Lintent: Towards Security Type-Checking of Android Applications - Formal Techniques for Distributed Systems Access content directly
Conference Papers Year : 2013

Lintent: Towards Security Type-Checking of Android Applications


The widespread adoption of Android devices has attracted the attention of a growing computer security audience. Fundamental weaknesses and subtle design flaws of the Android architecture have been identified, studied and fixed, mostly through techniques from data-flow analysis, runtime protection mechanisms, or changes to the operating system. This paper complements this research by developing a framework for the analysis of Android applications based on typing techniques. We introduce a formal calculus for reasoning on the Android inter-component communication API and a type-and-effect system to statically prevent privilege escalation attacks on well-typed components. Drawing on our abstract framework, we develop a prototype implementation of Lintent, a security type-checker for Android applications integrated with the Android Development Tools suite. We finally discuss preliminary experiences with our tool, which highlight real attacks on existing applications.
Fichier principal
Vignette du fichier
978-3-642-38592-6_20_Chapter.pdf (611.8 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-01515252 , version 1 (27-04-2017)





Michele Bugliesi, Stefano Calzavara, Alvise Spanò. Lintent: Towards Security Type-Checking of Android Applications. 15th International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOOODS) / 33th International Conference on Formal Techniques for Networked and Distributed Systems (FORTE), Jun 2013, Florence, Italy. pp.289-304, ⟨10.1007/978-3-642-38592-6_20⟩. ⟨hal-01515252⟩
107 View
127 Download



Gmail Facebook X LinkedIn More