Abstract | ||
---|---|---|
The capability leak of Android applications is one kind of serious vulnerability. It causes other apps to leverage its functions to achieve their illegal goals. In this paper, we propose a tool which can automatically generate capability leaks' exploits of Android applications with path-sensitive symbolic execution-based static analysis and test. It can aid in reducing false positives of vulnerability analysis and help engineers find bugs. We utilize control flow graph (CFG) reduction and call graph (CG) search optimization to optimize symbolic execution, which make our tool applicable for practical apps. By applying our tool to 439 popular applications of the Wandoujia (a famous app market in China) in 2017, we found 2239 capability leaks of 16 kinds of permissions. And the average analysis time was 4 minutes per app. A demo video can be found at the website https://youtu.be/dXFMNZWxEc0 |
Year | DOI | Venue |
---|---|---|
2019 | 10.1109/ICSTW.2019.00068 | 2019 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW) |
Keywords | Field | DocType |
Tools,Smart phones,Instruments,Computer bugs,Optimization,Conferences,Search problems | Android (operating system),Control flow graph,Computer science,Vulnerability assessment,Software bug,Static analysis,Call graph,Exploit,Symbolic execution,Operating system | Conference |
ISSN | ISBN | Citations |
2159-4848 | 978-1-7281-0888-9 | 0 |
PageRank | References | Authors |
0.34 | 0 | 6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Mingsong Zhou | 1 | 2 | 1.05 |
Fanping Zeng | 2 | 10 | 7.31 |
Yu Zhang | 3 | 294 | 98.00 |
Chengcheng Lv | 4 | 4 | 1.42 |
Zhao Chen | 5 | 76 | 25.75 |
Guozhu Chen | 6 | 8 | 10.28 |