Artificial intelligent-based security testing of mobile application
Communication between the Android application is possible by using intent messages. An application could send intent messages to another application or receive intent messages from another application. Exploitation of an app is possible by an intent message. One of the vulnerabilities that an app...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2018
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/76177 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Communication between the Android application is possible by using intent messages. An application could send intent messages to another application or receive intent messages from another application. Exploitation of an app is possible by an intent message.
One of the vulnerabilities that an app can face is privilege escalation. An application that receives intents has a higher possibility of facing privilege escalation vulnerability. There are a few tools that help to detect vulnerabilities, but each tool has its flaws.
In this research, a further study was made to understand about intent messages and how privilege escalation happens. With that understanding, an automated tool was created using a genetic algorithm to detect and maximise the privilege escalation attack.
The tool would give a developer a deeper understanding of component encapsulation and about implicit and explicit intents. Moreover, the tool can show how the app behaviours to various incoming intents and detect potential escalation by determining which component have access to the permission API of the app. |
|---|