Detecting and Analyzing Vulnerabilities of Android Applications Via Inter-Component Communication Analysis - دانشکده فنی و مهندسی
Detecting and Analyzing Vulnerabilities of Android Applications Via Inter-Component Communication Analysis
نوع: Type: thesis
مقطع: Segment: masters
عنوان: Title: Detecting and Analyzing Vulnerabilities of Android Applications Via Inter-Component Communication Analysis
ارائه دهنده: Provider: Azade SarveAzimi
اساتید راهنما: Supervisors: Mehdi Sakhaei Nia(Ph. D)
اساتید مشاور: Advisory Professors:
اساتید ممتحن یا داور: Examining professors or referees: Dr. Mohammad Nasiri - Dr. Morteza Yousef Sanati
زمان و تاریخ ارائه: Time and date of presentation: October 28 ,2020
مکان ارائه: Place of presentation:
چکیده: Abstract: In the modern world, smartphones have become very popular due to their attractive capabilities and features and have become an essential tool. Among the existing operating systems, Android has the largest market share due to its open source nature in terms of the number of portable devices worldwide and the number of users. For this reason attackers are encouraged to target Android devices. While Android, has its set of permissions to protect the device and resources, it does not provide a security framework to defend against any attack. As apps grow exponential, it is prohibitive for app marketplaces, such as Google App Store, to thoroughly verify if an app is legitimate or malicious. As a result, in the security mechanism provided by Android, mobile users have to check for themselves whether the application is safe to use or not, and ultimately have to decide for themselves to use this application. Therefore, academic researchers and commercial anti-malware companies have proposed many security mechanisms to address the security issues of the Android devices. Android vulnerabilities can be identified by performing control and data flow graph analysis of developed applications or developing applications. This analysis can be static or dynamic. Although static analysis tools are weak in some cases, such as code transformed malware, they are faster than dynamic analysis approaches and do not impose any overhead at runtime. The security mechanism proposed in this study is based on static analysis of Android applications that can be used as a tool to detect threats and correct them. There are various vulnerabilities in Android that are due to Android capabilities such as communication between components. One of these vulnerabilities is the use of PendingIntents, which can lead to information leakage, denial of service, collusion and privilege escalation attacks, and made it possible to abuse the permission. In this research, static analysis technique has been used to analyze and identify PendingIntent vulnerabilities. The results show that the proposed method, in addition to identifying a new type of vulnerability, has a higher speed than other tools while maintaining the existing accuracy. Key Word:Android, Security, Malware, Static Analysis, Inter-Component Communication, ICC, Pending Intent
فایل: ّFile: Download فایل