Asset Details
Do you wish to reserve the book?
A static technique for detecting input validation vulnerabilities in Android apps
Hey, we have placed the reservation for you!
By the way, why not check out events that you can attend while you pick your title.
Oops! Something went wrong.
Looks like we were not able to place the reservation. Kindly try again later.
Are you sure you want to remove the book from the shelf?
A static technique for detecting input validation vulnerabilities in Android apps
Do you wish to request the book?
A static technique for detecting input validation vulnerabilities in Android apps
Please be aware that the book you have requested cannot be checked out. If you would like to checkout this book, you can reserve another copy
We have requested the book for you!
Your request is successful and it will be processed during the Library working hours. Please check the status of your request in My Requests.
Oops! Something went wrong.
Looks like we were not able to place your request. Kindly try again later.
Journal Article
A static technique for detecting input validation vulnerabilities in Android apps
2017
Overview
Input validation vulnerabilities are common in Android apps, especially in inter-component communications. Malicious attacks can exploit this kind of vulnerability to bypass Android security mechanism and compromise the integrity, confidentiality and availability of Android devices. However, so far there is not a sound approach at the source code level for app developers aiming to detect input validation vulnerabilities in Android apps. In this paper, we propose a novel approach for detecting input validation flaws in Android apps and we implement a prototype named Easy IVD, which provides practical static analysis of Java source code.Easy IVD leverages backward program slicing to extract transaction and constraint slices from Java source code.Then Easy IVD validates these slices with predefined security rules to detect vulnerabilities in a known pattern.To detect vulnerabilities in an unknown pattern, Easy IVD extracts implicit security specifications as frequent patterns from the duplicated slices and verifies them. Then Easy IVD semi-automatically confirms the suspicious rule violations and reports the confirmed ones as vulnerabilities. We evaluate Easy IVD on four versions of original Android apps spanning from version 2.2 to 5.0. It detects 58 vulnerabilities including confused deputy attacks and denial of service attacks. Our results prove that Easy IVD can provide a practical defensive solution for app developers.
