TU Darmstadt / ULB / TUbiblio

Effective Inter-Component Communication Mapping in Android: An Essential Step Towards Holistic Security Analysis

Octeau, Damien ; McDaniel, Patrick ; Jha, Somesh ; Bartel, Alexandre ; Bodden, Eric ; Klein, Jacques ; Le Traon, Yves (2013)
Effective Inter-Component Communication Mapping in Android: An Essential Step Towards Holistic Security Analysis.
In: Proceedings of the 22nd USENIX Conference on Security
Buchkapitel, Bibliographie

Kurzbeschreibung (Abstract)

Many threats present in smartphones are the result of interactions between application components, not just artifacts of single components. However, current techniques for identifying inter-application communication are ad hoc and do not scale to large numbers of applications. In this paper, we reduce the discovery of inter-component communication (ICC) in smartphones to an instance of the Interprocedural Distributive Environment (IDE) problem, and develop a sound static analysis technique targeted to the Android platform. We apply this analysis to 1,200 applications selected from the Play store and characterize the locations and substance of their ICC. Experiments show that full specifications for ICC can be identified for over 93% of ICC locations for the applications studied. Further the analysis scales well; analysis of each application took on average 113 seconds to complete. Epicc, the resulting tool, finds ICC vulnerabilities with far fewer false positives than the next best tool. In this way, we develop a scalable vehicle to extend current security analysis to entire collections of applications as well as the interfaces they export.

Typ des Eintrags: Buchkapitel
Erschienen: 2013
Autor(en): Octeau, Damien ; McDaniel, Patrick ; Jha, Somesh ; Bartel, Alexandre ; Bodden, Eric ; Klein, Jacques ; Le Traon, Yves
Art des Eintrags: Bibliographie
Titel: Effective Inter-Component Communication Mapping in Android: An Essential Step Towards Holistic Security Analysis
Sprache: Englisch
Publikationsjahr: August 2013
Ort: Berkeley, Calif
Verlag: USENIX Association
Buchtitel: Proceedings of the 22nd USENIX Conference on Security
Reihe: SEC'13
Veranstaltungsort: Washington, DC, USA
Kurzbeschreibung (Abstract):

Many threats present in smartphones are the result of interactions between application components, not just artifacts of single components. However, current techniques for identifying inter-application communication are ad hoc and do not scale to large numbers of applications. In this paper, we reduce the discovery of inter-component communication (ICC) in smartphones to an instance of the Interprocedural Distributive Environment (IDE) problem, and develop a sound static analysis technique targeted to the Android platform. We apply this analysis to 1,200 applications selected from the Play store and characterize the locations and substance of their ICC. Experiments show that full specifications for ICC can be identified for over 93% of ICC locations for the applications studied. Further the analysis scales well; analysis of each application took on average 113 seconds to complete. Epicc, the resulting tool, finds ICC vulnerabilities with far fewer false positives than the next best tool. In this way, we develop a scalable vehicle to extend current security analysis to entire collections of applications as well as the interfaces they export.

Freie Schlagworte: Secure Architectures
ID-Nummer: TUD-CS-2013-0479
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Datenbanken und Verteilte Systeme
20 Fachbereich Informatik > Systemsicherheit
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 28 Aug 2017 12:29
Letzte Änderung: 17 Apr 2019 12:08
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen