A SEALANT for inter-app security holes in android

Author email: younkyul@usc.edu
Tool name: SEALANT
Description: Android's communication model has a major security weakness: malicious apps can manipulate other apps into performing unintended operations and can steal end-user data, while appearing ordinary and harmless. This paper presents SEALANT, a technique that combines static analysis of app code, which infers vulnerable communication channels, with runtime monitoring of inter-app communication through those channels, which helps to prevent attacks. SEALANT's extensive evaluation demonstrates that (1) it detects and blocks inter-app attacks with high accuracy in a corpus of over 1,100 real-world apps, (2) it suffers from fewer false alarms than existing techniques in several representative scenarios, (3) its performance overhead is negligible, and (4) end-users do not find it challenging to adopt.
Bibtex: @inproceedings{10.1109/ICSE.2017.36, author = {Lee, Youn Kyu and Bang, Jae young and Safi, Gholamreza and Shahbazian, Arman and Zhao, Yixue and Medvidovic, Nenad}, title = {A SEALANT for Inter-App Security Holes in Android}, year = {2017}, isbn = {9781538638682}, publisher = {IEEE Press}, url = {https://doi.org/10.1109/ICSE.2017.36}, doi = {10.1109/ICSE.2017.36}, booktitle = {Proceedings of the 39th International Conference on Software Engineering}, pages = {312–323}, numpages = {12}, location = {Buenos Aires, Argentina}, series = {ICSE ’17} }
Link to public pdf: https://dl.acm.org/doi/abs/10.1109/ICSE.2017.36
Link to tool webpage: https://softarch.usc.edu/sealant/
Link to demo: Not provided by authors
Category: None
Year and Conference: 2017, ICSE
Terms of use