SDLI: Static Detection of Leaks Across Intents

Salvia, Rocco; Ferrara, Pietro; Spoto, Fausto; Cortesi, Agostino

doi:10.1109/trustcom/bigdatase.2018.00141

Cited by 5 publications

(3 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another static analysis tool, SDLI [28], built on top of a commercial static analyzer Julia and not publicly available, it generates XML reports for each inward and outward intent and compares XMLs reports for intent leakage. Their work is similar to ours but in our work, we are considering threat models discussed in section 3.1 that are possible with broadcast receivers.…”

Section: Related Workmentioning

confidence: 99%

“…This Constant class is in Constant2 which is in Constant3. We create double chain references for public class variable as seen in line 19 and 20, which can match double, triple or higher level chained reference as seen in line 22-25 and we create static variable chain reference with class name as shown in line 28 Despite all these rules, Our static analysis can still contain LBM instances. As discussed in section 4.1, any source files unable to parse by TXL compiler were discarded if any of those files containing the LBM instances then they were missed during the analysis and can be marked as insecure.…”

Section: Rules To Address Chained and Static Lbm Instancesmentioning

confidence: 99%

See 1 more Smart Citation

An Approach for the Identification of Information Leakage in Automotive Infotainment systems

Moiz

2023

Preprint

View full text Add to dashboard Cite

<p>This thesis presents an automated static analysis approach and tool, Android Automotive Vulnerability Droid (AAVD), that can report sensitive data flows related to app-to-app communication commonly known as Inter-Component Communication (ICC) in Android Automotive apps. It can report ICC paths that exist between multiple Android Automotive apps and provide mitigation tips to resolve those insecure ICC paths. AAVD accurately identifies insecure ICC paths and provide improved performance as compared with the state of the art tools FlowDroid and AmanDroid. Our tool decompiles the Android Package Kit (APK) files to obtain the Java source code and perform analysis on the source code, it then reports the line number in the source code containing sensitive data flows. We tested our tool on 234 Android Auto apps downloaded manually from Google play store. We show improvements in terms of performance and detection of sensitive dataleaks in Android Automotive apps. In our experiments, our tool was able to analyse 224 apps, it found 148 apps as malicious and successfully identified 1462 ICC paths in 207 app pairs.</p>

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Rules To Address Chained and Static Lbm Instancesmentioning

confidence: 99%

An Approach for the Identification of Information Leakage in Automotive Infotainment systems

Moiz

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…The Julia analyser library provides a representation of Java bytecode which is suitable for interpretation (Mandal, Cortesi, Ferrara, Panarotto, & Spoto, 2018). Julia analyses the Java source code, which are already complied into Java bytecode inside Android Studio [12].…”

Section: F Safeguardmentioning

confidence: 99%

Android Security Development: SpywareDetection, Apps Secure Level and Data Encryption Improvement

Xian¹,

Shao²,

Ming³

et al. 2019

IJACSA

View full text Add to dashboard Cite

Most Android users are unaware that their smartphones are as vulnerable as any computer, and that permission by Android users is an important part of maintaining the security of Android smartphones. We present a method that uses manifest files to determine the presence of spyware and the security level of apps. Furthermore, to ensure that no leaked data occurs in Android smartphones, we propose new method for the encryption of data from Google Suite applications.

show abstract