A central aspect of the Android platform is Inter-Component Communication (ICC), which allows the reuse of functionality across apps and components through message passing. While ICC is a powerful feature, it also presents a serious attack surface. This paper addresses the issue of generating exploits for a subset of Android ICC vulnerabilities (i.e., IDOS, XAS, and FI) using static analysis, Deep Reinforce-ment Learning-based dynamic analysis, and software instrumentation. Our approach, called RONIN, out-performs state-of-the-art and baseline tools in terms of the number of exploited vulnerabilities.& COPY; 2023 Elsevier Ltd. All rights reserved.

Assessing the security of inter-app communications in android through reinforcement learning

Mariano Ceccato;
2023-01-01

Abstract

A central aspect of the Android platform is Inter-Component Communication (ICC), which allows the reuse of functionality across apps and components through message passing. While ICC is a powerful feature, it also presents a serious attack surface. This paper addresses the issue of generating exploits for a subset of Android ICC vulnerabilities (i.e., IDOS, XAS, and FI) using static analysis, Deep Reinforce-ment Learning-based dynamic analysis, and software instrumentation. Our approach, called RONIN, out-performs state-of-the-art and baseline tools in terms of the number of exploited vulnerabilities.& COPY; 2023 Elsevier Ltd. All rights reserved.
2023
Security testing
Android
ICC Vulnerabilities
Software security engineering
Reinforcement learning
File in questo prodotto:
File Dimensione Formato  
cose2023.pdf

solo utenti autorizzati

Licenza: Accesso ristretto
Dimensione 2.42 MB
Formato Adobe PDF
2.42 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11562/1107387
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 0
social impact