JOURNAL BROWSE
Search
Advanced SearchSearch Tips
A Runtime Inspection Technique with Intent Specification for Developing Robust Android Apps
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
  • Journal title : Journal of KIISE
  • Volume 43, Issue 2,  2016, pp.212-221
  • Publisher : Korean Institute of Information Scientists and Engineers
  • DOI : 10.5626/JOK.2016.43.2.212
 Title & Authors
A Runtime Inspection Technique with Intent Specification for Developing Robust Android Apps
Ko, Myungpil; Choi, Kwanghoon; Chang, Byeong-Mo;
 
 Abstract
Android apps suffer from intent vulnerabilities in that they abnormally stop execution when Android components such as, activity, service, and broadcast receiver, take malformed intents. This paper proposes a method to prevent intent vulnerabilities by allowing programmers to write a specification on intents that a component expects to have, and by checking intents against the specification in runtime. By declaring intent specifications, we can solve the problem that one may miss writing conditional statements, which check the validity of intents, or one may mix those statements with another regular code, so making it difficult to maintain them. We perform an experiment by applying the proposed method to 7 Android apps, and confirm that many of abnormal termination of the apps because of malformed intents can be avoided by the intent specification based runtime assertion.
 Keywords
android;vulnerability;robustness;intent specification;runtime assertion;
 Language
Korean
 Cited by
 References
1.
Android APIs, [Online]. Available: http://developer.android.com.

2.
A. K. Maji, F. A. Arshad, S. Bagchi, and J. S. Rellermeyer, "An Empirical Study of the Robustness of Inter-component Communication in Android," Proc. of the 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (DSN'12), IEEE Computer society, Washington, DC, USA, pp. 1-12, 2012.

3.
J. Burns, Intent Fuzzer, [Online]. Available: https://www.isecpartners.com-/tools/mobile-security/intent-fuzzer.aspx, iSEC Partners, 2009.

4.
R. Sasnauskas and J. Regehr, "Intent Fuzzer: Crafting Intents of Death," Proc. of the 2014 Joint International Workshop on Dynamic Analysis (WODA) and Software and System Performance Testing, Debugging, and Analytics (PERTEA), pp. 1-5, San Jose, CA, 2014, ACM.

5.
F. J. Hui Ye, S. Cheng, and L. Zhang, "DroidFuzzer: Fuzzing the Android Apps with Intent-filter Tag," Proc. of International Conference on Advances in Mobile Computing & Multimedia (MoMM), pp. 68-74, Vienna, Austria, 2013, ACM.

6.
M. P. Roee Hay and O. Tripp, "Dynamic Detection of Inter-application Communication Vulnerabilities in Android," Proc. of the 2015 International Symposium on Software Testing and Analysis (ISSTA), pp. 118-128, New York, NY, USA, 2015, ACM.

7.
M. Ko, K. Choi, and B-M, Chang, "A Flexible Intent Fuzzer with an Automatic Tally of Failures for Detecting Vulnerabilities of Android App," Technical Report TR-SEP-2015-3, Sep. 2015.

8.
J. Gosling, B. Joy, G. L. Steel, G Bracha, and A. Buckley, The JavaTM Language Specification, Java SE 8 Edition. Oracle, 2014.

9.
JaeChul Ryu, Eunseon Jo, Moon-Joo Kim, Jin Kwak, Development of Mobile Software Security Testing Tool for Detecting New Android Vulnerabilities, Journal of Korea Institute of Information security and Cryptology, Vol. 25, No. 1, pp. 57-59, Feb. 2015.

10.
Sehwan Yeo, Jin Lee, Jungsun Kim, Blocking Harmful Application by Intent Monitoring in the Android Platofrm, KIISE Transactions on Computing Practices, Vol. 19, No. 5, pp. 273-277, May 2013.

11.
Min Jae Jo, Ji Sun Shin, Study on Security Vulnerabilities of Implicit Intents in Android, Journal of the Korea Institute of Information Security & Cryptology, Vol. 24, No. 6, pp. 1175-1184, Dec. 2014. crossref(new window)

12.
Joon-Seok Oh, Miyoung Kang, Jin-Young Choi, "Research on Android App API Coding Guide," Proc. of Korea Computer Congress 2010, The Korean Institute of Information Scientists and Engineers, Vol. 37, No. 2(C), pp. 129-132, Nov. 2010.

13.
Myungpil Ko, A Design and Implementation of Intent Specification Language for Robust Android Apps, MS Thesis, Computer Science in Yonsei University, Aug. 2015.

14.
Spoon-Processor for Java annotations, [Online]. Available: http://spoon.gforge.inria.fr/processor_annotations.html

15.
R. Meier, Professional Android 4 Application Development, 3rd Ed., Wrox, Hoboken, NJ, USA, 2012.

16.
Z. Mednieks, G. B. Meike, and L. Dornin, Enterprise Android: Programming Android Database Applications for the Enterprise, John Wiley & Sons, Somerset, NJ, USA, 2013.