TY - CONF T1 - Unintentional bugs to vulnerability mapping in Android applications T2 - Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on Y1 - 2015 A1 - Bajwa, Garima A1 - Fazeen, Mohamed A1 - Ram Dantu A1 - Tanpure, Sonal KW - Android (operating system) KW - Android applications KW - Android Lint KW - Androids KW - bugs KW - Computer bugs KW - Conferences KW - development phase KW - developmental loopholes KW - FindBugsTM KW - Humanoid robots KW - Indexes KW - invasive software KW - malware detection KW - many-to-many mapping matrix KW - mapping KW - matrix algebra KW - probability KW - probability mapping KW - program debugging KW - reverse mapping matrix KW - Security KW - security vulnerabilities KW - severity mapping KW - Software KW - software bug detection tool KW - software bugs KW - software tools KW - source code (software) KW - source code analysis KW - unintentional behavior analysis KW - unintentional bugs KW - vulnerability KW - vulnerability mapping AB -

The intention of an Android application, determined by the source code analysis is used to identify potential maliciousness in that application (app). Similarly, it is possible to analyze the unintentional behaviors of an app to identify and reduce the window of vulnerabilities. Unintentional behaviors of an app can be any developmental loopholes such as software bugs overlooked by a developer or introduced by an adversary intentionally. FindBugsTM and Android Lint are a couple of tools that can detect such bugs easily. A software bug can cause many security vulnerabilities (known or unknown) and vice-versa, thus, creating a many-to-many mapping. In our approach, we construct a matrix of mapping between the bugs and the potential vulnerabilities. A software bug detection tool is used to identify a list of bugs and create an empirical list of the vulnerabilities in an app. The many-to-many mapping matrix is obtained by two approaches - severity mapping and probability mapping. These mappings can be used as tools to measure the unknown vulnerabilities and their strength. We believe our study is the first of its kind and it can enhance the security of Android apps in their development phase itself. Also, the reverse mapping matrix (vulnerabilities to bugs) could be used to improve the accuracy of malware detection in Android apps.

JF - Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on ER -