An empirical study of the robustness of Inter-component Communication in Android

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Authors

External Research Organisations

  • Purdue University
  • IBM Austin Research Laboratory
View graph of relations

Details

Original languageEnglish
Title of host publication2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012
Pages1-12
Number of pages12
Publication statusPublished - 2012
Externally publishedYes
Event42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012 - , United States
Duration: 25 Jun 201228 Jun 2012

Abstract

Over the last three years, Android has established itself as the largest-selling operating system for smartphones. It boasts of a Linux-based robust kernel, a modular framework with multiple components in each application, and a security-conscious design where each application is isolated in its own virtual machine. However, all of these desirable properties would be rendered ineffectual if an application were to deliver erroneous messages to targeted applications and thus cause the target to behave incorrectly. In this paper, we present an empirical evaluation of the robustness of Inter-component Communication (ICC) in Android through fuzz testing methodology, whereby, parameters of the inter-component communication are changed to various incorrect values. We show that not only exception handling is a rarity in Android applications, but also it is possible to crash the Android runtime from unprivileged user processes. Based on our observations, we highlight some of the critical design issues in Android ICC and suggest solutions to alleviate these problems.

Keywords

    android, exception, fuzz, robustness, security, smartphone

Cite this

An empirical study of the robustness of Inter-component Communication in Android. / Maji, Amiya K.; Arshad, Fahad A.; Bagchi, Saurabh et al.
2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012. 2012. p. 1-12.

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Maji, AK, Arshad, FA, Bagchi, S & Rellermeyer, J 2012, An empirical study of the robustness of Inter-component Communication in Android. in 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012. pp. 1-12, 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012, United States, 25 Jun 2012. https://doi.org/10.1109/DSN.2012.6263963
Maji, A. K., Arshad, F. A., Bagchi, S., & Rellermeyer, J. (2012). An empirical study of the robustness of Inter-component Communication in Android. In 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012 (pp. 1-12) https://doi.org/10.1109/DSN.2012.6263963
Maji AK, Arshad FA, Bagchi S, Rellermeyer J. An empirical study of the robustness of Inter-component Communication in Android. In 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012. 2012. p. 1-12 doi: 10.1109/DSN.2012.6263963
Maji, Amiya K. ; Arshad, Fahad A. ; Bagchi, Saurabh et al. / An empirical study of the robustness of Inter-component Communication in Android. 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012. 2012. pp. 1-12
Download
@inproceedings{505dbf30f0ec436fa3af16d7028a68eb,
title = "An empirical study of the robustness of Inter-component Communication in Android",
abstract = "Over the last three years, Android has established itself as the largest-selling operating system for smartphones. It boasts of a Linux-based robust kernel, a modular framework with multiple components in each application, and a security-conscious design where each application is isolated in its own virtual machine. However, all of these desirable properties would be rendered ineffectual if an application were to deliver erroneous messages to targeted applications and thus cause the target to behave incorrectly. In this paper, we present an empirical evaluation of the robustness of Inter-component Communication (ICC) in Android through fuzz testing methodology, whereby, parameters of the inter-component communication are changed to various incorrect values. We show that not only exception handling is a rarity in Android applications, but also it is possible to crash the Android runtime from unprivileged user processes. Based on our observations, we highlight some of the critical design issues in Android ICC and suggest solutions to alleviate these problems.",
keywords = "android, exception, fuzz, robustness, security, smartphone",
author = "Maji, {Amiya K.} and Arshad, {Fahad A.} and Saurabh Bagchi and Jan Rellermeyer",
year = "2012",
doi = "10.1109/DSN.2012.6263963",
language = "English",
isbn = "9781467316248",
pages = "1--12",
booktitle = "2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012",
note = "42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012 ; Conference date: 25-06-2012 Through 28-06-2012",

}

Download

TY - GEN

T1 - An empirical study of the robustness of Inter-component Communication in Android

AU - Maji, Amiya K.

AU - Arshad, Fahad A.

AU - Bagchi, Saurabh

AU - Rellermeyer, Jan

PY - 2012

Y1 - 2012

N2 - Over the last three years, Android has established itself as the largest-selling operating system for smartphones. It boasts of a Linux-based robust kernel, a modular framework with multiple components in each application, and a security-conscious design where each application is isolated in its own virtual machine. However, all of these desirable properties would be rendered ineffectual if an application were to deliver erroneous messages to targeted applications and thus cause the target to behave incorrectly. In this paper, we present an empirical evaluation of the robustness of Inter-component Communication (ICC) in Android through fuzz testing methodology, whereby, parameters of the inter-component communication are changed to various incorrect values. We show that not only exception handling is a rarity in Android applications, but also it is possible to crash the Android runtime from unprivileged user processes. Based on our observations, we highlight some of the critical design issues in Android ICC and suggest solutions to alleviate these problems.

AB - Over the last three years, Android has established itself as the largest-selling operating system for smartphones. It boasts of a Linux-based robust kernel, a modular framework with multiple components in each application, and a security-conscious design where each application is isolated in its own virtual machine. However, all of these desirable properties would be rendered ineffectual if an application were to deliver erroneous messages to targeted applications and thus cause the target to behave incorrectly. In this paper, we present an empirical evaluation of the robustness of Inter-component Communication (ICC) in Android through fuzz testing methodology, whereby, parameters of the inter-component communication are changed to various incorrect values. We show that not only exception handling is a rarity in Android applications, but also it is possible to crash the Android runtime from unprivileged user processes. Based on our observations, we highlight some of the critical design issues in Android ICC and suggest solutions to alleviate these problems.

KW - android

KW - exception

KW - fuzz

KW - robustness

KW - security

KW - smartphone

U2 - 10.1109/DSN.2012.6263963

DO - 10.1109/DSN.2012.6263963

M3 - Conference contribution

SN - 9781467316248

SP - 1

EP - 12

BT - 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012

T2 - 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012

Y2 - 25 June 2012 through 28 June 2012

ER -

By the same author(s)

  1. Brug: An Adaptive Memory (Re-)Allocator

    Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

  2. Is Your Anomaly Detector Ready for Change? Adapting AIOps Solutions to the Real World

    Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

  3. Toward Competitive Serverless Deep Learning

    Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

  4. The Performance of Distributed Applications: A Traffic Shaping Perspective

    Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

  5. Log Parsing Evaluation in the Era of Modern Software Systems

    Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review