APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities.

Abstract : The Android messaging system, called in- tent, is a mechanism that ties components together to build applications for smartphones. Intents are kinds of messages composed of actions and data, sent by a com- ponent to another component to perform several opera- tions, e.g., launching a user interface. The intent mech- anism o er a lot of exibility for developing Android applications, but it might also be used as an entry point for security attacks. The latter can be easily sent with intents to components, that can indirectly forward at- tacks to other components and so on. In this context, this paper proposes APSET, a tool for Android aPplication SEcurity Testing, which aims at detecting intent-based vulnerabilities. It takes as inputs Android applications and intent-based vulnerabilities formally expressed with models called vulnerability patterns. Then, and this is the originality of our approach, class diagrams and par- tial speci cations are automatically generated from ap- plications with algorithms re ecting some knowledge of the Android documentation. These partial speci cations avoid false positives and re ne the test result with spe- cial verdicts notifying that a component is not compli- ant to its speci cation. Furthermore, we propose a test case execution framework which supports the receipt of any exception, the detection of application crashes, and provides a nal XML test report detailing the test case verdicts. The vulnerability detection e ectiveness of APSET is evaluated with experimentations on randomly chosen Android applications of the Android Market.
Type de document :
Article dans une revue
Software Tools for Technology Transfer manuscript, 2014, 21 p. 〈10.1007/S10009-014-0303-8〉
Liste complète des métadonnées

Littérature citée [4 références]  Voir  Masquer  Télécharger

https://hal-clermont-univ.archives-ouvertes.fr/hal-00993442
Contributeur : Zafimiharisoa Resondry <>
Soumis le : mardi 20 mai 2014 - 12:16:14
Dernière modification le : jeudi 11 janvier 2018 - 06:16:31
Document(s) archivé(s) le : mercredi 20 août 2014 - 11:25:55

Fichier

sttt_2_.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Sébastien Salva, Stassia R. Zamiharisoa. APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities.. Software Tools for Technology Transfer manuscript, 2014, 21 p. 〈10.1007/S10009-014-0303-8〉. 〈hal-00993442〉

Partager

Métriques

Consultations de la notice

434

Téléchargements de fichiers

1949