Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a 23-minute conference presentation that introduces Ariadne, a novel approach for detecting security vulnerabilities in Android's data-driven customization framework. Learn how vendor customizations of Android through changes to access-controlled framework variables create security concerns that existing detection methods cannot identify. Discover the challenges of analyzing data-driven customization, including the need to model implicit access control relations among Java objects and their operation semantics. Understand how Ariadne addresses these limitations by constructing an abstract representation called the AC dependency graph to model access control relationships among framework data holders and detect missing access control enforcement in data holders and their corresponding APIs. Examine the research methodology that tested Ariadne against two AOSP and 11 custom ROMs, revealing 30 unique data-driven access control inconsistencies that cannot be detected by existing approaches, demonstrating how this tool provides more comprehensive protection by effectively complementing current access control inconsistency detection methods.
