Lintent: Towards Security Type-Checking of Android Applications - Archive ouverte HAL Access content directly
Conference Papers Year : 2013

Lintent: Towards Security Type-Checking of Android Applications

(1) , (1) , (1)
1

Abstract

The widespread adoption of Android devices has attracted the attention of a growing computer security audience. Fundamental weaknesses and subtle design flaws of the Android architecture have been identified, studied and fixed, mostly through techniques from data-flow analysis, runtime protection mechanisms, or changes to the operating system. This paper complements this research by developing a framework for the analysis of Android applications based on typing techniques. We introduce a formal calculus for reasoning on the Android inter-component communication API and a type-and-effect system to statically prevent privilege escalation attacks on well-typed components. Drawing on our abstract framework, we develop a prototype implementation of Lintent, a security type-checker for Android applications integrated with the Android Development Tools suite. We finally discuss preliminary experiences with our tool, which highlight real attacks on existing applications.
Fichier principal
Vignette du fichier
978-3-642-38592-6_20_Chapter.pdf (611.8 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01515252 , version 1 (27-04-2017)

Licence

Attribution - CC BY 4.0

Identifiers

Cite

Michele Bugliesi, Stefano Calzavara, Alvise Spanò. Lintent: Towards Security Type-Checking of Android Applications. 15th International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOOODS) / 33th International Conference on Formal Techniques for Networked and Distributed Systems (FORTE), Jun 2013, Florence, Italy. pp.289-304, ⟨10.1007/978-3-642-38592-6_20⟩. ⟨hal-01515252⟩
88 View
102 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More