Abstract
Inter-component communication (ICC) among Android apps is shown to be the source of many security vulnerabilities. Prior research has developed compositional analyses to detect the existence of ICC vulnerabilities in a set of installed apps. However, they all lack the ability to efficiently respond to incremental system changes—such as adding/removing apps. Every time the system changes, the entire analysis has to be repeated, making them too expensive for practical use, given the frequency with which apps are updated, installed, and removed on a typical Android device. This paper presents a novel technique, dubbed FLAIR, for efficient, yet formally precise, security analysis of Android apps in response to incremental system changes. Leveraging the fact that the changes are likely to impact only a small fraction of the prior analysis results, FLAIR recomputes the analysis only where required, thereby greatly improving analysis performance without sacrificing the soundness and completeness thereof. Our experimental results using numerous collections of real-world apps corroborate that FLAIR can provide an order of magnitude speedup over prior techniques.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
