DocumentCode :
1799769
Title :
Automatically Exploiting Potential Component Leaks in Android Applications
Author :
Li Li ; Bartel, Alexandre ; Klein, John ; Le Traon, Yves
Author_Institution :
Univ. of Luxembourg - SnT, Luxembourg, Luxembourg
fYear :
2014
fDate :
24-26 Sept. 2014
Firstpage :
388
Lastpage :
397
Abstract :
We present PCLeaks, a tool based on inter-component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be exploited by other components. To evaluate our approach, we run PCLeaks on 2000 apps randomly selected from the Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks.
Keywords :
Android (operating system); data flow analysis; invasive software; smart phones; Android applications; Google Play store; ICC vulnerabilities; PCLeaks tool; PCLeaksValidator; automatic potential-component leak exploitation; data-flow analysis; intercomponent communication vulnerabilities; Androids; Humanoid robots; Malware; Mobile communication; Receivers; Smart phones;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on
Conference_Location :
Beijing
Type :
conf
DOI :
10.1109/TrustCom.2014.50
Filename :
7011274
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=1799769
بازگشت