In the component communication of Android application, the risk that Intent can be constructed by attackers may result in malicious component injection. To solve this problem, we develop IntentSoot, a prototype for detecting Intent injection vulnerability in both public components and private components for Android applications based on static taint analysis. It first builds call graph and control flow graph of Android application, and then tracks the taint propagation within a component, between components and during the reflection call to detect the potential Intent injection vulnerability. Experimental results validate the effectiveness of IntentSoot in various kinds of applications.
CITATION STYLE
Xiong, B., Xiang, G., Du, T., He, J. S., & Ji, S. (2017). Static taint analysis method for intent injection vulnerability in android applications. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10581 LNCS, pp. 16–31). Springer Verlag. https://doi.org/10.1007/978-3-319-69471-9_2
Mendeley helps you to discover research relevant for your work.