As smart phones are becoming widespread over the world, relevant security problems emerge. On Android platform, some applications are granted to access some restrictive resources via system APIs. Such applications may expose this capability to the other applications without certain permissions. This will lead to permission re-delegation attacks. In this paper, we describe how this vulnerability occurs on Android through inter-process communication (IPC). We focus on a major IPC channel in Android operating system, the intent based IPC. In order to help developers decrease the possibility of their applications to be attacked, we present a static analysis tool Diordna in this paper. Diordna works on Java byte codes and finds out possible permission re-delegations from public entry points of applications. Diordna also leverages a dataflow analysis to generate intent oriented test case specifications, namely, to infer what should be contained in an intent object by which the target application will re-delegate its granted permissions. We have experimented our solution and Diordna on two pre-installed Android applications and it generates reasonable test case specifications that can be used to write testing programs.
展开▼
