APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities. - Université Clermont Auvergne Accéder directement au contenu
Article Dans Une Revue Software Tools for Technology Transfer manuscript Année : 2014

APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities.

Résumé

The Android messaging system, called in- tent, is a mechanism that ties components together to build applications for smartphones. Intents are kinds of messages composed of actions and data, sent by a com- ponent to another component to perform several opera- tions, e.g., launching a user interface. The intent mech- anism o er a lot of exibility for developing Android applications, but it might also be used as an entry point for security attacks. The latter can be easily sent with intents to components, that can indirectly forward at- tacks to other components and so on. In this context, this paper proposes APSET, a tool for Android aPplication SEcurity Testing, which aims at detecting intent-based vulnerabilities. It takes as inputs Android applications and intent-based vulnerabilities formally expressed with models called vulnerability patterns. Then, and this is the originality of our approach, class diagrams and par- tial speci cations are automatically generated from ap- plications with algorithms re ecting some knowledge of the Android documentation. These partial speci cations avoid false positives and re ne the test result with spe- cial verdicts notifying that a component is not compli- ant to its speci cation. Furthermore, we propose a test case execution framework which supports the receipt of any exception, the detection of application crashes, and provides a nal XML test report detailing the test case verdicts. The vulnerability detection e ectiveness of APSET is evaluated with experimentations on randomly chosen Android applications of the Android Market.
Fichier principal
Vignette du fichier
sttt_2_.pdf (1.11 Mo) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-00993442 , version 1 (20-05-2014)

Identifiants

Citer

Sébastien Salva, Stassia R. Zamiharisoa. APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities.. Software Tools for Technology Transfer manuscript, 2014, 21 p. ⟨10.1007/S10009-014-0303-8⟩. ⟨hal-00993442⟩
451 Consultations
2231 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More