Dr. android and Mr. hide: Fine-grained permissions in android applications

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2012, Pages 3-14

  Jeon, Jinseong ^a   Micinski, Kristopher K ^a   Vaughan, Jeffrey A ^b   Fogel, Ari ^b   Reddy, Nikhilesh ^b   Foster, Jeffrey S ^a   Millstein, Todd ^b  

^a UNIVERSITY OF MARYLAND   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Android; Binary transformation; Fine grained permissions

Indexed keywords

ANDROID; BINARY TRANSFORMATION; FINE-GRAINED PERMISSIONS;

INTERNET; MOBILE DEVICES; SMARTPHONES;

ROBOTS;

EID: 84869790502     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2381934.2381938     Document Type: Conference Paper

References (32)

1. A. V. Aho, R. Sethi, and J. D. Ullman. Compilers: Principles, Techniques and Tools. Addison-Wesley, 1986.
2. Android Police. Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More, Oct. 2011. http://www.androidpolice.com/2011/10/01/ massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt- others-exposes-phone-numbers-gps-sms-emails-addresses-much-more.
3. D. Barrera, H. Kayacik, P. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to android. In CCS, pages 73-84, 2010.
4. A. R. Beresford, A. Rice, N. Skehin, and R. Sohan. MockDroid: trading privacy for application functionality on smartphones. In HotMobile, 2011.
5. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry. Towards taming privilege-escalation attacks on android. In 19th Annual Network & Distributed System Security Symposium (NDSS), Feb 2012.
6. S. Bugiel, L. Davi, A. Dmitrienko, and S. Heuser. Practical and lightweight domain isolation on android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '11, 2011.
7. I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani. Crowdroid: behavior-based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '11, pages 15-26, 2011.
8. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing Inter-Application Communication in Android. In MobiSys, 2011.
9. M. Conti, V. T. N. Nguyen, and B. Crispo. Crepe: context-related policy enforcement for android. In Proceedings of the 13th international conference on Information security, pages 331-345, 2011.
10. M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach. Quire: Lightweight provenance for smart phone operating systems. In USENIX Security Symposium, 2011.
11. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: an information-ow tracking system for realtime privacy monitoring on smartphones. In OSDI, 2010.
12. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A Study of Android Application Security. In USENIX Security, 2011.
13. W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In CCS, pages 235-245, 2009.
14. A. Felt, H. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission re-delegation: Attacks and defenses. In USENIX Security, 2011.
15. A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In CCS, 2011.
16. Gartner. Gartner Says Sales of Mobile Devices Grew 5.6 Percent in Third Quarter of 2011; Smartphone Sales Increased 42 Percent, Nov. 15 2011. http://www.gartner.com/it/page.jsp?id=1848514.
17. Google. Tool for reengineering Android apk files. http://code.google.com/ p/android-apktool/.
18. Google. 10 Billion Android Market Downloads and Counting, Dec. 2011. http://android-developers.blogspot.com/2011/12/10-billion-android-market- downloads-and.html.
19. M. Grace, Y. Zhou, Z. Wang, and X. Jiang. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In NDSS, 2012.
20. M. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic Detection of Capability Leaks in Stock Android Smartphones. In NDSS, 2012.
21. P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These aren't the droids you're looking for: retrofitting android to protect data from imperious applications. In CCS, pages 639-652, 2011.
22. J. Jeon, K. K. Micinski, J. A. Vaughan, N. Reddy, Y. Zhu, J. S. Foster, and T. Millstein. Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android. Technical Report CS-TR-5006, Department of Computer Science, University of Maryland, College Park, December 2011.
23. M. Nauman, S. Khan, and X. Zhang. Apex: extending android permission model and enforcement with user-defined runtime constraints. In ASIACCS, pages 328-332, 2010.
24. M. Ongtang, K. Butler, and P. McDaniel. Porscha: policy oriented secure content handling in android. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 221-230, 2010.
25. M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically rich application-centric security in android. In ACSAC, pages 340-349, 2009.
26. P. Pearce, A. P. Felt, G. Nunez, , and D. Wagner. Addroid: Privilege separation for applications and advertisers in android. In ACM Symposium on Information, Computer and Communications Security (AsiaCCS), 2012.
27. G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 347-356, 2010.
28. H. S. Rubin Xu and R. Anderson. Aurasium: Practical policy enforcement for android applications. In Proceedings of the 21st USENIX Security Symposium, 2012.
29. J. H. Saltzer. Protection and the control of information sharing in Multics. Comm. of the ACM, 17(7):388-402, July 1974.
30. T. Vidas, N. Christin, and L. F. Cranor. Curbing Android Permission Creep. In W2SP, 2011.
31. L. K. Yan and H. Yin. DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis. In Proceedings of the 21st USENIX Security Symposium, 2012.
32. Y. Zhou, X. Zhang, X. Jiang, and V. Freeh. Taming information-stealing smartphone applications (on android). Trust and Trustworthy Computing, pages 93-107, 2011.