AutoPatchDroid: A framework for patching inter-app vulnerabilities in android application

Jiayun Xie, Xiao Fu, Xiaojiang Du, Bin Luo, Mohsen Guizani

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

11 Scopus citations

Abstract

Recently, an increasing number of inter-app attacks such as confused deputy attacks, data leakage attacks and collusion attacks spring up. However, there is no perfect defense method against them. As we all know, developers play an important role in android security, but their weak consciousness about the security may lead to inter-app attacks. Therefore, considered for developers, it is important to investigate and try to defend against such attacks in android. This paper presents typical inter-app attacks in android and proposes AutoPatchDroid, an automatic framework to find the vulnerable code in apps and patch them automatically. We firstly find the vulnerable paths from sources to sinks, sources to execution exit points, execution entry points to sinks and execution entry points to execution exit points in the application using static analysis. Then we locate the vulnerable code pieces and insert the patch code to guard against such attacks. AutoPatchDroid prevent inter-app attacks in the application level rather than modifying the kernel or framework. We use DroidBench and IccRE to evaluate our framework, and find that AutoPatchDroid could effectively secure the apps. The runtime overhead introduced by AutoPatchDroid is 1.105% on average.

Original languageEnglish
Title of host publication2017 IEEE International Conference on Communications, ICC 2017
EditorsMerouane Debbah, David Gesbert, Abdelhamid Mellouk
ISBN (Electronic)9781467389990
DOIs
StatePublished - 28 Jul 2017
Event2017 IEEE International Conference on Communications, ICC 2017 - Paris, France
Duration: 21 May 201725 May 2017

Publication series

NameIEEE International Conference on Communications
ISSN (Print)1550-3607

Conference

Conference2017 IEEE International Conference on Communications, ICC 2017
Country/TerritoryFrance
CityParis
Period21/05/1725/05/17

Keywords

  • Android
  • Bytecode Rewriting
  • Inter-App Attack
  • Static Analysis

Fingerprint

Dive into the research topics of 'AutoPatchDroid: A framework for patching inter-app vulnerabilities in android application'. Together they form a unique fingerprint.

Cite this