Predicting vulnerable classes in an android application

MetriSec'12 - Proceedings of the 4th International Workshop on Security Measurements and Metrics

Volumn , Issue , 2012, Pages 11-16

  Scandariato, Riccardo ^a   Walden, James ^b  

^a UNIVERSITY OF LEUVEN   (Belgium)

^b NORTHERN KENTUCKY UNIVERSITY   (United States)

Author keywords

Android; Metrics; Mobile application security; Static analysis

Indexed keywords

ANDROID; METRICS; MOBILE APPLICATIONS; PREDICTION MODEL;

COMMERCE; PERSONAL COMPUTING; SMARTPHONES; STATIC ANALYSIS;

ROBOTS;

EID: 84867517827     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2372225.2372231     Document Type: Conference Paper

References (13)

1. IDC, "Android Rises, Symbian and Windows Phone 7 Launch as Worldwide Smartphone Shipments Increase 87.2% Year Over Year, According to IDC, " Feb 7, 2011, http://www.idc.com/getdoc.jsp?containerId=prUS22689111, accessed May 27 2012.
2. Eric Zeman, "Android, iOS Crush BlackBerry Market Share, " Information Week, May 24, 2012, http://www.informationweek.com/news/mobility/ smart-phones/240001008, accessed May 27 2012.
3. Ingrid Lunden, "Google Play About To Pass 15 Billion App Downloads? Pssht! It Did That Weeks Ago, " Tech Crunch, May 7, 2012, http://techcrunch.com/2012/05/07/google-play-about-to-pass-15-billion- downloadspssht-it-did-that-weeks-ago/accessed May 27 2012.
4. Patrick McDaniel, William Enck, "Not So Great Expectations: Why Application Markets Haven't Failed Security, " IEEE Security and Privacy, vol. 8, no. 5, pp. 76-78, Sept.-Oct. 2010.
5. F-Secure, "Mobile Threat Report Q1 2012, " May 11, 2012, http://www.f-secure.com/weblog/archives/MobileThreatReport-Q1-2012.pdf, accessed May 27 2012.
6. Hiroshi Lockheimer, "Android and Security, "Google Mobile Blog, http://googlemobile.blogspot.com/2012/02/android-and-security.html, accessed May 27 2012.
7. Adrienne Porter Felt et. al., "Android Permissions: User Attention, Comprehension, and Behavior, " TechnicalReportNo.UCB/EECS-2012-26, http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-26.pdf, Feb 11, 2012.
8. Michael Charles Gegick. 2009. Predicting Attack-Prone Components with Source Code Static Analyzers. Ph.D. Dissertation. North Carolina State University. Advisor(s) Laurie Williams.
9. James Walden, Maureen Doyle, "SAVI: Static-Analysis Vulnerability Indicator, " IEEE Security and Privacy, Jan. 2012. IEEE computer Society Digital Library. IEEE Computer Society.
10. Neuhaus, S., Zimmermann, T., and Zeller, A., "Predicting Vulnerable Software Components, " Proc. the 14th ACM Conference on Computer and Communications Security (CCS '07), Alexandria, Virginia, USA, pp. 529 - 540, October 2007.
11. NVD, http://nvd.nist.gov/accessed May 27 2012.
12. Maureen Doyle, James Walden, "An Empirical Study of the Evolution of PHP Web Application Security, " International Workshop on Security Measurements and Metrics (Metrisec), Sept. 2011.
13. Y. Shin, A. Meneely, L. Williams, J. Osbourne, Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities, IEEE Transactions in Software Engineering, to appear, 2011.