Feedback

An automated testing approach for inter-application security in Android

Guo, C, Xu, J, Yang, H, Zeng, Y and Xing, S (2014) 'An automated testing approach for inter-application security in Android.' In: Zhu, H, Gao, J, Sinha, S and Zhang, L, eds. AST 2014: proceedings of the 9th International Workshop on Automation of Software Test. ACM, New York, pp. 8-14. ISBN 9781450328586

Abstract

Recently, Google Android has occupied a major market share of mobile phone systems as a result of its openness for developers and richness for users. By the distribution channels of the Android market, both development and use of Android applications soar. However, the low development threshold of applications leads to weak security awareness of developers. Moreover, Android applications lack strict security standards, resulting that security crisis has become increasingly prominent. For now, an application's biggest security threat falls on its messaging mechanism between components. Once permission’s verification is neglected, it is easy to be exploited by attackers, causing immeasurable loss. We analyze the security mechanism of Android inter-application components, and accordingly construct the security rules. Specifically, a compositional approach including static and dynamic automated testing techniques is proposed to detect the security vulnerabilities caused by messaging between components. In our approach, the static part obtains rough results and some parameter information. After that, the dynamic part automatically generates attack cases for verifying these results. This approach can be used not only to discover potential weaknesses within inter-application components but also to automatically simulate attack behaviors. Thereby, the detection results’ effectiveness can be verified.

Item Type: Book Chapter or Section
Divisions: College of Liberal Arts
Date Deposited: 21 Mar 2017 18:16
Last Modified: 21 Mar 2017 18:16
Request a change to this item or report an issue Request a change to this item or report an issue
Update item (repository staff only) Update item (repository staff only)