TY - GEN
T1 - Prioritized analysis of inter-App communication risks
AU - Liu, Fang
AU - Cai, Haipeng
AU - Wang, Gang
AU - Yao, Danfeng
AU - Elish, Karim O.
AU - Ryder, Barbara G.
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/3/22
Y1 - 2017/3/22
N2 - Inter-Component Communication (ICC) enables useful interactions between mobile apps. However, misuse of ICC ex- poses users to serious threats such as intent hijacking/spoof- ing and app collusions, allowing malicious apps to access privileged user data via another app. Unfortunately, existing ICC analyses are largely incompetent in both accuracy and scale. This poster points out the need and technical challenges of prioritized analysis of inter-App ICC risks. We propose MR-Droid, a MapReduce-based computing frame- work for accurate and scalable inter-App ICC analysis in An- droid. MR-Droid extracts data-ow features between mul-Tiple communicating apps and the target apps to build a large-scale ICC graph. Our approach is to leverage the ICC graph to provide contexts for inter-App communications to produce precise alerts and prioritize risk assessments. This process requires large app-pair data, which is enabled by our MapReduce-based program analysis. Our initial exten- sive experiments on 11,996 apps from 24 app categories (13 million pairs) demonstrate the scalability of our approach.
AB - Inter-Component Communication (ICC) enables useful interactions between mobile apps. However, misuse of ICC ex- poses users to serious threats such as intent hijacking/spoof- ing and app collusions, allowing malicious apps to access privileged user data via another app. Unfortunately, existing ICC analyses are largely incompetent in both accuracy and scale. This poster points out the need and technical challenges of prioritized analysis of inter-App ICC risks. We propose MR-Droid, a MapReduce-based computing frame- work for accurate and scalable inter-App ICC analysis in An- droid. MR-Droid extracts data-ow features between mul-Tiple communicating apps and the target apps to build a large-scale ICC graph. Our approach is to leverage the ICC graph to provide contexts for inter-App communications to produce precise alerts and prioritize risk assessments. This process requires large app-pair data, which is enabled by our MapReduce-based program analysis. Our initial exten- sive experiments on 11,996 apps from 24 app categories (13 million pairs) demonstrate the scalability of our approach.
UR - http://www.scopus.com/inward/record.url?scp=85018527679&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85018527679&partnerID=8YFLogxK
U2 - 10.1145/3029806.3029843
DO - 10.1145/3029806.3029843
M3 - Conference contribution
AN - SCOPUS:85018527679
T3 - CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy
SP - 159
EP - 161
BT - CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery
T2 - 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017
Y2 - 22 March 2017 through 24 March 2017
ER -