S. Salva, Stassia R. Zafimiharisoa, Patrice Laurençot
{"title":"意图安全测试:一种测试Android组件基于意图漏洞的方法","authors":"S. Salva, Stassia R. Zafimiharisoa, Patrice Laurençot","doi":"10.5220/0004515203550362","DOIUrl":null,"url":null,"abstract":"The intent mechanism is a powerful feature of the Android platform that helps compose existing components together to build a Mobile application. However, hackers can leverage the intent messaging to extract personal data or to call components without credentials by sending malicious intents to components. This paper tackles this issue by proposing a security testing method which aims at detecting whether the components of an Android application are vulnerable to malicious intents. Our method takes Android projects and intent-based vulnerabilities formally represented with models called vulnerability patterns. The originality of our approach resides in the generation of partial specifications from configuration files and component codes to generate test cases. A tool, called APSET, is presented and evaluated with experimentations on some Android applications.","PeriodicalId":174026,"journal":{"name":"2013 International Conference on Security and Cryptography (SECRYPT)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Intent security testing: An Approach to testing the Intent-based vulnerability of Android components\",\"authors\":\"S. Salva, Stassia R. Zafimiharisoa, Patrice Laurençot\",\"doi\":\"10.5220/0004515203550362\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The intent mechanism is a powerful feature of the Android platform that helps compose existing components together to build a Mobile application. However, hackers can leverage the intent messaging to extract personal data or to call components without credentials by sending malicious intents to components. This paper tackles this issue by proposing a security testing method which aims at detecting whether the components of an Android application are vulnerable to malicious intents. Our method takes Android projects and intent-based vulnerabilities formally represented with models called vulnerability patterns. The originality of our approach resides in the generation of partial specifications from configuration files and component codes to generate test cases. A tool, called APSET, is presented and evaluated with experimentations on some Android applications.\",\"PeriodicalId\":174026,\"journal\":{\"name\":\"2013 International Conference on Security and Cryptography (SECRYPT)\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 International Conference on Security and Cryptography (SECRYPT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5220/0004515203550362\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 International Conference on Security and Cryptography (SECRYPT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5220/0004515203550362","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Intent security testing: An Approach to testing the Intent-based vulnerability of Android components
The intent mechanism is a powerful feature of the Android platform that helps compose existing components together to build a Mobile application. However, hackers can leverage the intent messaging to extract personal data or to call components without credentials by sending malicious intents to components. This paper tackles this issue by proposing a security testing method which aims at detecting whether the components of an Android application are vulnerable to malicious intents. Our method takes Android projects and intent-based vulnerabilities formally represented with models called vulnerability patterns. The originality of our approach resides in the generation of partial specifications from configuration files and component codes to generate test cases. A tool, called APSET, is presented and evaluated with experimentations on some Android applications.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
