Vulnerability Detection on Mobile Applications Using State Machine Inference

Wesley van der Lee, Sicco Verwer

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

47 Downloads (Pure)

Abstract

Although the importance of mobile applications grows every day, recent vulnerability reports argue the application's deficiency to meet modern security standards. Testing strategies alleviate the problem by identifying security violations in software implementations. This paper proposes a novel testing methodology that applies state machine learning of mobile Android applications in combination with algorithms that discover attack paths in the learned state machine. The presence of an attack path evidences the existence of a vulnerability in the mobile application. We apply our methods to real-life apps and show that the novel methodology is capable of identifying vulnerabilities.

Original languageEnglish
Title of host publicationProceedings - 3rd IEEE European Symposium on Security and Privacy Workshops, EUROS&PW 2018
Place of PublicationLos Alamitos, CA
PublisherIEEE
Pages1-10
Number of pages10
ISBN (Electronic)978-1-5386-5445-3
DOIs
Publication statusPublished - 2018
Event3rd IEEE European Symposium on Security and Privacy Workshops: EUROS&PW 2018 - London, United Kingdom
Duration: 24 Apr 201826 Apr 2018
Conference number: 3

Conference

Conference3rd IEEE European Symposium on Security and Privacy Workshops
CountryUnited Kingdom
CityLondon
Period24/04/1826/04/18

Keywords

  • mobile application security
  • model inference
  • State machine learning
  • vulnerability detection

Fingerprint Dive into the research topics of 'Vulnerability Detection on Mobile Applications Using State Machine Inference'. Together they form a unique fingerprint.

  • Cite this

    van der Lee, W., & Verwer, S. (2018). Vulnerability Detection on Mobile Applications Using State Machine Inference. In Proceedings - 3rd IEEE European Symposium on Security and Privacy Workshops, EUROS&PW 2018 (pp. 1-10). IEEE. https://doi.org/10.1109/EuroSPW.2018.00008