An empirical study of the robustness of Inter-component Communication in Android

Proceedings of the International Conference on Dependable Systems and Networks

Volumn , Issue , 2012, Pages

  Maji, Amiya K ^a   Arshad, Fahad A ^a   Bagchi, Saurabh ^a   Rellermeyer, Jan S ^b  

^a PURDUE UNIVERSITY   (United States)

^b IBM AUSTIN RESEARCH LABORATORY   (United States)

Author keywords

android; exception; fuzz; robustness; security; smartphone

Indexed keywords

ANDROID; CRITICAL DESIGN; EMPIRICAL EVALUATIONS; EMPIRICAL STUDIES; EXCEPTION; EXCEPTION HANDLING; FUZZ; FUZZ TESTING; MODULAR FRAMEWORK; MULTIPLE COMPONENTS; RUNTIMES; SECURITY; VIRTUAL MACHINES;

COMMUNICATION; COMPUTER OPERATING SYSTEMS; ROBUSTNESS (CONTROL SYSTEMS); SMARTPHONES;

ROBOTS;

EID: 84866647320     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/DSN.2012.6263963     Document Type: Conference Paper

References (28)

1. D. Gross, "Fallout continues over smartphone tracking app," December 2011. [Online]. Available: http://www.edition.cnn.com/2011/12/02/tech/ mobile/carrier-iq-reactions/
2. K. LaCapria, "iphone explodes in midair on aussie flight," November 2011. [Online]. Available: http://www.inquisitr.com/163661/iphone- explodes-in-midair-on-aussie-flight/
3. T. Lee, "At&ts samsung galaxy s2 security flaw lets you bypass the lock screen," October 2011. [Online]. Available: http://www.uberphones. com/2011/10/atts-samsung-galaxy-s2-security-flaw-lets-you-bypass-the-lock- screen/
4. D. ben Aaron, "Google android passes 50% of smartphone sales, gartner says," November 2011. [Online]. Available: http://www.businessweek. com/news/2011-11-17/google-android-passes-50-of-smartphone-sales-gartner-says. html
5. R. Golijan, "Fridge magnet poses security threat to ipad 2," April 2012. [Online]. Available: http://www.technolog.msnbc.msn.com/technology/ technolog/fridge-magnet-poses-security-threat-ipad-2-119905
6. B. P. Miller, L. Fredriksen, and B. So, "An empirical study of the reliability of unix utilities," Commun. ACM, vol. 33, pp. 32 - 44, December 1990.
7. B. P. Miller, D. Koski, C. Pheow, L. V. Maganty, R. Murthy, A. Natarajan, and J. Steidl, "Fuzz revisited: A re-examination of the reliability of unix utilities and services," University of Wisconsin-Madison, Tech. Rep., 1995.
8. J. E. Forrester and B. P. Miller, "An empirical study of the robustness of windows nt applications using random testing," in Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4. Berkeley, CA, USA: USENIX Association, 2000.
9. B. P. Miller, G. Cooksey, and F. Moore, "An empirical study of the robustness of macos applications using random testing," SIGOPS Oper. Syst. Rev., vol. 41, pp. 78 - 86, January 2007.
10. P. Koopman and J. DeVale, "The exception handling effectiveness of posix operating systems," Software Engineering, IEEE Transactions on, vol. 26, no. 9, pp. 837 - 848, sep 2000.
11. "Dalvik virtual machine," 2008. [Online]. Available: http://www.dalvikvm.com/
12. Y. Shi, K. Casey, M. A. Ertl, and D. Gregg, "Virtual machine showdown: Stack versus registers," ACM Trans. Archit. Code Optim., vol. 4, pp. 153 - 163, January 2008.
13. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, "Analyzing inter-application communication in android," in Proceedings of the 9th international conference on Mobile systems, applications, and services, ser. MobiSys '11. New York, NY, USA: ACM, 2011, pp. 239 - 252.
14. "What is android?" [Online]. Available: http://developer. android.com/guide/basics/what-is-android.html
15. "Intent fuzzer." [Online]. Available: http://www.isecpartners. com/mobile-security-tools/intent-fuzzer.html
16. "Intent class overview." [Online]. Available: http://developer.android.com/reference/android/content/Intent-.html
17. B. Beizer, Black-Box Testing: Techniques for Functional Testing of Software and Systems. Verlag John Wiley & Sons, Inc, 1995.
18. P. Godefroid, M. Y. Levin, and D. A. Molnar, "Automated whitebox fuzz testing," in Network Distributed Security Symposium (NDSS). Internet Society, 2008.
19. J. DeMott, "The evolving art of fuzzing," June 2006. [Online]. Available: http://www.vdalabs.com/tools/
20. P. Godefroid, "Random testing for security: blackbox vs. whitebox fuzzing," in Proceedings of the 2nd international workshop on Random testing: co-located with the 22nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2007), ser. RT '07. New York, NY, USA: ACM, 2007.
21. P. Oehlert, "Violating assumptions with fuzzing," Security Privacy, IEEE, vol. 3, no. 2, pp. 58 - 62, march-april 2005.
22. J. Neystadt, "Automated penetration testing with white-box fuzzing," February 2008. [Online]. Available: http://msdn.microsoft.com/en- us/library/cc162782.aspx
23. A. Johansson, N. Suri, and B. Murphy, "On the selection of error model(s) for os robustness evaluation," in Dependable Systems and Networks, 2007. DSN '07. 37th Annual IEEE/IFIP International Conference on, june 2007, pp. 502-511.
24. M. Sutton, A. Greene, and P. Amini, Fuzzing: Brute Force Vulnerability Discovery. Addison-Wesley Professional., 2007.
25. C. Fu, A. Milanova, B. Ryder, and D. Wonnacott, "Robustness testing of java server applications," Software Engineering, IEEE Transactions on, vol. 31, no. 4, pp. 292 - 311, april 2005.
26. C. Mulliner and C. Miller, "Injecting sms messages into smart phones for security analysis," in Proceedings of the 3rd USENIX conference on Offensive technologies, ser. WOOT'09. Berkeley, CA, USA: USENIX Association, 2009.
27. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, "A study of android application security," in Proceedings of the 20th USENIX conference on Security, ser. SEC'11. Berkeley, CA, USA: USENIX Association, 2011.
28. W. Enck, M. Ongtang, and P. McDaniel, "On lightweight mobile phone application certification," in Proceedings of the 16th ACM conference on Computer and communications security, ser. CCS '09. New York, NY, USA: ACM, 2009, pp. 235 - 245.