Lintent: Towards Security Type-Checking of Android Applications - Formal Techniques for Distributed Systems
Conference Papers Year : 2013

Lintent: Towards Security Type-Checking of Android Applications

Abstract

The widespread adoption of Android devices has attracted the attention of a growing computer security audience. Fundamental weaknesses and subtle design flaws of the Android architecture have been identified, studied and fixed, mostly through techniques from data-flow analysis, runtime protection mechanisms, or changes to the operating system. This paper complements this research by developing a framework for the analysis of Android applications based on typing techniques. We introduce a formal calculus for reasoning on the Android inter-component communication API and a type-and-effect system to statically prevent privilege escalation attacks on well-typed components. Drawing on our abstract framework, we develop a prototype implementation of Lintent, a security type-checker for Android applications integrated with the Android Development Tools suite. We finally discuss preliminary experiences with our tool, which highlight real attacks on existing applications.
Fichier principal
Vignette du fichier
978-3-642-38592-6_20_Chapter.pdf (611.8 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01515252 , version 1 (27-04-2017)

Licence

Identifiers

Cite

Michele Bugliesi, Stefano Calzavara, Alvise Spanò. Lintent: Towards Security Type-Checking of Android Applications. 15th International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOOODS) / 33th International Conference on Formal Techniques for Networked and Distributed Systems (FORTE), Jun 2013, Florence, Italy. pp.289-304, ⟨10.1007/978-3-642-38592-6_20⟩. ⟨hal-01515252⟩
134 View
146 Download

Altmetric

Share

More