ARF
Over the past decade, the security of the Android platform has undergone significant scrutiny by both academic and industrial researchers. This scrutiny has been largely directed towards third-party applications and a few critical system interfaces, leaving much of Android’s middleware unstudied. Building upon recent efforts to more rigorously analyze authorization logic in Android’s system services, we revisit the problem of permission re-delegation, but in the context of system service entry points. The Android Re-delegation Finder (ARF) analysis framework aids security analysts in the identification of permission re-delegation vulnerabilities within Android’s system services. ARF analyzes an interconnected graph of entry points in system services, deriving calling dependencies, annotating permission checks, and identifying potentially vulnerable deputies that improperly expose information or functionality to third-party applications.
Publications
- Sigmund Albert Gorski III and William Enck, ARF: Identifying Re-Delegation Vulnerabilities in Android System Services, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2019.
(acceptance rate=25.6%)
Downloading the Source Code
The source code for ARF is available on GitHub.
Required Input Files Examples
This section will be updated when the source code for ARF is released.
Output Data Examples
This section will be updated when the source code for ARF is released.
Running ARF
This section will be updated when the source code for ARF is released.