Skip to content
/ RAICC Public

RAICC finds Atypical way to perform ICC in Android applications.

License

LGPL-2.1 license
5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Trustworthy-Software/RAICC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
artefacts
artefacts
 
 
libs
libs
 
 
src/main
src/main
 
 
.classpath
.classpath
 
 
.gitignore
.gitignore
 
 
.project
.project
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 
pom.xml
pom.xml
 
 

Repository files navigation

RAICC

Reveal Atypical Inter-Component Communication

In this repository, we host the necessary artefacts for reproducing our study.

Publication

The paper describing the approach for RAICC is in the proceedings of the 43rd International Conference on Software Engineering (ICSE) 2021.

The preprint of the paper is currently hosted on arXiv website at: https://arxiv.org/abs/2012.09916

Abstract

Inter-Component Communication (ICC) is a key mechanism in Android. It enables developers to compose rich functionalities and explore reuse within and across apps. Unfortunately, as reported by a large body of literature, ICC is rather "complex and largely unconstrained", leaving room to a lack of precision in apps modeling. To address the challenge of tracking ICCs within apps, state of the art static approaches such as Epicc, IccTA and Amandroid have focused on the documented framework ICC methods (e.g., startActivity) to build their approaches. In this work we show that ICC models inferred in these state of the art tools may actually be incomplete: the framework provides other atypical ways of performing ICCs. To address this limitation in the state of the art, we propose RAICC a static approach for modeling new ICC links and thus boosting previous analysis tasks such as ICC vulnerability detection, privacy leaks detection, malware detection, etc. We have evaluated RAICC on 20 benchmark apps, demonstrating that it improves the precision and recall of uncovered leaks in state of the art tools. We have also performed a large empirical investigation showing that Atypical ICC methods are largely used in Android apps, although not necessarily for data transfer. We also show that RAICC increases the number of ICC links found by 61.6% on a dataset of real-world malicious apps, and that RAICC enables the detection of new ICC vulnerabilities.

Getting started

Downloading the tool

git clone https://github.com/JordanSamhi/RAICC.git

Installing the tool

cd RAICC
mvn clean install:install-file -Dfile=libs/ic3-0.2.1-full.jar -DgroupId=edu.psu.cse.siis -DartifactId=ic3 -Dversion=0.2.1 -Dpackaging=jar
mvn clean install:install-file -Dfile=libs/preprocessIntentSender-0.1.jar -DgroupId=lu.uni.trux -DartifactId=preprocessIntentSender -Dversion=0.1 -Dpackaging=jar
mvn clean install

Issues

If you stumble upon a stack overflow error while building RAICC, increase memory available with this command:

export MAVEN_OPTS=-Xss32m

Then, try to rebuild.

Using the tool

java -jar RAICC/target/RAICC-0.1-jar-with-dependencies.jar options

Options:

  • -a : The path to the APK to process.
  • -cp : The path to Android platofrms folder.
  • -model : The path to RAICC's COAL models folder.

Built With

  • Maven - Dependency Management

License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details

Contact

For any question regarding this study, please contact us at: Jordan Samhi

About

RAICC finds Atypical way to perform ICC in Android applications.

Resources

Readme

License

LGPL-2.1 license
Activity
Custom properties

Stars

5 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases 1

RAICC 1.0 Latest
Jan 20, 2021

Packages

 
 
 

Languages