Abstract
Although the importance of mobile applications grows every day, recent vulnerability reports argue the application's deficiency to meet modern security standards. Testing strategies alleviate the problem by identifying security violations in software implementations. This paper proposes a novel testing methodology that applies state machine learning of mobile Android applications in combination with algorithms that discover attack paths in the learned state machine. The presence of an attack path evidences the existence of a vulnerability in the mobile application. We apply our methods to real-life apps and show that the novel methodology is capable of identifying vulnerabilities.
Original language | English |
---|---|
Title of host publication | Proceedings - 3rd IEEE European Symposium on Security and Privacy Workshops, EUROS&PW 2018 |
Place of Publication | Los Alamitos, CA |
Publisher | IEEE |
Pages | 1-10 |
Number of pages | 10 |
ISBN (Electronic) | 978-1-5386-5445-3 |
DOIs | |
Publication status | Published - 2018 |
Event | 3rd IEEE European Symposium on Security and Privacy Workshops: EUROS&PW 2018 - London, United Kingdom Duration: 24 Apr 2018 → 26 Apr 2018 Conference number: 3 |
Conference
Conference | 3rd IEEE European Symposium on Security and Privacy Workshops |
---|---|
Country/Territory | United Kingdom |
City | London |
Period | 24/04/18 → 26/04/18 |
Bibliographical note
Accepted author manuscriptKeywords
- mobile application security
- model inference
- State machine learning
- vulnerability detection