Abstract
Over the last three years, Android has established itself as the largest-selling operating system for smartphones. It boasts of a Linux-based robust kernel, a modular framework with multiple components in each application, and a security-conscious design where each application is isolated in its own virtual machine. However, all of these desirable properties would be rendered ineffectual if an application were to deliver erroneous messages to targeted applications and thus cause the target to behave incorrectly. In this paper, we present an empirical evaluation of the robustness of Inter-component Communication (ICC) in Android through fuzz testing methodology, whereby, parameters of the inter-component communication are changed to various incorrect values. We show that not only exception handling is a rarity in Android applications, but also it is possible to crash the Android runtime from unprivileged user processes. Based on our observations, we highlight some of the critical design issues in Android ICC and suggest solutions to alleviate these problems.
Original language | English |
---|---|
Title of host publication | 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012 |
Pages | 1-12 |
Number of pages | 12 |
DOIs | |
Publication status | Published - 2012 |
Externally published | Yes |
Event | 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012 - Boston, MA, United States Duration: 25 Jun 2012 → 28 Jun 2012 |
Conference
Conference | 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012 |
---|---|
Country/Territory | United States |
City | Boston, MA |
Period | 25/06/12 → 28/06/12 |
Keywords
- android
- exception
- fuzz
- robustness
- security
- smartphone