SuPOR: Precise and scalable sensitive user input detection for android apps

Proceedings of the 24th USENIX Security Symposium

Volumn , Issue , 2015, Pages 977-992

  Huang, Jianjun ^a   Li, Zhichun ^b   Xiao, Xusheng ^b   Wu, Zhenyu ^b   Lu, Kangjie ^c   Zhang, Xiangyu ^a   Jiang, Guofei ^b  

^a PURDUE UNIVERSITY   (United States)

^b NEC LABORATORIES AMERICA   (United States)

^c Georgia Institute of Technology   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

MHEALTH; SMARTPHONES; STATIC ANALYSIS; USER INTERFACES;

DESIGN AND IMPLEMENTS; FALSE POSITIVE RATES; HEALTH INFORMATIONS; INFORMATION SOURCES; MEASUREMENT STUDY; PRIVACY ANALYSIS; PRIVACY DISCLOSURES; SENSITIVE INFORMATIONS;

ANDROID (OPERATING SYSTEM);

EID: 84979682861     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (40)

1. Android-ApkTool: A tool for reverse engineering Android apk file. https://code.google.com/p/androidapktool.
2. Android Dashboards. https://developer.android.com/about/dashboards/index.html. Accessed: 20 Feb 2015.
3. Baksmali: a disassembler for Android’s dex format. https://code.google.com/p/smali.
4. WALA: T.J. Watson Libraries for Analysis. http://wala.sourceforge.net.
5. ARP, D., SPREITZENBARTH, M., HUBNER, M., GASCON, H., AND RIECK, K. DREBIN: Effective and explainable detection of Android malware in your pocket. In NDSS (2014).
6. ARZT, S., RASTHOFER, S., FRITZ, C., BODDEN, E., BARTEL, A., KLEIN, J., LE TRAON, Y., OCTEAU, D., AND MCDANIEL, P. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In PLDI (2014).
7. CHEN, S., MESEGUER, J., SASSE, R., WANG, H. J., AND WANG, Y.-M. A systematic approach to uncover security flaws in GUI logic. In S&P (Oakland) (2007).
8. EGELE, M., KRUEGEL, C., KIRDA, E., AND VIGNA, G. PiOS: Detecting privacy leaks in iOS applications. In NDSS (2011).
9. ENCK, W., GILBERT, P., CHUN, B.-G., COX, L. P., JUNG, J., MCDANIEL, P., AND SHETH, A. N. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI (2010).
10. ENCK, W., OCTEAU, D., MCDANIEL, P., AND CHAUDHURI, S. A study of Android application security. In USENIX Security (2011).
11. FELLBAUM, C., Ed. WordNet An Electronic Lexical Database. The MIT Press, 1998.
12. GIBLER, C., CRUSSELL, J., ERICKSON, J., AND CHEN, H. AndroidLeaks: Automatically detecting potential privacy leaks in Android applications on a large scale. In TRUST (2012).
13. GORLA, A., TAVECCHIA, I., GROSS, F., AND ZELLER, A. Checking app behavior against app descriptions. In ICSE (2014).
14. GRACE, M., ZHOU, Y., WANG, Z., AND JIANG, X. Systematic detection of capability leaks in stock Android smartphones. In NDSS (2012).
15. GRACE, M., ZHOU, Y., ZHANG, Q., ZOU, S., AND JIANG, X. Riskranker: Scalable and accurate zero-day Android malware detection. In MobiSys (2012).
16. HAN, J., YAN, Q., GAO, D., ZHOU, J., AND DENG, R. Comparing mobile privacy protection through cross-platform applications. In NDSS (2013).
17. HORNYACK, P., HAN, S., JUNG, J., SCHECHTER, S., AND WETHERALL, D. These aren’t the droids you’re looking for: Retrofitting Android to protect data from imperious applications. In CCS (2011).
18. HORWITZ, S., REPS, T., AND BINKLEY, D. Interprocedural slicing using dependence graphs. SIGPLAN Not. 23, 7 (June 1988).
19. HUANG, E. H., SOCHER, R., MANNING, C. D., AND NG, A. Y. Improving word representations via global context and multiple word prototypes. In ACL (2012).
20. HUANG, J., ZHANG, X., TAN, L., WANG, P., AND LIANG, B. Asdroid: Detecting stealthy behaviors in Android applications by user interface and program behavior contradiction. In ICSE (2014).
21. JURAFSKY, D., AND MARTIN, J. H. Speech and Language Processing: An Introduction to Natural Language Processing, Computational Linguistics, and Speech Recognition, 1st ed. Prentice Hall PTR, Upper Saddle River, NJ, USA, 2000.
22. KLEIN, D., AND MANNING, C. D. Accurate unlexicalized parsing. In ACL (2003).
23. LU, K., LI, Z., KEMERLIS, V., WU, Z., LU, L., ZHENG, C., QIAN, Z., LEE, W., AND JIANG, G. Checking more and alerting less: Detecting privacy leakages via enhanced data-flow analysis and peer voting. In NDSS (2015).
24. LU, L., LI, Z., WU, Z., LEE, W., AND JIANG, G. CHEX: Statically vetting Android apps for component hijacking vulnerabilities. In CCS (2012).
25. LUTTEROTH, C. Automated reverse engineering of hard-coded GUI layouts. In AUIC (2008).
26. MEMON, A., BANERJEE, I., AND NAGARAJAN, A. GUI ripping: Reverse engineering of graphical user interfaces for testing. In WCRE (2003).
27. MULLINER, C., ROBERTSON, W., AND KIRDA, E. Hidden GEMs: Automated discovery of access control vulnerabilities in graphical user interfaces. In S&P (Oakland) (2014).
28. NADKARNI, A., AND ENCK, W. Preventing accidental data disclosure in modern operating systems. In CCS (2013).
29. NAN, Y., YANG, M., YANG, Z., ZHOU, S., GU, G., AND WANG, X. UIPicker: User-input privacy identification in mobile applications. In USENIX Security (2015).
30. PANDITA, R., XIAO, X., YANG, W., ENCK, W., AND XIE, T. WHYPER: Towards automating risk assessment of mobile applications. In USENIX Security (2013).
31. QU, Z., RASTOGI, V., ZHANG, X., CHEN, Y., ZHU, T., AND CHEN, Z. AutoCog: Measuring the description-to-permission fidelity in Android applications. In CCS (2014).
32. RAMÓN, Ó. S., CUADRADO, J. S., AND MOLINA, J. G. Model-driven reverse engineering of legacy graphical user interfaces. Automated Software Engineering 21, 2 (2014).
33. RASTHOFER, S., ARZT, S., AND BODDEN, E. A machine-learning approach for classifying and categorizing Android sources and sinks. In NDSS (2014).
34. RASTOGI, V., CHEN, Y., AND ENCK, W. AppsPlayground: Automatic security analysis of smartphone applications. In ASIACCS (2013).
35. SILVA, J. C., SILVA, C., GONÇALO, R. D., SARAIVA, J., AND CAMPOS, J. C. The GUISurfer tool: towards a language independent approach to reverse engineering GUI code. In EICS (2010).
36. The Stanford Natural Language Processing Group, 1999. http://nlp.stanford.edu/.
37. SOCHER, R., BAUER, J., MANNING, C. D., AND NG, A. Y. Parsing with compositional vector grammars. In ACL (2013).
38. YANG, Z., YANG, M., ZHANG, Y., GU, G., NING, P., AND WANG, X. S. AppIntent: Analyzing sensitive data transmission in Android for privacy leakage detection. In CCS (2013).
39. ZHOU, Y., AND JIANG, X. Dissecting Android malware: Characterization and evolution. In S&P (Oakland) (2012).
40. ZHOU, Y., AND JIANG, X. Detecting passive content leaks and pollution in Android applications. In NDSS (2013).