Access Type
Open Access Thesis
Date of Award
January 2019
Degree Type
Thesis
Degree Name
M.S.
Department
Computer Science
First Advisor
Amiangshu Bosu
Abstract
Security threats using intent based inter component communication (ICC) channels in Android are under constant scrutiny of software engineering researchers. Though prior research provides empirical evidence on the existence of collusive communication channels in popular android apps, little is known about developers’willful involvement and motivation to exploit these channels.To shed light on this matter, in this paper we devised a novel methodology to deterministically identify developers’ involvement in establishing collusive inter app communication channels. We incorporate static analysis and relational database technology to discover sensitive collusive channels and domain knowledge of the Android SDK to build a model to identify deterministic inter component channels between two different apps.Our results provide empirical evidence that a properly tuned model built on internal mechanism of intent based communication can accurately determine developers’potential involvement in establishing malicious communication channels. We also re-port various intriguing statistics, performance improvement of state-of-the art ICC resolution/data-flow analysis tool and interesting case studies regarding developers involvement in sensitive collusive inter app communication
Recommended Citation
Hossain, Tanzeer, "An Empirical Study On Deterministic Collusive Attack Using Inter Component Communication In Android Applications" (2019). Wayne State University Theses. 754.
https://digitalcommons.wayne.edu/oa_theses/754