Over the years, the field of Android security research has faced significant limitations due to the absence of reliable methods for achieving automated interaction with mobile applications. The lack of such tools has resulted in the widespread use of automatic exercising software, which randomly interfaces with apps in the hopes of obtaining desired outcomes. However, this approach cannot always be considered a satisfactory solution, as it lacks solid criteria and fails to provide any Proof-of-Reachability. In the context of my thesis, I employed Control Flow Graphs to reconstruct pathways that lead to specified target methods within Android applications. This approach allowed me to extract high-level instructions that automatic interaction software can accurately and reliably execute in order to reach a designated endpoint. Tests and evaluations conducted on this technique demonstrate its potential to facilitate more precise and goal-oriented testing. Its applications in the future could span from fuzzing and exploitation to aiding in the disclosure of privacy violations.

Over the years, the field of Android security research has faced significant limitations due to the absence of reliable methods for achieving automated interaction with mobile applications. The lack of such tools has resulted in the widespread use of automatic exercising software, which randomly interfaces with apps in the hopes of obtaining desired outcomes. However, this approach cannot always be considered a satisfactory solution, as it lacks solid criteria and fails to provide any Proof-of-Reachability. In the context of my thesis, I employed Control Flow Graphs to reconstruct pathways that lead to specified target methods within Android applications. This approach allowed me to extract high-level instructions that automatic interaction software can accurately and reliably execute in order to reach a designated endpoint. Tests and evaluations conducted on this technique demonstrate its potential to facilitate more precise and goal-oriented testing. Its applications in the future could span from fuzzing and exploitation to aiding in the disclosure of privacy violations.

Control Flow Graph-based Path Reconstruction in Android applications

DORIA, SAMUELE
2022/2023

Abstract

Over the years, the field of Android security research has faced significant limitations due to the absence of reliable methods for achieving automated interaction with mobile applications. The lack of such tools has resulted in the widespread use of automatic exercising software, which randomly interfaces with apps in the hopes of obtaining desired outcomes. However, this approach cannot always be considered a satisfactory solution, as it lacks solid criteria and fails to provide any Proof-of-Reachability. In the context of my thesis, I employed Control Flow Graphs to reconstruct pathways that lead to specified target methods within Android applications. This approach allowed me to extract high-level instructions that automatic interaction software can accurately and reliably execute in order to reach a designated endpoint. Tests and evaluations conducted on this technique demonstrate its potential to facilitate more precise and goal-oriented testing. Its applications in the future could span from fuzzing and exploitation to aiding in the disclosure of privacy violations.
2022
Control Flow Graph-based Path Reconstruction in Android applications
Over the years, the field of Android security research has faced significant limitations due to the absence of reliable methods for achieving automated interaction with mobile applications. The lack of such tools has resulted in the widespread use of automatic exercising software, which randomly interfaces with apps in the hopes of obtaining desired outcomes. However, this approach cannot always be considered a satisfactory solution, as it lacks solid criteria and fails to provide any Proof-of-Reachability. In the context of my thesis, I employed Control Flow Graphs to reconstruct pathways that lead to specified target methods within Android applications. This approach allowed me to extract high-level instructions that automatic interaction software can accurately and reliably execute in order to reach a designated endpoint. Tests and evaluations conducted on this technique demonstrate its potential to facilitate more precise and goal-oriented testing. Its applications in the future could span from fuzzing and exploitation to aiding in the disclosure of privacy violations.
android security
path generation
vulnerability detect
File in questo prodotto:
File Dimensione Formato  
MSc_Thesis_Samuele_Doria.pdf

accesso aperto

Dimensione 531.29 kB
Formato Adobe PDF
531.29 kB Adobe PDF Visualizza/Apri

The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12608/52254