Show simple item record

dc.contributor.authorBai, G
dc.contributor.authorYe, Q
dc.contributor.authorWu, Y
dc.contributor.authorBotha, H
dc.contributor.authorSun, J
dc.contributor.authorLiu, Y
dc.contributor.authorDong, JS
dc.contributor.authorVisser, W
dc.date.accessioned2019-06-10T01:34:11Z
dc.date.available2019-06-10T01:34:11Z
dc.date.issued2018
dc.identifier.issn0098-5589
dc.identifier.doi10.1109/TSE.2017.2697848
dc.identifier.urihttp://hdl.handle.net/10072/384238
dc.description.abstractAs feature-rich Android applications (apps for short) are increasingly popularized in security-sensitive scenarios, methods to verify their security properties are highly desirable. Existing approaches on verifying Android apps often have limited effectiveness. For instance, static analysis often suffers from a high false-positive rate, whereas approaches based on dynamic testing are limited in coverage. In this work, we propose an alternative approach, which is to apply the software model checking technique to verify Android apps. We have built a general framework named DroidPF upon Java PathFinder (JPF), towards model checking Android apps. In the framework, we craft an executable mock-up Android OS which enables JPF to dynamically explore the concrete state spaces of the tested apps; we construct programs to generate user interaction and environmental input so as to drive the dynamic execution of the apps; and we introduce Android specific reduction techniques to help alleviate the state space explosion. DroidPF focuses on common security vulnerabilities in Android apps including sensitive data leakage involving a non-trivial flow- and context-sensitive taint-style analysis. DroidPF has been evaluated with 131 apps, which include real-world apps, third-party libraries, malware samples and benchmarks for evaluating app analysis techniques like ours. DroidPF precisely identifies nearly all of the previously known security issues and nine previously unreported vulnerabilities/bugs.
dc.description.peerreviewedYes
dc.relation.ispartofpagefrom595
dc.relation.ispartofpageto612
dc.relation.ispartofissue6
dc.relation.ispartofjournalIEEE Transactions on Software Engineering
dc.relation.ispartofvolume44
dc.subject.fieldofresearchSoftware engineering
dc.subject.fieldofresearchcode4612
dc.titleTowards Model Checking Android Applications
dc.typeJournal article
dc.type.descriptionC1 - Articles
dc.type.codeC - Journal Articles
gro.hasfulltextNo Full Text
gro.griffith.authorDong, Jin-Song


Files in this item

FilesSizeFormatView

There are no files associated with this item.

This item appears in the following Collection(s)

  • Journal articles
    Contains articles published by Griffith authors in scholarly journals.

Show simple item record