Chrome Extension
WeChat Mini Program
Use on ChatGLM

AndrAS: Automated Attack Surface Extraction for Android Applications.

2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security (QRS)(2023)

Cited 0|Views2
No score
Abstract
The attack surface of an Android application captures the set of ways in which attackers can penetrate and compromise the application. Determining the attack surface serves multiple purposes, including assessing the security of the application, identifying weak points, and prioritizing mitigation efforts. In practice, determining the attack surface of an application is still a manual effort, and can be time-consuming and error-prone. This paper introduces AndrAS, a tool for automatically extracting the attack surface of an Android app by using static analysis to identify the entry and exit points associated with five different Android artifact types. To illustrate a potential usage scenario, this study shows how an automated threat modeling technique can be driven by the obtained attack surface to generate a threat model for an Android application. The performance of AndrAS is evaluated on 390 popular apps, and its accuracy and effectiveness using two benchmarks and a real-world case study.
More
Translated text
Key words
attack surface,threat modeling,android application,security by design,DevSecOps,android security
AI Read Science
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined