COSE_2022.pdf (427.09 kB)

Assessing the Security of Inter-App Communications in Android through Reinforcement Learning

Download (427.09 kB)
posted on 2022-10-14, 18:02 authored by Andrea RomdhanaAndrea Romdhana, Alessio Merlo, Mariano Ceccato, Paolo Tonella

A central aspect of the Android platform is Inter-Component Communication (ICC), which enables the reuse of functionality across apps and components via message passing. While a powerful feature, ICC still constitutes a serious attack surface. This paper addresses the issue of generating exploits for a subset of Android ICC vulnerabilities (i.e., IDOS, XAS, and FI) through static analysis, Deep Reinforcement Learning-based dynamic analysis and software instrumentation. Our approach, called RONIN, achieves better results than state-of-the-art and baseline tools, in the number of exploited vulnerabilities.


Email Address of Submitting Author

Submitting Author's Institution

Università degli Studi di Genova, FBK

Submitting Author's Country

  • Italy

Usage metrics