@conference {100, title = {Unintentional bugs to vulnerability mapping in Android applications}, booktitle = {Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on}, year = {2015}, month = {May}, abstract = {

The intention of an Android application, determined by the source code analysis is used to identify potential maliciousness in that application (app). Similarly, it is possible to analyze the unintentional behaviors of an app to identify and reduce the window of vulnerabilities. Unintentional behaviors of an app can be any developmental loopholes such as software bugs overlooked by a developer or introduced by an adversary intentionally. FindBugsTM and Android Lint are a couple of tools that can detect such bugs easily. A software bug can cause many security vulnerabilities (known or unknown) and vice-versa, thus, creating a many-to-many mapping. In our approach, we construct a matrix of mapping between the bugs and the potential vulnerabilities. A software bug detection tool is used to identify a list of bugs and create an empirical list of the vulnerabilities in an app. The many-to-many mapping matrix is obtained by two approaches - severity mapping and probability mapping. These mappings can be used as tools to measure the unknown vulnerabilities and their strength. We believe our study is the first of its kind and it can enhance the security of Android apps in their development phase itself. Also, the reverse mapping matrix (vulnerabilities to bugs) could be used to improve the accuracy of malware detection in Android apps.

}, keywords = {Android (operating system), Android applications, Android Lint, Androids, bugs, Computer bugs, Conferences, development phase, developmental loopholes, FindBugsTM, Humanoid robots, Indexes, invasive software, malware detection, many-to-many mapping matrix, mapping, matrix algebra, probability, probability mapping, program debugging, reverse mapping matrix, Security, security vulnerabilities, severity mapping, Software, software bug detection tool, software bugs, software tools, source code (software), source code analysis, unintentional behavior analysis, unintentional bugs, vulnerability, vulnerability mapping}, doi = {10.1109/ISI.2015.7165966}, author = {Bajwa, Garima and Fazeen, Mohamed and Ram Dantu and Tanpure, Sonal} }