Understanding and improving app installation security mechanisms through empirical analysis of android

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2012, Pages 81-92

  Barrera, David ^a   Clark, Jeremy ^a   McCarney, Daniel ^a   Van Oorschot, Paul C ^a  

^a CARLETON UNIVERSITY   (Canada)

Author keywords

Android; Digital signatures; Software installation

Indexed keywords

ANDROID; DATA SETS; EMPIRICAL ANALYSIS; EMPIRICAL EVIDENCE; MITIGATION OPTIONS; SECURE DATA TRANSFER; SECURITY MECHANISM; SECURITY PRACTICE; SOFTWARE INSTALLATIONS;

DATA TRANSFER; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; METADATA; MOBILE DEVICES; SMARTPHONES;

ROBOTS;

EID: 84869797921     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2381934.2381949     Document Type: Conference Paper

References (31)

1. Anderson, R., Bergadano, F., Crispo, B., Lee, J.-H., Manifavas, C., and Needham, R. A new family of authentication protocols. ACM SIGOPS Operating Systems Review 32, 4 (1998).
2. Arkko, J., and Nikander, P. Weak authentication: How to authenticate unknown principals without trusted parties. In Security Protocols (2002).
3. Barrera, D., Kayacik, G., van Oorschot, P., and Somayaji, A. A Methodology for Empirical Analysis of Permission-based Security Models and its Application to Android. In CCS (2010).
4. Barrera, D., and van Oorschot, P. Secure software installation on smartphones. IEEE S&P Magazine 9, 3 (2011).
5. Becher, M., Freiling, F. C., Hoffmann, J., Holz, T., Uellenbeck, S., and Wolf, C. Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices. In IEEE S&P Symposium (2011).
6. Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A., and Shastry, B. Towards taming privilege-escalation attacks on Android. In NDSS (2012).
7. Chia, P. H., Yamamoto, Y., and Asokan, N. Is this app safe? A large scale study on application permissions and risk signals. In WWW (2012).
8. Damgard, I., and Koprowski, M. Practical threshold RSA signatures without a trusted dealer. In EUROCRYPT (2001).
9. Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., and Wallach, D. S. Quire: Lightweight provenance for smart phone operating systems. In USENIX Security (2011).
10. Eckersley, P., and Burns, J. Is the SSLiverse a safe place? In Chaos Communication Congress (2010).
11. Egele, M., Kruegel, C., Kirda, E., and Vigna, G. PiOS: detecting privacy leaks in iOS applications. In NDSS (2011).
12. Enck, W. Defending users against smartphone apps: Techniques and future directions. In ICISS (2011).
13. Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. Taintdroid: An information-ow tracking system for realtime privacy monitoring on smartphones. In OSDI (2010).
14. Enck, W., Octeau, D., McDaniel, P., and Chaudhuri, S. A study of Android application security. In USENIX Security (2011).
15. Enck, W., Ongtang, M., and McDaniel, P. On lightweight mobile phone application certification. In CCS (2009).
16. Enck, W., Ongtang, M., and McDaniel, P. Understanding Android security. IEEE S&P Magazine (Jan/Feb 2009).
17. Felt, A., Chin, E., Hanna, S., Song, D., and Wagner, D. Android permissions demystified. In CCS (2011).
18. Felt, A., Finifter, M., Chin, E., Hanna, S., and Wagner, D. A survey of mobile malware in the wild. In SPSM (2011).
19. Felt, A. P., Wang, H. J., Moshchuk, A., Hanna, S., and Chin, E. Permission re-delegation: Attacks and defenses. In USENIX Security (2011).
20. Gamma, E., Helm, R., Johnson, R., and Vlisides, J. Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, 1995.
21. Geer Jr., D. E., and Yung, M. Split-and-delegate: Threshold cryptography for the masses. In FC (2002).
22. Goldberg, I., Mashatan, A., and Stinson, D. On message recognition protocols: Recoverability and explicit confirmation. International Journal of Applied Cryptography 2, 2 (2010).
23. Grace, M., Zhou, Y., Wang, Z., and Jiang, X. Systematic Detection of Capability Leaks in Stock Android Smartphones. In NDSS (2012).
24. Hornyack, P., Han, S., Jung, J., Schechter, S., and Wetherall, D. These aren't the droids you're looking for: retrofitting Android to protect data from imperious applications. In CCS (2011).
25. Lucks, S., Zenner, E., Weimerskirch, A., and Westhoff, D. Concrete security for entity recognition: The Jane Doe protocol. In INDOCRYPT (2008).
26. Ongtang, M., McLaughlin, S., Enck, W., and McDaniel, P. Semantically rich application-centric security in android. In ACSAC (2009).
27. Samuel, J., Mathewson, N., Cappos, J., and Dingledine, R. Survivable key compromise in software update systems. In CCS (2010).
28. Shoup, V. Practical threshold signatures. In EUROCRYPT (2000).
29. Six, J. Application Security for the Android Platform: Processes, Permissions, and Other Safeguards. O'Reilly Media, 2011.
30. van Oorschot, P., and Wurster, G. Reducing unauthorized modification of digital objects. IEEE Transactions on Software Engineering 38, 1 (2012).
31. Zhou, Y., Wang, Z., Zhou, W., and Jiang, X. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In NDSS (2012).