Raindroid - A System for Run-time Mitigation of Android Intent Vulnerabilities (Poster)
Bradley Schmerl, Jeffrey Gennari,
Javier Cámara and
David Garlan.
In Symposium and Bootcamp on the Science of Security, Pittsburgh, PA, 19-21 April 2016.
Online links:   Plain Text
Abstract
| Modern frameworks are required to be extendable as well
as secure. However, these two qualities are often at odds.
In this poster we describe an approach that uses a combination of static analysis and run-time management, based
on software architecture models, that can improve security
while maintaining framework extendability. We implement
a prototype of the approach for the Android platform. Static
analysis identifi�es the architecture and communication patterns among the collection of apps on an Android device
and which communications might be vulnerable to attack.
Run-time mechanisms monitor these potentially vulnerable
communication patterns, and adapt the system to either
deny them, request explicit approval from the user, or allow them. |
Keywords: Human-in-the-loop, Rainbow, Science of Security.
|
|
