Abstract
AbstractThe Android application framework has a pervasive presence. In early 2021, Android has over $$70\%$$
70
%
share of the operating system mobile market (according to GlobalStats). Components are the main building blocks of Android Applications. These blocks communicate via a rich Inter-Component Communication (ICC) model rather than the traditional inter-process communication model. , -filters, and their resolution (matching) algorithm are main elements of the ICC. However, the resolution algorithm is not robust enough and has flaws that can lead to security breaches. In this paper, we present DLAIR, as an enrichment of the resolution algorithm to overcome its security issues. To this end, we start by presenting a formal model to express and validate the ICC semantics. This includes defining key properties guaranteeing consistent and realistic semantic states. We then demonstrate how the semantics can be used to formally validate ICC aspects and to express and check ICC system updates. We verified our proposed model and all its lemmas and theorems in the Coq Proof Assistant, a machine-assisted verification tool. We extend our semantics to develop DLAIR which is assisted by a heuristic, and lightweight tool, LekInt. This tool identifies suspicious execution paths responsible for based sensitive user-information leakage. On a dataset of 2000 real-world apps, we evaluated LekInt against Flowdroid, a state-of-the-art information leakage analysis tool. Experiments show that LekInt is more effective and efficient than Flowdroid which has a higher false-negative rate and lower false-positive rate than LekInt. Considering the dynamic context in which LekInt is designed to work, the advantage of efficiency overcomes the disadvantage of higher false-negative.
Publisher
Springer Science and Business Media LLC
Subject
Computational Mathematics,Computational Theory and Mathematics,Computer Science Applications,Numerical Analysis,Theoretical Computer Science,Software
Cited by
6 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献