2014 | OriginalPaper | Buchkapitel
CoChecker: Detecting Capability and Sensitive Data Leaks from Component Chains in Android
verfasst von : Xingmin Cui, Da Yu, Patrick Chan, Lucas C. K. Hui, S. M. Yiu, Sihan Qing
Erschienen in: Information Security and Privacy
Verlag: Springer International Publishing
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Studies show that malicious applications can obtain sensitive data from and perform protected operations in a mobile phone using an authorised yet vulnerable application as a deputy (referred to as privilege escalation attack). Thus it is desirable to have a checker that can help developers check whether their applications are vulnerable to these attacks. In this paper, we introduce our tool, CoChecker, to identify the leak paths (chains of components) that would lead to privilege escalation attacks using static taint analysis. We propose to build a call graph to model the execution of multiple entry points in a component and eliminate the false negatives due to the Android‘s event-driven programming paradigm. We further carry out inter-component communication through intent-tracing and formulate the call graph of the analyzed app. The evaluation of CoChecker on the state-of-the-art test suit DroidBench and randomly downloaded apps shows that it is both efficient and effective.