Vulhunter: Toward Discovering Vulnerabilities In Android Applications - Coimbatore
Tuesday, 1 December 2015Item details
City:
Coimbatore, Tamil Nadu
Offer type:
Offer
Item description
ABSTRACT:
With the prosperity of the Android app economy, many apps have been published and sold in various markets. However, short development cycles and insufficient security development guidelines have led to many vulnerable apps. Although some systems have been developed for automatically discovering specific vulnerabilities in apps, their effectiveness and efficiency are usually restricted because of the exponential growth of paths to examine and simplified assumptions. In this article, the authors propose a new static-analysis framework for facilitating security analysts to detect vulnerable apps from three aspects. First, they propose an app property graph (APG), a new data structure containing detailed and precise information from apps. Second, by modeling app-related vulnerabilities as graph traversals, the authors conduct graph traversals over APGs to identify vulnerable apps for easing the identification process. Third, they reduce the workload of manual verification by removing infeasible paths and generating attack inputs whenever possible. They have implemented the framework in a system named VulHunter with 9,145 lines of Java code and modeled five types of vulnerabilities. Checking 557 popular apps that are randomly collected from Google Play and have at least 1 million installations, the authors found that 375 apps (67.3 percent) have at least one vulnerability.
For more details, Contact
ph:9095395333,9159115969
Office Address:
LansA Informatics Pvt Ltd,
165, 5th Street, Cross cut road,
Gandhipuram, Coimbatore-641012
With the prosperity of the Android app economy, many apps have been published and sold in various markets. However, short development cycles and insufficient security development guidelines have led to many vulnerable apps. Although some systems have been developed for automatically discovering specific vulnerabilities in apps, their effectiveness and efficiency are usually restricted because of the exponential growth of paths to examine and simplified assumptions. In this article, the authors propose a new static-analysis framework for facilitating security analysts to detect vulnerable apps from three aspects. First, they propose an app property graph (APG), a new data structure containing detailed and precise information from apps. Second, by modeling app-related vulnerabilities as graph traversals, the authors conduct graph traversals over APGs to identify vulnerable apps for easing the identification process. Third, they reduce the workload of manual verification by removing infeasible paths and generating attack inputs whenever possible. They have implemented the framework in a system named VulHunter with 9,145 lines of Java code and modeled five types of vulnerabilities. Checking 557 popular apps that are randomly collected from Google Play and have at least 1 million installations, the authors found that 375 apps (67.3 percent) have at least one vulnerability.
For more details, Contact
ph:9095395333,9159115969
Office Address:
LansA Informatics Pvt Ltd,
165, 5th Street, Cross cut road,
Gandhipuram, Coimbatore-641012
Related ads
ATS’s Android development courses provide a comprehensive way for programmers and engineers to…
It is essential to test the security of Mobile apps, particularly if they handle sensitive…
International Workshop on Android Application Development (Coimbatore, Tamil Nadu)
•Android is an open source mobile OS led by Google. This workshop introduces about Android, the…
…Introduction to the course Progressively more device producers are changing to Android operating…
course content for android online training and class room Introduction Why Android? The Open…
Portable computing technology in the form of Smartphone’s, tablets and laptops, innovations is the…
…(+91-9325793756) www.learninghub.co.in Course Duration for Android Training Course: 10 weeks…
What is Full Stack Java? And Its Features Where is Full-Stack Java used? Nowadays Java has been the…
