APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities.
Identifieur interne : 000100 ( France/Analysis ); précédent : 000099; suivant : 000101APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities.
Auteurs : Sébastien Salva [France] ; Stassia R. Zamiharisoa [France]Source :
English descriptors
Abstract
The Android messaging system, called in- tent, is a mechanism that ties components together to build applications for smartphones. Intents are kinds of messages composed of actions and data, sent by a com- ponent to another component to perform several opera- tions, e.g., launching a user interface. The intent mech- anism o er a lot of exibility for developing Android applications, but it might also be used as an entry point for security attacks. The latter can be easily sent with intents to components, that can indirectly forward at- tacks to other components and so on. In this context, this paper proposes APSET, a tool for Android aPplication SEcurity Testing, which aims at detecting intent-based vulnerabilities. It takes as inputs Android applications and intent-based vulnerabilities formally expressed with models called vulnerability patterns. Then, and this is the originality of our approach, class diagrams and par- tial speci cations are automatically generated from ap- plications with algorithms re ecting some knowledge of the Android documentation. These partial speci cations avoid false positives and re ne the test result with spe- cial verdicts notifying that a component is not compli- ant to its speci cation. Furthermore, we propose a test case execution framework which supports the receipt of any exception, the detection of application crashes, and provides a nal XML test report detailing the test case verdicts. The vulnerability detection e ectiveness of APSET is evaluated with experimentations on randomly chosen Android applications of the Android Market.
Url:
Affiliations:
Links toward previous steps (curation, corpus...)
- to stream Hal, to step Corpus: 000021
- to stream Hal, to step Curation: 000021
- to stream Hal, to step Checkpoint: 000091
- to stream Main, to step Merge: 000302
- to stream Main, to step Curation: 000301
- to stream Main, to step Exploration: 000301
- to stream France, to step Extraction: 000100
Links to Exploration step
Hal:hal-00993442Le document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en">APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities.</title>
<author><name sortKey="Salva, Sebastien" sort="Salva, Sebastien" uniqKey="Salva S" first="Sébastien" last="Salva">Sébastien Salva</name>
<affiliation wicri:level="1"><hal:affiliation type="laboratory" xml:id="struct-857" status="VALID"><orgName>Laboratoire d'Informatique, de Modélisation et d'optimisation des Systèmes</orgName>
<orgName type="acronym">LIMOS</orgName>
<desc><address><addrLine>Bât ISIMA Campus des Cézeaux BP 10025 63173 AUBIERE cedex</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.isima.fr/limos/</ref>
</desc>
<listRelation><relation active="#struct-205618" type="direct"></relation>
<relation active="#struct-300267" type="direct"></relation>
<relation active="#struct-300404" type="direct"></relation>
<relation name="UMR6158" active="#struct-441569" type="direct"></relation>
</listRelation>
<tutelles><tutelle active="#struct-205618" type="direct"><org type="institution" xml:id="struct-205618" status="VALID"><orgName>Université Blaise Pascal - Clermont-Ferrand 2</orgName>
<orgName type="acronym">UBP</orgName>
<desc><address><addrLine>34, avenue Carnot - BP 185 - 63006 Clermont-Ferrand cedex</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.univ-bpclermont.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300267" type="direct"><org type="institution" xml:id="struct-300267" status="VALID"><orgName>Université d'Auvergne - Clermont-Ferrand I</orgName>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300404" type="direct"><org type="institution" xml:id="struct-300404" status="VALID"><orgName>Institut Français de Mécanique Avancée</orgName>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle name="UMR6158" active="#struct-441569" type="direct"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="IdRef">02636817X</idno>
<idno type="ISNI">0000000122597504</idno>
<orgName>Centre National de la Recherche Scientifique</orgName>
<orgName type="acronym">CNRS</orgName>
<date type="start">1939-10-19</date>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.cnrs.fr/</ref>
</desc>
</org>
</tutelle>
</tutelles>
</hal:affiliation>
<country>France</country>
</affiliation>
</author>
<author><name sortKey="Zamiharisoa, Stassia R" sort="Zamiharisoa, Stassia R" uniqKey="Zamiharisoa S" first="Stassia R." last="Zamiharisoa">Stassia R. Zamiharisoa</name>
<affiliation wicri:level="1"><hal:affiliation type="laboratory" xml:id="struct-857" status="VALID"><orgName>Laboratoire d'Informatique, de Modélisation et d'optimisation des Systèmes</orgName>
<orgName type="acronym">LIMOS</orgName>
<desc><address><addrLine>Bât ISIMA Campus des Cézeaux BP 10025 63173 AUBIERE cedex</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.isima.fr/limos/</ref>
</desc>
<listRelation><relation active="#struct-205618" type="direct"></relation>
<relation active="#struct-300267" type="direct"></relation>
<relation active="#struct-300404" type="direct"></relation>
<relation name="UMR6158" active="#struct-441569" type="direct"></relation>
</listRelation>
<tutelles><tutelle active="#struct-205618" type="direct"><org type="institution" xml:id="struct-205618" status="VALID"><orgName>Université Blaise Pascal - Clermont-Ferrand 2</orgName>
<orgName type="acronym">UBP</orgName>
<desc><address><addrLine>34, avenue Carnot - BP 185 - 63006 Clermont-Ferrand cedex</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.univ-bpclermont.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300267" type="direct"><org type="institution" xml:id="struct-300267" status="VALID"><orgName>Université d'Auvergne - Clermont-Ferrand I</orgName>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300404" type="direct"><org type="institution" xml:id="struct-300404" status="VALID"><orgName>Institut Français de Mécanique Avancée</orgName>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle name="UMR6158" active="#struct-441569" type="direct"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="IdRef">02636817X</idno>
<idno type="ISNI">0000000122597504</idno>
<orgName>Centre National de la Recherche Scientifique</orgName>
<orgName type="acronym">CNRS</orgName>
<date type="start">1939-10-19</date>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.cnrs.fr/</ref>
</desc>
</org>
</tutelle>
</tutelles>
</hal:affiliation>
<country>France</country>
</affiliation>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">HAL</idno>
<idno type="RBID">Hal:hal-00993442</idno>
<idno type="halId">hal-00993442</idno>
<idno type="halUri">https://hal-clermont-univ.archives-ouvertes.fr/hal-00993442</idno>
<idno type="url">https://hal-clermont-univ.archives-ouvertes.fr/hal-00993442</idno>
<date when="2014-02-27">2014-02-27</date>
<idno type="wicri:Area/Hal/Corpus">000021</idno>
<idno type="wicri:Area/Hal/Curation">000021</idno>
<idno type="wicri:Area/Hal/Checkpoint">000091</idno>
<idno type="wicri:Area/Main/Merge">000302</idno>
<idno type="wicri:Area/Main/Curation">000301</idno>
<idno type="wicri:Area/Main/Exploration">000301</idno>
<idno type="wicri:Area/France/Extraction">000100</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title xml:lang="en">APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities.</title>
<author><name sortKey="Salva, Sebastien" sort="Salva, Sebastien" uniqKey="Salva S" first="Sébastien" last="Salva">Sébastien Salva</name>
<affiliation wicri:level="1"><hal:affiliation type="laboratory" xml:id="struct-857" status="VALID"><orgName>Laboratoire d'Informatique, de Modélisation et d'optimisation des Systèmes</orgName>
<orgName type="acronym">LIMOS</orgName>
<desc><address><addrLine>Bât ISIMA Campus des Cézeaux BP 10025 63173 AUBIERE cedex</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.isima.fr/limos/</ref>
</desc>
<listRelation><relation active="#struct-205618" type="direct"></relation>
<relation active="#struct-300267" type="direct"></relation>
<relation active="#struct-300404" type="direct"></relation>
<relation name="UMR6158" active="#struct-441569" type="direct"></relation>
</listRelation>
<tutelles><tutelle active="#struct-205618" type="direct"><org type="institution" xml:id="struct-205618" status="VALID"><orgName>Université Blaise Pascal - Clermont-Ferrand 2</orgName>
<orgName type="acronym">UBP</orgName>
<desc><address><addrLine>34, avenue Carnot - BP 185 - 63006 Clermont-Ferrand cedex</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.univ-bpclermont.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300267" type="direct"><org type="institution" xml:id="struct-300267" status="VALID"><orgName>Université d'Auvergne - Clermont-Ferrand I</orgName>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300404" type="direct"><org type="institution" xml:id="struct-300404" status="VALID"><orgName>Institut Français de Mécanique Avancée</orgName>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle name="UMR6158" active="#struct-441569" type="direct"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="IdRef">02636817X</idno>
<idno type="ISNI">0000000122597504</idno>
<orgName>Centre National de la Recherche Scientifique</orgName>
<orgName type="acronym">CNRS</orgName>
<date type="start">1939-10-19</date>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.cnrs.fr/</ref>
</desc>
</org>
</tutelle>
</tutelles>
</hal:affiliation>
<country>France</country>
</affiliation>
</author>
<author><name sortKey="Zamiharisoa, Stassia R" sort="Zamiharisoa, Stassia R" uniqKey="Zamiharisoa S" first="Stassia R." last="Zamiharisoa">Stassia R. Zamiharisoa</name>
<affiliation wicri:level="1"><hal:affiliation type="laboratory" xml:id="struct-857" status="VALID"><orgName>Laboratoire d'Informatique, de Modélisation et d'optimisation des Systèmes</orgName>
<orgName type="acronym">LIMOS</orgName>
<desc><address><addrLine>Bât ISIMA Campus des Cézeaux BP 10025 63173 AUBIERE cedex</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.isima.fr/limos/</ref>
</desc>
<listRelation><relation active="#struct-205618" type="direct"></relation>
<relation active="#struct-300267" type="direct"></relation>
<relation active="#struct-300404" type="direct"></relation>
<relation name="UMR6158" active="#struct-441569" type="direct"></relation>
</listRelation>
<tutelles><tutelle active="#struct-205618" type="direct"><org type="institution" xml:id="struct-205618" status="VALID"><orgName>Université Blaise Pascal - Clermont-Ferrand 2</orgName>
<orgName type="acronym">UBP</orgName>
<desc><address><addrLine>34, avenue Carnot - BP 185 - 63006 Clermont-Ferrand cedex</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.univ-bpclermont.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300267" type="direct"><org type="institution" xml:id="struct-300267" status="VALID"><orgName>Université d'Auvergne - Clermont-Ferrand I</orgName>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300404" type="direct"><org type="institution" xml:id="struct-300404" status="VALID"><orgName>Institut Français de Mécanique Avancée</orgName>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle name="UMR6158" active="#struct-441569" type="direct"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="IdRef">02636817X</idno>
<idno type="ISNI">0000000122597504</idno>
<orgName>Centre National de la Recherche Scientifique</orgName>
<orgName type="acronym">CNRS</orgName>
<date type="start">1939-10-19</date>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.cnrs.fr/</ref>
</desc>
</org>
</tutelle>
</tutelles>
</hal:affiliation>
<country>France</country>
</affiliation>
</author>
</analytic>
</biblStruct>
</sourceDesc>
</fileDesc>
<profileDesc><textClass><keywords scheme="mix" xml:lang="en"><term>Android applications</term>
<term>intent mechanism</term>
<term>model-based testing</term>
<term>security testing</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">The Android messaging system, called in- tent, is a mechanism that ties components together to build applications for smartphones. Intents are kinds of messages composed of actions and data, sent by a com- ponent to another component to perform several opera- tions, e.g., launching a user interface. The intent mech- anism o er a lot of exibility for developing Android applications, but it might also be used as an entry point for security attacks. The latter can be easily sent with intents to components, that can indirectly forward at- tacks to other components and so on. In this context, this paper proposes APSET, a tool for Android aPplication SEcurity Testing, which aims at detecting intent-based vulnerabilities. It takes as inputs Android applications and intent-based vulnerabilities formally expressed with models called vulnerability patterns. Then, and this is the originality of our approach, class diagrams and par- tial speci cations are automatically generated from ap- plications with algorithms re ecting some knowledge of the Android documentation. These partial speci cations avoid false positives and re ne the test result with spe- cial verdicts notifying that a component is not compli- ant to its speci cation. Furthermore, we propose a test case execution framework which supports the receipt of any exception, the detection of application crashes, and provides a nal XML test report detailing the test case verdicts. The vulnerability detection e ectiveness of APSET is evaluated with experimentations on randomly chosen Android applications of the Android Market.</div>
</front>
</TEI>
<affiliations><list><country><li>France</li>
</country>
</list>
<tree><country name="France"><noRegion><name sortKey="Salva, Sebastien" sort="Salva, Sebastien" uniqKey="Salva S" first="Sébastien" last="Salva">Sébastien Salva</name>
</noRegion>
<name sortKey="Zamiharisoa, Stassia R" sort="Zamiharisoa, Stassia R" uniqKey="Zamiharisoa S" first="Stassia R." last="Zamiharisoa">Stassia R. Zamiharisoa</name>
</country>
</tree>
</affiliations>
</record>
Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Musique/explor/OperaV1/Data/France/Analysis
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000100 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/France/Analysis/biblio.hfd -nk 000100 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien |wiki= Wicri/Musique |area= OperaV1 |flux= France |étape= Analysis |type= RBID |clé= Hal:hal-00993442 |texte= APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities. }}
This area was generated with Dilib version V0.6.21. |