Risk Analysis and Detection on Communication with Intents in Android Applications

被引：0

作者：

Yang T.-C. ^{[1
]}

Cui H.-L. ^{[1
]}

Niu S.-Z. ^{[1
]}

Huang Z.-P. ^{[1
]}

机构：

[1] School of Computer Science & Technology, Beijing University of Posts and Telecommunications, Beijing

来源：

Niu, Shao-Zhang (szniu@bupt.edu.cn) | 2017年 / Beijing Institute of Technology卷 / 37期

关键词：

Component hijacking; Data leakage; Denial of service; Intent;

D O I：

10.15918/j.tbit1001-0645.2017.06.014

中图分类号：

学科分类号：

摘要：

In order to detect the security defects caused by the intent communication in Android applications, a detection method was proposed based on the combination of dynamic test and static analysis. In static analysis phase, the internal and external intentioned components in application were detected to estimate the risk of being hijacked according to the designed method. For components requested by the Intent with Extras attribute, sensitive data and privilege leakage were checked by stain tracking analysis at last. In dynamic testing phase, according to the Intents detected in the static analysis phase, the formatted test data were constructed for the Fuzzing test and the test instructions were sent to the application installed on the test platform. And the execution logs were collected and used to determine whether a risk of service denial exists. Experimental results show that, the detection method can detect effectively and comprehensively the Intent-based security defects. © 2017, Editorial Department of Transaction of Beijing Institute of Technology. All right reserved.

引用

页码：625 / 630and636

共 9 条

[1] Common vulnerabilities and exposures
[2] Lu L., Li Z., Wu Z., Et al., CHEX: statically vetting android apps for component hijacking vulnerabilities, Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 229-240, (2012)
[3] Fu J., Li P., Yi Q., Et al., A static detection of security defects between inter-components' communication, Journal of Huangzhong University of Science and Technology: Nature, 41, pp. 259-264, (2013)
[4] Chin E., Felt A.P., Greenwood K., Et al., Analyzing inter-application communication in android, Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services and Co-located Workshops, pp. 239-252, (2011)
[5] Octeau D., McDaniel P., Jha S., Et al., Effective inter-component communication mapping in android with epicc: an essential step towards holistic security analysis, Proceedings of the 22nd Usenix Conference on Security, pp. 543-558, (2013)
[6] Wang K., Liu Q., Zhang Y., Android inter-application communication vulnerability mining technique based on fuzzing, Journal of University of Chinese Academy of Sciences, 31, 6, pp. 827-835, (2014)
[7] Haldar V., Chandra D., Franz M., Dynamic taint propagation for java, Proceedings of the 21st Annual Computer Security Applications Conference, pp. 303-311, (2005)
[8] Androguard project
[9] App store

← 1 →