Analysis of Android Inter-App Security Vulnerabilities Using COVERT.

Saved in:
Bibliographic Details
Title: Analysis of Android Inter-App Security Vulnerabilities Using COVERT.
Authors: Sadeghi, Alireza1 asadeghi@gmu.edu, Bagheri, Hamid1 hbagheri@gmu.edu, Malek, Sam1 smalek@gmu.edu
Source: ICSE: International Conference on Software Engineering. 2015, p725-728. 4p.
Subjects: Computer software research, Automation, Android (Operating system), Software engineering, Software engineers
Abstract: The state-of-the-art in securing mobile software systems are substantially intended to detect and mitigate vulnerabilities in a single app, but fail to identify vulnerabilities that arise due to the interaction of multiple apps, such as collusion attacks and privilege escalation chaining, shown to be quite common in the apps on the market. This paper demonstrates COVERT, a novel approach and accompanying tool-suite that relies on a hybrid static analysis and lightweight formal analysis technique to enable compositional security assessment of complex software. Through static analysis of Android application packages, it extracts relevant security specifications in an analyzable formal specification language, and checks them as a whole for inter-app vulnerabilities. To our knowledge, COVERT is the first formally-precise analysis tool for automated compositional analysis of Android apps. Our study of hundreds of Android apps revealed dozens of inter-app vulnerabilities, many of which were previously unknown. A video highlighting the main features of the tool can be found at: http://youtu.be/bMKk7OW7dGg. [ABSTRACT FROM AUTHOR]
Copyright of ICSE: International Conference on Software Engineering is the property of Association for Computing Machinery and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Links:
  – Type: pdflink
Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 111750016
AccessLevel: 6
PubType: Conference
PubTypeId: conference
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Analysis of Android Inter-App Security Vulnerabilities Using COVERT.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Sadeghi%2C+Alireza%22">Sadeghi, Alireza</searchLink><relatesTo>1</relatesTo><i> asadeghi@gmu.edu</i><br /><searchLink fieldCode="AR" term="%22Bagheri%2C+Hamid%22">Bagheri, Hamid</searchLink><relatesTo>1</relatesTo><i> hbagheri@gmu.edu</i><br /><searchLink fieldCode="AR" term="%22Malek%2C+Sam%22">Malek, Sam</searchLink><relatesTo>1</relatesTo><i> smalek@gmu.edu</i>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22ICSE%3A+International+Conference+on+Software+Engineering%22">ICSE: International Conference on Software Engineering</searchLink>. 2015, p725-728. 4p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Computer+software+research%22">Computer software research</searchLink><br /><searchLink fieldCode="DE" term="%22Automation%22">Automation</searchLink><br /><searchLink fieldCode="DE" term="%22Android+%28Operating+system%29%22">Android (Operating system)</searchLink><br /><searchLink fieldCode="DE" term="%22Software+engineering%22">Software engineering</searchLink><br /><searchLink fieldCode="DE" term="%22Software+engineers%22">Software engineers</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: The state-of-the-art in securing mobile software systems are substantially intended to detect and mitigate vulnerabilities in a single app, but fail to identify vulnerabilities that arise due to the interaction of multiple apps, such as collusion attacks and privilege escalation chaining, shown to be quite common in the apps on the market. This paper demonstrates COVERT, a novel approach and accompanying tool-suite that relies on a hybrid static analysis and lightweight formal analysis technique to enable compositional security assessment of complex software. Through static analysis of Android application packages, it extracts relevant security specifications in an analyzable formal specification language, and checks them as a whole for inter-app vulnerabilities. To our knowledge, COVERT is the first formally-precise analysis tool for automated compositional analysis of Android apps. Our study of hundreds of Android apps revealed dozens of inter-app vulnerabilities, many of which were previously unknown. A video highlighting the main features of the tool can be found at: http://youtu.be/bMKk7OW7dGg. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of ICSE: International Conference on Software Engineering is the property of Association for Computing Machinery and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=111750016
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1109/ICSE.2015.233
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 4
        StartPage: 725
    Subjects:
      – SubjectFull: Computer software research
        Type: general
      – SubjectFull: Automation
        Type: general
      – SubjectFull: Android (Operating system)
        Type: general
      – SubjectFull: Software engineering
        Type: general
      – SubjectFull: Software engineers
        Type: general
    Titles:
      – TitleFull: Analysis of Android Inter-App Security Vulnerabilities Using COVERT.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Sadeghi, Alireza
      – PersonEntity:
          Name:
            NameFull: Bagheri, Hamid
      – PersonEntity:
          Name:
            NameFull: Malek, Sam
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 01
              Text: 2015
              Type: published
              Y: 2015
          Titles:
            – TitleFull: ICSE: International Conference on Software Engineering
              Type: main
ResultId 1