Lintent: Towards Security Type-Checking of Android Applications

Abstract : The widespread adoption of Android devices has attracted the attention of a growing computer security audience. Fundamental weaknesses and subtle design flaws of the Android architecture have been identified, studied and fixed, mostly through techniques from data-flow analysis, runtime protection mechanisms, or changes to the operating system. This paper complements this research by developing a framework for the analysis of Android applications based on typing techniques. We introduce a formal calculus for reasoning on the Android inter-component communication API and a type-and-effect system to statically prevent privilege escalation attacks on well-typed components. Drawing on our abstract framework, we develop a prototype implementation of Lintent, a security type-checker for Android applications integrated with the Android Development Tools suite. We finally discuss preliminary experiences with our tool, which highlight real attacks on existing applications.
Type de document :
Communication dans un congrès
Dirk Beyer; Michele Boreale. 15th International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOOODS) / 33th International Conference on Formal Techniques for Networked and Distributed Systems (FORTE), Jun 2013, Florence, Italy. Springer, Lecture Notes in Computer Science, LNCS-7892, pp.289-304, 2013, Formal Techniques for Distributed Systems. 〈10.1007/978-3-642-38592-6_20〉
Liste complète des métadonnées

Littérature citée [16 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01515252
Contributeur : Hal Ifip <>
Soumis le : jeudi 27 avril 2017 - 10:46:55
Dernière modification le : jeudi 27 avril 2017 - 14:43:59
Document(s) archivé(s) le : vendredi 28 juillet 2017 - 12:37:54

Fichier

978-3-642-38592-6_20_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Michele Bugliesi, Stefano Calzavara, Alvise Spanò. Lintent: Towards Security Type-Checking of Android Applications. Dirk Beyer; Michele Boreale. 15th International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOOODS) / 33th International Conference on Formal Techniques for Networked and Distributed Systems (FORTE), Jun 2013, Florence, Italy. Springer, Lecture Notes in Computer Science, LNCS-7892, pp.289-304, 2013, Formal Techniques for Distributed Systems. 〈10.1007/978-3-642-38592-6_20〉. 〈hal-01515252〉

Partager

Métriques

Consultations de la notice

62

Téléchargements de fichiers

20