A central aspect of the Android platform is Inter-Component Communication (ICC), which allows the reuse of functionality across apps and components through message passing. While ICC is a powerful feature, it also presents a serious attack surface. This paper addresses the issue of generating exploits for a subset of Android ICC vulnerabilities (i.e., IDOS, XAS, and FI) using static analysis, Deep Reinforce-ment Learning-based dynamic analysis, and software instrumentation. Our approach, called RONIN, out-performs state-of-the-art and baseline tools in terms of the number of exploited vulnerabilities.& COPY; 2023 Elsevier Ltd. All rights reserved.
Assessing the security of inter-app communications in android through reinforcement learning
Mariano Ceccato;
2023-01-01
Abstract
A central aspect of the Android platform is Inter-Component Communication (ICC), which allows the reuse of functionality across apps and components through message passing. While ICC is a powerful feature, it also presents a serious attack surface. This paper addresses the issue of generating exploits for a subset of Android ICC vulnerabilities (i.e., IDOS, XAS, and FI) using static analysis, Deep Reinforce-ment Learning-based dynamic analysis, and software instrumentation. Our approach, called RONIN, out-performs state-of-the-art and baseline tools in terms of the number of exploited vulnerabilities.& COPY; 2023 Elsevier Ltd. All rights reserved.
| File | Dimensione | Formato | |
|---|---|---|---|
|
cose2023.pdf
solo utenti autorizzati
Licenza:
Accesso ristretto
Dimensione
2.42 MB
Formato
Adobe PDF
|
2.42 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
