Information flows as a permission mechanism

ASE 2014 - Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering

Volumn , Issue , 2014, Pages 515-526

  Shen, Feng ^a   Vishnubhotla, Namita ^a   Todarka, Chirag ^a   Arora, Mohit ^a   Dhandapani, Babu ^a   Lehner, Eric John ^a   Ko, Steven Y ^a   Ziarek, Lukasz ^a  

^a UNIVERSITY AT BUFFALO   (United States)

Author keywords

Android; Information flows; Permissions

Indexed keywords

SEMANTICS; SOFTWARE ENGINEERING; STATIC ANALYSIS; TELEPHONE SETS;

ANDROID; ANDROID APPLICATIONS; INFORMATION FLOWS; INSTALLATION PROCEDURES; MULTIPLE APPLICATIONS; PERMISSIONS; PHONE NUMBER; SEMANTIC INFORMATION;

ANDROID (OPERATING SYSTEM);

EID: 84908642703     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2642937.2643018     Document Type: Conference Paper

References (40)

1. Amazon ec2. http://aws.amazon.com/ec2/.
2. Avg threat labs. http://www.avgthreatlabs.com/android-app-reports app/-pkg=com.bluecode.photo.space.effects.apk.
3. Moutaz Alazab, Veelasha Monsamy, Lynn Batten, Patrik Lantz, and Ronghua Tian. Analysis of malicious and benign android applications. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, ICDCSW'12, pages 608-616, Washington, DC, USA, 2012. IEEE Computer Society.
4. Steven Arzt, Siedfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android appstion in tcb source code. In PLDI'14, Edinburgh, UK, 2014.
5. Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, and David Lie. Pscout: analyzing the android permission specification. In Proceedings of the 2012 ACM conference on Computer and communications security, CCS'12, 2012.
6. David Barrera, H. Günęs Kayacik, Paul C. Van Oorschot, and Anil Somayaji. A methodology for empirical analysis of permission-based security models and its application to android. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS'10, pages 73-84, New York, NY, USA, 2010. ACM.
7. Alexandre Bartel, Jacques Klein, Yves Le Traon, and Martin Monperrus. Dexpler: converting android dalvik bytecode to jimple for static analysis with soot. In Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis, SOAP'12, pages 27-38, New York, NY, USA, 2012. ACM.
8. Alastair R. Beresford, Andrew Rice, Nicholas Skehin, and Ripduman Sohan. Mockdroid: trading privacy for application functionality on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, HotMobile'11, pages 49-54, New York, NY, USA, 2011. ACM.
9. Iker Burguera, Urko Zurutuza, and Simin Nadjm-Tehrani. Crowdroid: behavior-based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM'11, pages 15-26, New York, NY, USA, 2011. ACM.
10. Patrick P. F. Chan, Lucas C. K. Hui, and S. M. Yiu. Droidchecker: analyzing android applications for capability leak. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, WISEC'12, pages 125-136, New York, NY, USA, 2012. ACM.
11. Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. Pios: Detecting privacy leaks in ios applications. In NDSS. The Internet Society, 2011.
12. Serge Egelman, Adrienne P. Felt, and David Wagner. Choice Architecture and Smartphone Privacy: There's A Price for That. In Proceedings of the 11th Annual Workshop on the Economics of Information Security (WEIS), 2012.
13. William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI'10, pages 1-6, Berkeley, CA, USA, 2010. USENIX Association.
14. William Enck, Machigar Ongtang, and Patrick McDaniel. On Lightweight Mobile Phone Application Certification. In Proceedings of the 16th ACM Conference on Computer and communications security (CCS), 2009.
15. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security, CCS'11, 2011.
16. Adrienne Porter Felt, Kate Greenwood, and David Wagner. The effectiveness of application permissions. In Proceedings of the 2Nd USENIX Conference on Web Application Development, WebApps'11, pages 7-7, Berkeley, CA, USA, 2011. USENIX Association.
17. Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. Android Permissions: User Attention, Comprehension, and Behavior. In Proceedings of the 8th Symposium on Usable Privacy and Security (SOUPS), 2012.
18. Adrienne Porter Felt, Helen J. Wang, Alexander Moshchuk, Steven Hanna, and Erika Chin. Permission re-delegation: attacks and defenses. In Proceedings of the 20th USENIX conference on Security, SEC'11, 2011.
19. Elli Fragkaki, Lujo Bauer, Limin Jia, and David Swasey. Modeling and enhancing androids permission system. In Sara Foresti, Moti Yung, and Fabio Martinelli, editors, Computer Security ESORICS 2012, volume 7459 of Lecture Notes in Computer Science, pages 1-18. Springer Berlin Heidelberg, 2012.
20. Adam P. Fuchs, Avik Chaudhuri, and Jeffrey S. Foster. Scandroid: Automated security certification of android applications.
21. Michael C. Grace, Wu Zhou, Xuxian Jiang, and Ahmad-Reza Sadeghi. Unsafe exposure analysis of mobile in-app advertisements. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, WISEC'12, pages 101-112, New York, NY, USA, 2012. ACM.
22. Shashank Holavanalli, Don Manuel, Vishwas Nanjundaswamy, Brian Rosenberg, Feng Shen, Steven Y. Ko, and Lukasz Ziarek. Flow permissions for android. In Proceedings of the 28th IEEE/ACM International Conference on Automated Software Engineering (ASE 2013), 2013.
23. Peter Hornyack, Seungyeop Han, Jaeyeon Jung, Stuart Schechter, and David Wetherall. These Aren't the Droids You're Looking For: Retrofitting Android to Protect Data from Imperious Applications. In Proceedings of the 18th ACM Conference on Computer and communications security (CCS), 2011.
24. Jinyung Kim, Yongho Yoon, Kwangkeun Yi, and Junbum Shin. ScanDal: Static analyzer for detecting privacy leaks in android applications. In Hao Chen, Larry Koved, and Dan S. Wallach, editors, MoST 2012: Mobile Security Technologies 2012, Los Alamitos, CA, USA, May 2012. IEEE.
25. Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, and Guofei Jiang. Chex: statically vetting android apps for component hijacking vulnerabilities. In Proceedings of the 2012 ACM conference on Computer and communications security, CCS'12, 2012.
26. Christopher Mann and Artem Starostin. A framework for static detection of privacy leaks in android applications. In Proceedings of the 27th Annual ACM Symposium on Applied Computing, SAC'12, pages 1457-1462, New York, NY, USA, 2012. ACM.
27. Veelasha Moonsamy, Moutaz Alazab, and Lynn Batten. Towards an understanding of the impact of advertising on data leaks. Int. J. Secur. Netw., 7(3):181-193, March 2012.
28. Mohammad Nauman, Sohail Khan, and Xinwen Zhang. Apex: Extending Android Permission Model and Enforcement with User-Defined Runtime Constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2010.
29. Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. Effective inter-component communication mapping in android: An essential step towards holistic security analysis. In Proceedings of the 22nd USENIX Security Symposium (USENIX Security'13), 2013.
30. Paul Pearce, Adrienne Porter Felt, Gabriel Nunez, and David Wagner. Addroid: privilege separation for applications and advertisers in android. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, ASIACCS'12, pages 71-72, New York, NY, USA, 2012. ACM.
31. Sanae Rosen, Zhiyun Qian, and Z. Morely Mao. Appprofiler: A flexible method of exposing privacy-related behavior in android applications to end users. In Proceedings of the Third ACM Conference on Data and Application Security and Privacy, CODASPY'13, pages 221-232, New York, NY, USA, 2013. ACM.
32. Guillermo Suarez-Tangil, Juan E. Tapiador, Pedro Peris-Lopez, and Jorge Blasco. Dendroid: A text mining approach to analyzing and classifying code structures in android malware families. Expert Systems with Applications, 41(4, Part 1):1104-1117, 2014.
33. Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. Soot - a java bytecode optimization framework. In Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research, CASCON'99, pages 13-. IBM Press, 1999.
34. Raja Vallée-Rai, Etienne Gagnon, Laurie J. Hendren, Patrick Lam, Patrice Pominville, and Vijay Sundaresan. Optimizing java bytecode using the soot framework: Is it feasible? In Proceedings of the 9th International Conference on Compiler Construction, CC'00, pages 18-34, London, UK, UK, 2000. Springer-Verlag.
35. Michael S. Ware and Christopher J. Fox. Securing java code: heuristics and an evaluation of static analysis tools. In Proceedings of the 2008 workshop on Static analysis, SAW'08, pages 12-21, New York, NY, USA, 2008. ACM.
36. Xusheng Xiao, Nikolai Tillmann, Manuel Fahndrich, Jonathan De Halleux, and Michal Moskal. User-aware privacy control via extended static-information-flow analysis. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, ASE 2012, pages 80-89, New York, NY, USA, 2012. ACM.
37. Rubin Xu, Hassen Säidi, and Ross Anderson. Aurasium: practical policy enforcement for android applications. In Proceedings of the 21st USENIX conference on Security symposium, Security'12, 2012.
38. Zhemin Yang, Min Yang, Yuan Zhang, Guofei Gu, Peng Ning, and X. Sean Wang. Appintent: Analyzing sensitive data transmission in android for privacy leakage detection. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS'13, pages 1043-1054, New York, NY, USA, 2013. ACM.
39. Yuan Zhang, Min Yang, Bingquan Xu, Zhemin Yang, Guofei Gu, Peng Ning, X. Sean Wang, and Binyu Zang. Vetting undesirable behaviors in android apps with permission use analysis. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS'13, pages 611-622, New York, NY, USA, 2013. ACM.
40. Yajin Zhou and Xuxian Jiang. Dissecting android malware: Characterization and evolution. In Security and Privacy (Oakland), 2012 IEEE Symposium on, 2012.