Sciweavers

ACSAC
2015
IEEE

Grab 'n Run: Secure and Practical Dynamic Code Loading for Android Applications

8 years 7 months ago
Grab 'n Run: Secure and Practical Dynamic Code Loading for Android Applications
Android introduced the dynamic code loading (DCL) mechanism to allow for code reuse, to achieve extensibility, to enable updating functionalities, or to boost application startup performance. In spite of its wide adoption by developers, previous research has shown that the secure implementation of DCL-based functionality is challenging, often leading to remote code injection vulnerabilities. Unfortunately, previous attempts to address this problem by both the academic and Android developers communities are affected by either practicality or completeness issues, and, in some cases, are affected by severe vulnerabilities. In this paper, we propose, design, implement, and test Grab ’n Run, a novel code verification protocol and a series of supporting libraries, APIs, and tools, that address the by abstracting away from the developer many of the challenging implementation details. Grab ’n Run is designed to be practical: Among its tools, it provides a dropin library, which requires...
Luca Falsina, Yanick Fratantonio, Stefano Zanero,
Added 13 Apr 2016
Updated 13 Apr 2016
Type Journal
Year 2015
Where ACSAC
Authors Luca Falsina, Yanick Fratantonio, Stefano Zanero, Christopher Kruegel, Giovanni Vigna, Federico Maggi
Comments (0)