Access Type

Open Access Thesis

Date of Award

January 2019

Degree Type

Thesis

Degree Name

M.S.

Department

Computer Science

First Advisor

Amiangshu Bosu

Abstract

Security threats using intent based inter component communication (ICC) channels in Android are under constant scrutiny of software engineering researchers. Though prior research provides empirical evidence on the existence of collusive communication channels in popular android apps, little is known about developers’willful involvement and motivation to exploit these channels.To shed light on this matter, in this paper we devised a novel methodology to deterministically identify developers’ involvement in establishing collusive inter app communication channels. We incorporate static analysis and relational database technology to discover sensitive collusive channels and domain knowledge of the Android SDK to build a model to identify deterministic inter component channels between two different apps.Our results provide empirical evidence that a properly tuned model built on internal mechanism of intent based communication can accurately determine developers’potential involvement in establishing malicious communication channels. We also re-port various intriguing statistics, performance improvement of state-of-the art ICC resolution/data-flow analysis tool and interesting case studies regarding developers involvement in sensitive collusive inter app communication

Share

COinS