How useful are existing monitoring languages for securing Android apps?

Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)

Volumn P-215, Issue , 2013, Pages 107-122

  Arzt, Steven ^a   Falzon, Kevin ^a   Follner, Andreas ^a   Rasthofer, Siegfried ^a   Bodden, Eric ^a   Stolz, Volker ^b  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^b UNIVERSITY OF OSLO   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTATIONAL LINGUISTICS; DATA FLOW ANALYSIS; MOBILE DEVICES; SOFTWARE ENGINEERING; SPECIFICATION LANGUAGES;

ANDROID SECURITIES; COMPLEX INFORMATION; ESSENTIAL FEATURES; MOBILE APPLICATIONS; POSSIBLE MECHANISMS; RUNTIME MONITORING; SECURITY POLICY; SENSITIVE DATAS;

ANDROID (OPERATING SYSTEM);

EID: 84922708709     PISSN: 16175468     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (24)

1. [AAC+05] Chris Allan, Pavel Avgustinov, Aske Simon Christensen, Laurie Hendren, Sascha Kuzins, Ondrej Lhoták, Oege de Moor, Damien Sereni, Ganesh Sittampalam, Julian Tibble. Adding trace matching with free variables to AspectJ. In [OOP05].
2. [ABB+09] Dima Alhadidi, Amine Boukhtouta, Nadia Belblidia, Mourad Debbabi, and Prabir Bhattacharya. The dataflow pointcut: a formal and practical framework. In Proceedings of the 8th ACM international conference on Aspect-oriented software development, AOSD '09, pages 15-26, New York, NY, USA, 2009. ACM.
3. [AN08] I. Aktug and K. Naliuka. ConSpec-A formal language for policy specification. In Proceedings of the First International Workshop on Run Time Enforcement for Mobile and Distributed Systems (REM 2007), volume 197 of ENTCS, pages 45-58, 2008.
4. [And12] Android. Android Security Overview, December 2012. http://source. android.com/tech/security/.
5. [BGH+12] Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei, Philipp Styp-Rekowsky. AppGuard-real-Time policy enforcement for third-party applications. Technical Report A/02/2012 Universitäts-und Landesbibliothek 2012
6. [Bit12] Bit9. Pausing Google Play: More Than 100, 000 Android Apps May Pose Security Risks, November 2012. http://www.bit9.com/pausing-google-play/.
7. [Cor12] International Data Corporation. Worldwide Quarterly Mobile Phone Tracker 3Q12, November 2012. http://www.idc.com/tracker/showproductinfo.jspprod-id=37.
8. [CR07] Feng Chen and Grigore Roşu. MOP: an efficient and generic runtime verification framework. In Proceedings of the 22nd annual ACM SIGPLAN conference on Objectoriented programming systems and applications, OOPSLA '07, pages 569-588, New York, NY, USA, 2007. ACM.
9. [EGgC+10] William Enck, Peter Gilbert, Byung gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Remzi H. Arpaci-Dusseau and Brad Chen, editors, OSDI, pages 393-407. USENIX Association, 2010.
10. [EOMC11] William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. A study of Android application security. In Proceedings of the 20th USENIX conference on Security, SEC'11, pages 21-21, Berkeley, CA, USA, 2011. USENIX Association.
11. [Erl03] Ulfar Erlingsson. The Inlined Reference Monitor Approach to Security Policy Enforcement. Technical Report 1916, Cornell University, 2003.
12. [FHM+12] Sascha Fahl, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, and Matthew Smith. Why Eve and Mallory love Android: an analysis of android SSL (in)security. In Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pages 50-61, New York, NY, USA, 2012. ACM.
13. [GCEC12] Clint Gibler, Jonathan Crussell, Jeremy Erickson, and Hao Chen. AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In Proceedings of the 5th international conference on Trust and Trustworthy Computing, TRUST'12, pages 291-307. Springer, 2012.
14. [Goo12] Google Inc. Permissions, December 2012. http://developer.android.com/guide/topics/security/permissions.html.
15. [GR83] A. Goldberg and D. Robson. Smalltalk-80: the language and its implementation. Addison-Wesley Longman Publishing Co., Inc., 1983.
16. [KB12] Eran Kalige and Darrell Burkey. A Case Study of Eurograbber: How 36Million Euros was Stolen via Malware, 2012.
17. [KHH+01] G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W. Griswold. An overview of AspectJ. In ECOOP, pages 327-354. Springer, 2001.
18. [LC13] Benjamin Livshits and Stephen Chong. Towards Fully Automatic Placement of Security Sanitizers and Declassifiers. In Proceedings of the Symposium on Principles of Programming Languages (POPL), January 2013. To appear.
19. [MK03] Hidehiko Masuhara and Kazunori Kawauchi. Dataflow Pointcut in Aspect-Oriented Programming. In Atsushi Ohori, editor, Programming Languages and Systems, volume 2895 of Lecture Notes in Computer Science, pages 105-121. Springer, 2003.
20. [MLL05] Michael Martin, Benjamin Livshits, and Monica S. Lam. Finding application errors and security flaws using PQL: a program query language. In [OOP05].
21. [NKZ10] Mohammad Nauman, Sohail Khan, and Xinwen Zhang. Apex: extending Android permission model and enforcement with user-defined runtime constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS '10, pages 328-332, New York, NY, USA, 2010. ACM.
22. [OOP05] Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications. ACM, 2005.
23. [ZJ12] Yajin Zhou and Xuxian Jiang. Dissecting Android Malware: Characterization and Evolution. In IEEE Symposium on Security and Privacy, pages 95-109, 2012.
24. [ZZJF11] Yajin Zhou, Xinwen Zhang, Xuxian Jiang, and Vincent W. Freeh. Taming informationstealing smartphone applications (on Android). In Proc. of the 4th international conference on Trust and trustworthy computing, TRUST'11, pages 93-107. Springer, 2011.