Paper Info
Title
Autopatchdroid: A Framework For Patching Inter-App Vulnerabilities In Android Application
Abstract
recently, an increasing number of inter-app attacks such as confused deputy attacks, data leakage attacks and collusion attacks spring up. However, there is no perfect defense method against them. As we all know, developers play an important role in android security, but their weak consciousness about the security may lead to inter-app attacks. Therefore, considered for developers, it is important to investigate and try to defend against such attacks in android. This paper presents typical inter-app attacks in android and proposes AutoPatchDroid, an automatic framework to find the vulnerable code in apps and patch them automatically. We firstly find the vulnerable paths from sources to sinks, sources to execution exit points, execution entry points to sinks and execution entry points to execution exit points in the application using static analysis. Then we locate the vulnerable code pieces and insert the patch code to guard against such attacks. AutoPatchDroid prevent inter-app attacks in the application level rather than modifying the kernel or framework. We use DroidBench and IccRE to evaluate our framework, and find that AutoPatchDroid could effectively secure the apps. The runtime overhead introduced by AutoPatchDroid is 1.105% on average.
Year
Venue
Keywords
2017
2017 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC)
Android, Static Analysis, Bytecode Rewriting, Inter-App Attack
Field
DocType
ISSN
Kernel (linear algebra),Information system,Android (operating system),Computer security,Computer science,Static analysis,Computer network,Confused deputy problem,Guard (information security),Collusion,Vulnerability
Conference
1550-3607
Citations 
PageRank 
References 
1
0.36
17
Authors
5
Name
Order
Citations
PageRank
Jiayun Xie110.36
Fu Xiao2335.81
X. Du32320241.73
Bin Luo46621.04
Mohsen Guizani56456557.44