Analysis of Inter-Component Communication in Mobile Applications Through Retargeting

Open Access
Octeau, Damien
Graduate Program:
Computer Science and Engineering
Doctor of Philosophy
Document Type:
Date of Defense:
May 28, 2014
Committee Members:
  • Patrick Drew Mcdaniel, Dissertation Advisor
  • Trent Ray Jaeger, Committee Member
  • John Joseph Hannan, Committee Member
  • Stephen George Simpson, Committee Member
  • Somesh Jha, Special Member
  • smartphone
  • security
  • application analysis
  • inter-component communication
Smart phones and tablets are becoming ubiquitous. The functionality of these smart devices can be extended through the use of third-party applications. These applications rely on sophisticated communication mechanisms to share functionality and data. This information sharing gives rise to emerging threats. Unfortunately, the distribution model of mobile applications offers little to no security guarantees. Security decisions are delegated to the end user, who often has insufficient information to make informed choices. In particular, users have no visibility over inter-application communication, which forces them to blindly trust the applications they use not to misbehave. In this work, we review our first steps in analyzing Inter-Component Communication (ICC) in mobile applications. Our method consists in first converting applications to a well-known representation to enable subsequent analysis. The result of that effort is a retargeting tool called Dare that can perform this conversion with very high accuracy and performance. The second part of our work consists in a formal model of ICC. We reduce the study of ICC to an instance of an Interprocedural Distributive Environment problem. After doing so, we are able to find a solution to the ICC problem using well-studied algorithms. We subsequently revise this ICC model by generalizing the inference of ICC specifications to a novel type of constant propagation for complex objects. Such constant propagation problems are specified using a propagation language. Using this approach, we are able to model all of ICC in the Android platform. We end this work by showing a first visualization-based study of inter-component communication. This methodology to determine and represent ICC links enables all kinds of analyses that need to consider multiple application components or multiple applications.