IntentFuzzer: Detecting capability leaks of android applications

ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security

Volumn , Issue , 2014, Pages 531-536

  Yang, Kun ^a,b   Zhuge, Jianwei ^a,b   Wang, Yongke ^c   Zhou, Lujue ^a   Duan, Haixin ^a,b  

^a TSINGHUA UNIVERSITY   (China)

^b TSINGHUA NATIONAL LABORATORY FOR INFORMATION SCIENCE AND TECHNOLOGY   (China)

^c University of Chinese Academy of Sciences   (China)

Author keywords

Capability leak; Intent fuzzing; Smartphone security

Indexed keywords

ANDROID (OPERATING SYSTEM); TELEPHONE SETS;

ANDROID APPLICATIONS; ANDROID MARKETS; CAPABILITY LEAK; CLOSED SOURCE; GOOGLE PLAYS; INTENT FUZZING; SMARTPHONE SECURITIES;

MOBILE SECURITY;

EID: 84984865297     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2590296.2590316     Document Type: Conference Paper

References (11)

1. Dalvik Executable Format. http://source.android.com/devices/tech/dalvik/dex-format.html.
2. drozer. https://labs.mwrinfosecurity.com/tools/drozer/.
3. Intents and Intent Filters. http://developer.android.com/guide/components/intents-filters.html.
4. Services. http://developer.android.com/guide/components/services.html.
5. P. P. Chan, L. C. Hui, and S. Yiu. Droidchecker: analyzing android applications for capability leak. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, pages 125-136. ACM, 2012.
6. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in android. In Proceedings of the 9th international conference on Mobile systems, applications, and services, pages 239-252. ACM, 2011.
7. A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission re-delegation: Attacks and defenses. In Proceedings of the 20th USENIX Security Symposium, volume 18, pages 19-31, 2011.
8. C. Gibler, J. Crussell, J. Erickson, and H. Chen. Androidleaks: Automatically detecting potential privacy leaks in android applications on a large scale. In Trust and Trustworthy Computing, pages 291-307. Springer, 2012.
9. P. Gilbert, B.-G. Chun, L. P. Cox, and J. Jung. Vision: automated security validation of mobile apps at app markets. In Proceedings of the second international workshop on Mobile cloud computing and services, pages 21-26. ACM, 2011.
10. M. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic detection of capability leaks in stock android smartphones. In Proceedings of the 19th Annual Symposium on Network and Distributed System Security, 2012.
11. Y. Zhang, M. Yang, B. Xu, Z. Yang, G. Gu, P. Ning, X. S. Wang, and B. Zang. Vetting undesirable behaviors in android apps with permission use analysis. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 611-622. ACM, 2013.