loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Sébastien Salva ; Stassia R. Zafimiharisoa and Patrice Laurençot

Affiliation: PRES Clermont-Ferrand University, France

ISBN: 978-989-8565-73-0

Keyword(s): Security Testing, Android Applications, Model-based Testing.

Related Ontology Subjects/Areas/Topics: Formal Methods for Security ; Information and Systems Security ; Intrusion Detection & Prevention ; Security and Privacy in Mobile Systems ; Security Verification and Validation

Abstract: The intent mechanism is a powerful feature of the Android platform that helps compose existing components together to build a Mobile application. However, hackers can leverage the intent messaging to extract personal data or to call components without credentials by sending malicious intents to components. This paper tackles this issue by proposing a security testing method which aims at detecting whether the components of an Android application are vulnerable to malicious intents. Our method takes Android projects and intent-based vulnerabilities formally represented with models called vulnerability patterns. The originality of our approach resides in the generation of partial specifications from configuration files and component codes to generate test cases. A tool, called APSET, is presented and evaluated with experimentations on some Android applications.

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.233.217.242

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Salva, S.; R. Zafimiharisoa, S. and Laurençot, P. (2013). Intent Security Testing - An Approach to Testing the Intent-based Vulnerability of Android Components.In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 355-362. DOI: 10.5220/0004515203550362

@conference{secrypt13,
author={Sébastien Salva. and Stassia R. Zafimiharisoa. and Patrice Lauren\c{C}ot.},
title={Intent Security Testing - An Approach to Testing the Intent-based Vulnerability of Android Components},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},
year={2013},
pages={355-362},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004515203550362},
isbn={978-989-8565-73-0},
}

TY - CONF

JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - Intent Security Testing - An Approach to Testing the Intent-based Vulnerability of Android Components
SN - 978-989-8565-73-0
AU - Salva, S.
AU - R. Zafimiharisoa, S.
AU - Laurençot, P.
PY - 2013
SP - 355
EP - 362
DO - 10.5220/0004515203550362

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.