Identifying Inter-Component Communication Vulnerabilities in Event-based Systems
نویسندگان
چکیده
Event based systems are flexible, scalable, and adaptable based on its feature of non-determinism in event communication. However, this may yield security vulnerabilities in event communication between components. For example, malicious components can steal sensitive data or manipulate other components in an intended way. This paper introduces SCUTUM, a novel technique that automatically detects vulnerable event communication channels from event-based systems by combining static flow analysis and pattern matching. SCUTUM’s evaluation demonstrated that it identifies vulnerable event communication channels with higher accuracy than existing techniques from 28 real-world apps and it is applicable to the apps comprising a number of components.
منابع مشابه
Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis
Many threats present in smartphones are the result of interactions between application components, not just artifacts of single components. However, current techniques for identifying inter-application communication are ad hoc and do not scale to large numbers of applications. In this paper, we reduce the discovery of inter-component communication (ICC) in smartphones to an instance of the Inte...
متن کاملStatic Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android Applications
Android’s Inter-Component Communication (ICC) mechanism strongly relies on Intent messages. Unfortunately, due to the lack of message origin verification in Intents, implementing security policies based on message sources is hard in practice, and completely relies on the programmer’s skill and attention. In this paper, we present a framework for automatically detecting Intent input validation v...
متن کاملAutomatic detection of inter-application permission leaks in Android applications
Due to their growing prevalence, smartphones can access an increasing amount of sensitive user information. To better protect this information, modern mobile operating systems provide permission-based security, which restricts applications to only access a clearly defined subset of system APIs and user data. The Android operating system builds upon already successful permission systems, but com...
متن کاملRecent Developments in Discrete Event Systems
This article is a brief exposure of the process approach to a newly emerging area called "discrete event systems" in control theory and summarizes some of the recent developments in this area. Discrete event systems is an area of research that is developing within the interstices of computer, control and communication sciences. The basic direction of research addresses issues in the analysis an...
متن کاملOutput Synchronization of Multi-Agent Systems with Event-Driven Communication: Communication Delay and Signal Quantization
In this paper, we study the output synchronization problem of multi-agent systems with event-driven communication, in which the data transmissions among neighboring agents are event-based rather than pre-scheduled periodically. We propose a set-up for the coupled agents to achieve output synchronization with event-driven communication in the presence of constant communication delays by using sc...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2017