Reference : Automatically Exploiting Potential Component Leaks in Android Applications
Reports : Internal report
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/16914
Automatically Exploiting Potential Component Leaks in Android Applications
English
Li, Li mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Bartel, Alexandre mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Klein, Jacques mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Le Traon, Yves mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
4-Jun-2014
SnT
10
978-2-87971-133-1
TR-SnT-2014-13
Luxembourg
Luxembourg
[en] Data-flow analysis ; Potential Component leaks ; PCLeaks
[en] We present PCLeaks, a tool based on inter- component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks (e.g., another component can potentially exploit the leak). To evaluate our approach, we run PCLeaks on 2000 apps, randomly selected from Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks.
SnT
Fonds National de la Recherche - FnR
Researchers ; Professionals ; Students ; General public ; Others
http://hdl.handle.net/10993/16914
Technical Report

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
tr-pcLeaks.pdfPublisher postprint920.44 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.