Paper published in a book (Scientific congresses, symposiums and conference proceedings)
ACMiner: Extraction and Analysis of Authorization Checks inAndroid’s Middleware
Gorski III, Sigmund Albert; Andow, Benjamin; Nadkarni, Adwait et al.
2019
Peer reviewed
 

Files


Full Text
codaspy2019-acminer.pdf
Publisher postprint (293.26 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Android; policy; security
Abstract :
[en] Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android’s permission model is well studied, the enforcementof the protection policy has received relatively little attention. Much of this enforcement is spread across system services,taking the form of hard-coded checks within their implementations.In this paper, we propose Authorization Check Miner (ACMiner),a framework for evaluating the correctness of Android’s access control enforcement through consistency analysis of authorization checks. ACMiner combines program and text analysis techniques to generate a rich set of authorization checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks. In doing so, we demonstrate ACMiner’s ability to help domain experts process thousands of authorization checks scattered across millions of lines of code.
Disciplines :
Computer science
Author, co-author :
Gorski III, Sigmund Albert;  North Carolina State University
Andow, Benjamin;  North Carolina State University
Nadkarni, Adwait;  William & Mary
Manandhar, Sunil;  William & Mary
Enck, William;  North Carolina State University
Bodden, Eric;  Paderborn University
Bartel, Alexandre ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
External co-authors :
yes
Language :
English
Title :
ACMiner: Extraction and Analysis of Authorization Checks inAndroid’s Middleware
Publication date :
2019
Publisher :
ACM
Peer reviewed :
Peer reviewed
Available on ORBilu :
since 21 January 2020

Statistics


Number of views
41 (4 by Unilu)
Number of downloads
14 (1 by Unilu)

Scopus citations®
 
18
Scopus citations®
without self-citations
13
OpenCitations
 
10
WoS citations
 
7

Bibliography


Similar publications



Contact ORBilu