Prioritized analysis of inter-App communication risks

Fang Liu, Haipeng Cai, Gang Wang, Danfeng Yao, Karim O. Elish, Barbara G. Ryder

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Inter-Component Communication (ICC) enables useful interactions between mobile apps. However, misuse of ICC ex- poses users to serious threats such as intent hijacking/spoof- ing and app collusions, allowing malicious apps to access privileged user data via another app. Unfortunately, existing ICC analyses are largely incompetent in both accuracy and scale. This poster points out the need and technical challenges of prioritized analysis of inter-App ICC risks. We propose MR-Droid, a MapReduce-based computing frame- work for accurate and scalable inter-App ICC analysis in An- droid. MR-Droid extracts data-ow features between mul-Tiple communicating apps and the target apps to build a large-scale ICC graph. Our approach is to leverage the ICC graph to provide contexts for inter-App communications to produce precise alerts and prioritize risk assessments. This process requires large app-pair data, which is enabled by our MapReduce-based program analysis. Our initial exten- sive experiments on 11,996 apps from 24 app categories (13 million pairs) demonstrate the scalability of our approach.

Original languageEnglish (US)
Title of host publicationCODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery
Pages159-161
Number of pages3
ISBN (Electronic)9781450345231
DOIs
StatePublished - Mar 22 2017
Externally publishedYes
Event7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017 - Scottsdale, United States
Duration: Mar 22 2017Mar 24 2017

Publication series

NameCODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy

Conference

Conference7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017
Country/TerritoryUnited States
CityScottsdale
Period3/22/173/24/17

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Software

Fingerprint

Dive into the research topics of 'Prioritized analysis of inter-App communication risks'. Together they form a unique fingerprint.

Cite this