SEALANT: A detection and visualization tool for inter-app security vulnerabilities in androic
| Autor: | Daye Nam, Peera Yoodee, Nenad Medvidovic, Youn Kyu Lee, Arman Shahbazian |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
ComputerSystemsOrganization_COMPUTERSYSTEMIMPLEMENTATION
Exploit GeneralLiterature_INTRODUCTORYANDSURVEY Computer science Vulnerability 020207 software engineering 02 engineering and technology Static analysis Computer security computer.software_genre Visualization Information sensitivity 020204 information systems mental disorders 0202 electrical engineering electronic engineering information engineering Android (operating system) computer |
| Zdroj: | ASE |
| DOI: | 10.1109/ase.2017.8115699 |
| Popis: | Android’s flexible communication model allows interactions among third-party apps, but it also leads to inter-app security vulnerabilities. Specifically, malicious apps can eavesdrop on interactions between other apps or exploit the functionality of those apps, which can expose a user’s sensitive information to attackers. While the state-of-the-art tools have focused on detecting inter-app vulnerabilities in Android, they neither accurately analyze realistically large numbers of apps nor effectively deliver the identified issues to users. This paper presents SEALANT, a novel tool that combines static analysis and visualization techniques that, together, enable accurate identification of inter-app vulnerabilities as well as their systematic visualization. SEALANT statically analyzes architectural information of a given set of apps, infers vulnerable communication channels where inter-app attacks can be launched, and visualizes the identified information in a compositional representation. SEALANT has been demonstrated to accurately identify inter-app vulnerabilities from hundreds of real-world Android apps and to effectively deliver the identified information to users. (Demo Video: https://youtu.be/E4lLQonOdUw) |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|