Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis
作者: Damien Octeau , Yves Le Traon , Eric Bodden , Alexandre Bartel , Patrick McDaniel
DOI:
关键词:
摘要: Many threats present in smartphones are the result of interactions between application components, not just artifacts single components. However, current techniques for identifying inter-application communication ad hoc and do scale to large numbers applications. In this paper, we reduce discovery inter-component (ICC) an instance Interprocedural Distributive Environment (IDE) problem, develop a sound static analysis technique targeted Android platform. We apply 1,200 applications selected from Play store characterize locations substance their ICC. Experiments show that full specifications ICC can be identified over 93% studied. Further scales well; each took on average 113 seconds complete. Epicc, resulting tool, finds vulnerabilities with far fewer false positives than next best tool. way, scalable vehicle extend security entire collections as well interfaces they export.
elsevier.com
tu-darmstadt.de
bodden.de
acm.org 参考文章(31)
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
William Enck, Defending users against smartphone apps: techniques and future directions international conference on information systems security. pp. 49- 70 ,(2011) , 10.1007/978-3-642-25560-1_3
Adrienne Porter Felt, Kate Greenwood, David Wagner, The effectiveness of application permissions usenix conference on web application development. pp. 7- 7 ,(2011)
Ondřej Lhoták, Laurie Hendren, Scaling Java points-to analysis using SPARK compiler construction. pp. 153- 169 ,(2003) , 10.1007/3-540-36579-6_12
Raja Vallée-Rai, Etienne Gagnon, Laurie Hendren, Patrick Lam, Patrice Pominville, Vijay Sundaresan, Optimizing Java Bytecode Using the Soot Framework: Is It Feasible? compiler construction. pp. 18- 34 ,(2000) , 10.1007/3-540-46423-9_2
Shashi Shekhar, Michael Dietz, Anhei Shu, Dan S. Wallach, Yuliy Pisetsky, Quire: lightweight provenance for smart phone operating systems usenix security symposium. pp. 23- 23 ,(2011)
Aske Simon Christensen, Michael I. Schwartzbach, Anders Møller, Precise analysis of string expressions static analysis symposium. pp. 1- 18 ,(2003) , 10.5555/1760267.1760269
Alexander Moshchuk, Adrienne Porter Felt, Helen J. Wang, Erika Chin, Steven Hanna, Permission re-delegation: attacks and defenses usenix security symposium. pp. 22- 22 ,(2011)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
P McDaniel, W Enck, Not So Great Expectations: Why Application Markets Haven't Failed Security ieee symposium on security and privacy. ,vol. 8, pp. 76- 78 ,(2010) , 10.1109/MSP.2010.159