File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Article: VulHunter: Toward discovering vulnerabilities in android applications

TitleVulHunter: Toward discovering vulnerabilities in android applications
Authors
KeywordsAndroid applications
app property graph
static analysis
vulnerabilities detection
Issue Date2015
Citation
IEEE Micro, 2015, v. 35, n. 1, p. 44-53 How to Cite?
AbstractWith the prosperity of the Android app economy, many apps have been published and sold in various markets. However, short development cycles and insufficient security development guidelines have led to many vulnerable apps. Although some systems have been developed for automatically discovering specific vulnerabilities in apps, their effectiveness and efficiency are usually restricted because of the exponential growth of paths to examine and simplified assumptions. In this article, the authors propose a new static-analysis framework for facilitating security analysts to detect vulnerable apps from three aspects. First, they propose an app property graph (APG), a new data structure containing detailed and precise information from apps. Second, by modeling app-related vulnerabilities as graph traversals, the authors conduct graph traversals over APGs to identify vulnerable apps for easing the identification process. Third, they reduce the workload of manual verification by removing infeasible paths and generating attack inputs whenever possible. They have implemented the framework in a system named VulHunter with 9,145 lines of Java code and modeled five types of vulnerabilities. Checking 557 popular apps that are randomly collected from Google Play and have at least 1 million installations, the authors found that 375 apps (67.3 percent) have at least one vulnerability.
Persistent Identifierhttp://hdl.handle.net/10722/303444
ISSN
2023 Impact Factor: 2.8
2023 SCImago Journal Rankings: 1.145
ISI Accession Number ID

 

DC FieldValueLanguage
dc.contributor.authorQian, Chenxiong-
dc.contributor.authorLuo, Xiapu-
dc.contributor.authorLe, Yu-
dc.contributor.authorGu, Guofei-
dc.date.accessioned2021-09-15T08:25:19Z-
dc.date.available2021-09-15T08:25:19Z-
dc.date.issued2015-
dc.identifier.citationIEEE Micro, 2015, v. 35, n. 1, p. 44-53-
dc.identifier.issn0272-1732-
dc.identifier.urihttp://hdl.handle.net/10722/303444-
dc.description.abstractWith the prosperity of the Android app economy, many apps have been published and sold in various markets. However, short development cycles and insufficient security development guidelines have led to many vulnerable apps. Although some systems have been developed for automatically discovering specific vulnerabilities in apps, their effectiveness and efficiency are usually restricted because of the exponential growth of paths to examine and simplified assumptions. In this article, the authors propose a new static-analysis framework for facilitating security analysts to detect vulnerable apps from three aspects. First, they propose an app property graph (APG), a new data structure containing detailed and precise information from apps. Second, by modeling app-related vulnerabilities as graph traversals, the authors conduct graph traversals over APGs to identify vulnerable apps for easing the identification process. Third, they reduce the workload of manual verification by removing infeasible paths and generating attack inputs whenever possible. They have implemented the framework in a system named VulHunter with 9,145 lines of Java code and modeled five types of vulnerabilities. Checking 557 popular apps that are randomly collected from Google Play and have at least 1 million installations, the authors found that 375 apps (67.3 percent) have at least one vulnerability.-
dc.languageeng-
dc.relation.ispartofIEEE Micro-
dc.subjectAndroid applications-
dc.subjectapp property graph-
dc.subjectstatic analysis-
dc.subjectvulnerabilities detection-
dc.titleVulHunter: Toward discovering vulnerabilities in android applications-
dc.typeArticle-
dc.description.naturelink_to_subscribed_fulltext-
dc.identifier.doi10.1109/MM.2015.25-
dc.identifier.scopuseid_2-s2.0-84925070537-
dc.identifier.volume35-
dc.identifier.issue1-
dc.identifier.spage44-
dc.identifier.epage53-
dc.identifier.isiWOS:000351462300007-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats