Intent Security Testing - An Approach to Testing the Intent-based Vulnerability of Android Components

Sébastien Salva; Stassia R. Zafimiharisoa; Patrice Laurençot

doi:10.5220/0004515203550362

Intent Security Testing - An Approach to Testing the Intent-based Vulnerability of Android Components

Sébastien Salva, Stassia R. Zafimiharisoa, Patrice Laurençot

2013

Abstract

The intent mechanism is a powerful feature of the Android platform that helps compose existing components together to build a Mobile application. However, hackers can leverage the intent messaging to extract personal data or to call components without credentials by sending malicious intents to components. This paper tackles this issue by proposing a security testing method which aims at detecting whether the components of an Android application are vulnerable to malicious intents. Our method takes Android projects and intent-based vulnerabilities formally represented with models called vulnerability patterns. The originality of our approach resides in the generation of partial specifications from configuration files and component codes to generate test cases. A tool, called APSET, is presented and evaluated with experimentations on some Android applications.

Download

Paper Citation

in Harvard Style

Salva S., R. Zafimiharisoa S. and Laurençot P. (2013). Intent Security Testing - An Approach to Testing the Intent-based Vulnerability of Android Components . In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 355-362. DOI: 10.5220/0004515203550362

in Bibtex Style

@conference{secrypt13,
author={Sébastien Salva and Stassia R. Zafimiharisoa and Patrice Laurençot},
title={Intent Security Testing - An Approach to Testing the Intent-based Vulnerability of Android Components},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},
year={2013},
pages={355-362},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004515203550362},
isbn={978-989-8565-73-0},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - Intent Security Testing - An Approach to Testing the Intent-based Vulnerability of Android Components
SN - 978-989-8565-73-0
AU - Salva S.
AU - R. Zafimiharisoa S.
AU - Laurençot P.
PY - 2013
SP - 355
EP - 362
DO - 10.5220/0004515203550362