Android Permission Re-delegation Detection and Test Case Generation.
Saved in:
| Title: | Android Permission Re-delegation Detection and Test Case Generation. |
|---|---|
| Authors: | Zhong, Jiagui, Huang, Jianjun, Liang, Bin |
| Source: | 2012 International Conference on Computer Science & Service System; 1/ 1/2012, p871-874, 4p |
| Abstract: | As smart phones are becoming widespread over the world, relevant security problems emerge. On Android platform, some applications are granted to access some restrictive resources via system APIs. Such applications may expose this capability to the other applications without certain permissions. This will lead to permission re-delegation attacks. In this paper, we describe how this vulnerability occurs on Android through inter-process communication (IPC). We focus on a major IPC channel in Android operating system, the intent based IPC. In order to help developers decrease the possibility of their applications to be attacked, we present a static analysis tool Diordna in this paper. Diordna works on Java byte codes and finds out possible permission re-delegations from public entry points of applications. Diordna also leverages a dataflow analysis to generate intent oriented test case specifications, namely, to infer what should be contained in an intent object by which the target application will re-delegate its granted permissions. We have experimented our solution and Diordna on two pre-installed Android applications and it generates reasonable test case specifications that can be used to write testing programs. [ABSTRACT FROM PUBLISHER] |
| Copyright of 2012 International Conference on Computer Science & Service System is the property of IEEE and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Complementary Index |
Full Text Finder Be the first to leave a comment!