Paper published in a book (Scientific congresses, symposiums and conference proceedings)
RAICC: Revealing Atypical Inter-Component Communication in Android Apps
SAMHI, Jordan; BARTEL, Alexandre; BISSYANDE, Tegawendé François D Assise et al.
2021In 43rd International Conference on Software Engineering (ICSE)
Peer reviewed
 

Files


Full Text
paper.pdf
Author preprint (394.52 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Static Analysis; Android Security
Abstract :
[en] Inter-Component Communication (ICC) is a key mechanism in Android. It enables developers to compose rich functionalities and explore reuse within and across apps. Unfortunately, as reported by a large body of literature, ICC is rather "complex and largely unconstrained", leaving room to a lack of precision in apps modeling. To address the challenge of tracking ICCs within apps, state of the art static approaches such as Epicc, IccTA and Amandroid have focused on the documented framework ICC methods (e.g., startActivity) to build their approaches. In this work we show that ICC models inferred in these state of the art tools may actually be incomplete: the framework provides other atypical ways of performing ICCs. To address this limitation in the state of the art, we propose RAICC a static approach for modeling new ICC links and thus boosting previous analysis tasks such as ICC vulnerability detection, privacy leaks detection, malware detection, etc. We have evaluated RAICC on 20 benchmark apps, demonstrating that it improves the precision and recall of uncovered leaks in state of the art tools. We have also performed a large empirical investigation showing that Atypical ICC methods are largely used in Android apps, although not necessarily for data transfer. We also show that RAICC increases the number of ICC links found by 61.6% on a dataset of real-world malicious apps, and that RAICC enables the detection of new ICC vulnerabilities.
Research center :
- Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Other
Disciplines :
Computer science
Author, co-author :
SAMHI, Jordan  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX
BARTEL, Alexandre ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal
BISSYANDE, Tegawendé François D Assise  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX
KLEIN, Jacques  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX
External co-authors :
no
Language :
English
Title :
RAICC: Revealing Atypical Inter-Component Communication in Android Apps
Publication date :
May 2021
Event name :
43rd International Conference on Software Engineering (ICSE)
Event place :
Madrid, Spain
Event date :
May 2021
Audience :
International
Main work title :
43rd International Conference on Software Engineering (ICSE)
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
FnR Project :
FNR14596679 - Dissecting Android Applications Using Static Analysis, 2020 (01/03/2020-31/10/2023) - Jordan Samhi
Funders :
FNR - Fonds National de la Recherche
Available on ORBilu :
since 04 February 2021

Statistics


Number of views
196 (45 by Unilu)
Number of downloads
104 (15 by Unilu)

Scopus citations®
 
30
Scopus citations®
without self-citations
22
OpenAlex citations
 
32
WoS citations
 
24

Bibliography


Similar publications



Contact ORBilu