Paper published in a book (Scientific congresses, symposiums and conference proceedings)
Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis
Octeau, Damien; McDaniel, Patrick; Jha, Somesh et al.
2013In Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis
Peer reviewed
 

Files


Full Text
Effective_Inter-Component_Communication_Mapping_in_Android_with_EPICC.pdf
Author preprint (1.42 MB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Abstract :
[en] Many threats present in smartphones are the result of interactions between application components, not just artifacts of single components. However, current techniques for identifying inter-application communication are ad hoc and do not scale to large numbers of ap- plications. In this paper, we reduce the discovery of inter-component communication (ICC) in smartphones to an instance of the Interprocedural Distributive Environment (IDE) problem, and develop a sound static analysis technique targeted to the Android platform. We apply this analysis to 1,200 applications selected from the Play store and characterize the locations and substance of their ICC. Experiments show that full specifications for ICC can be identified for over 93% of ICC locations for the applications studied. Further the analysis scales well; analysis of each application took on average 113 seconds to complete. Epicc, the resulting tool, finds ICC vulnerabilities with far fewer false positives than the next best tool. In this way, we develop a scalable vehicle to extend current security analysis to entire collections of applications as well as the interfaces they export.
Disciplines :
Computer science
Author, co-author :
Octeau, Damien
McDaniel, Patrick
Jha, Somesh
Bartel, Alexandre ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Bodden, Eric
Klein, Jacques ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Le Traon, Yves ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Language :
English
Title :
Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis
Publication date :
2013
Event name :
USENIX Security 2013
Event date :
August 14-16 2013
Audience :
International
Main work title :
Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis
Peer reviewed :
Peer reviewed
Available on ORBilu :
since 06 December 2013

Statistics


Number of views
565 (5 by Unilu)
Number of downloads
703 (1 by Unilu)

Scopus citations®
 
320
Scopus citations®
without self-citations
291

Bibliography


Similar publications



Contact ORBilu