Practical Exploit Generation for Intent Message Vulnerabilities in Android.
CODASPY(2015)
摘要
ABSTRACTAndroid's Inter-Component Communication (ICC) mechanism strongly relies on Intent messages. Unfortunately, due to the lack of message origin verification in Intents, application security completely relies on the programmer's skill and attention. In this paper, we advance the state of the art by developing a method to automatically detect potential vulnerabilities and, most importantly, demonstrate whether they can be exploited or not. To this end, we adopt a formal approach to automatically produce malicious payloads that can trigger dangerous behavior in vulnerable applications. We test our methods on a representative sample of applications, and we find that 29 out of 64 tested applications are potentially vulnerable, while 26 of them are automatically proven to be exploitable.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络