via YouTube Exploiting Android Messengers with WebRTC
nullcon via YouTube