Efficient, context-aware privacy leakage confinement for android applications without firmware modding

ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security

Volumn , Issue , 2014, Pages 259-270

  Zhang, Mu ^a   Yin, Heng ^a  

^a SYRACUSE UNIVERSITY   (United States)

Author keywords

Android; Bytecode rewriting; Context aware policy; Privacy leakage

Indexed keywords

FIRMWARE; MOBILE DEVICES;

ANDROID; ANDROID APPLICATIONS; BYTECODE REWRITING; CONTEXT-AWARE POLICIES; EFFECTIVE MECHANISMS; INSTRUMENTATION CODE; PRIVACY LEAKAGES; RUNTIME ENFORCEMENTS;

ANDROID (OPERATING SYSTEM);

EID: 84984918811     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2590296.2590312     Document Type: Conference Paper

References (39)

1. dex2jar. http://code.google.com/p/dex2jar/.
2. Privacy blocker. http://privacytools.xeudoxus.com/.
3. Soot: a java optimization framework. http://www.sable.mcgill.ca/soot/.
4. T.j. watson libraries for analysis. http://wala.sourceforge.net.
5. J. Andrus, C. Dall, A. V. Hof, O. Laadan, and J. Nieh. Cells: A Virtual Mobile Smartphone Architecture. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP'11), October 2011.
6. A. R. Beresford, A. Rice, N. Skehin, and R. Sohan. MockDroid: Trading Privacy for Application Functionality on Smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications (HotMobile'11), March 2011.
7. K. Z. Chen, N. Johnson, V. D'Silva, S. Dai, K. MacNamara, T. Magrino, E. X. Wu, M. Rinard, and D. Song. Contextual Policy Enforcement in Android Applications with Permission Event Graphs. In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS'13), February 2013.
8. M. Conti, V. T. N. Nguyen, and B. Crispo. CRePE: Context-Related Policy Enforcement for Android. In Proceedings of the 13th International Conference on Information Security (ISC'10), October 2010.
9. L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy. Privilege Escalation Attacks on Android. In Proceedings of the 13th International Conference on Information Security (ISC'10), October 2011.
10. B. Davis, B. Sanders, A. Khodaverdian, and H. Chen. I-ARM-Droid: A Rewriting Framework for In-App Reference Monitors for Android Applications. In Proceedings of the Mobile Security Technologies Workshop (MoST'12), May 2012.
11. M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In Proceedings of 18th Annual Network and Distributed System Security Symposium (NDSS'11), February 2011.
12. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI'10), October 2010.
13. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A Study of Android Application Security. In Proceedings of the 20th Usenix Security Symposium, August 2011.
14. W. Enck, M. Ongtang, and P. McDaniel. On Lightweight Mobile Phone Application Certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS'09), November 2009.
15. A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android Permissions Demystified. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS'11), October 2011.
16. A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission Re-delegation: Attacks and Defenses. In Proceedings of the 20th USENIX Security Symposium, August 2011.
17. C. Gibler, J. Crussell, J. Erickson, and H. Chen. AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale. In Proceedings of the 5th International Conference on Trust and Trustworthy Computing (TRUST'12), June 2012.
18. M. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic Detection of Capability Leaks in Stock Android Smartphones. In Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS'12), February 2012.
19. P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These Aren't The Droids You're Looking For: Retrofitting Android to Protect Data from Imperious Applications. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS'11), October 2011.
20. C. Inc. Hp fortify source code analyzer. http://www.cigital.com/training/ elearning/fortify-source-code-analyzer.
21. J. Kim, Y. Yoon, K. Yi, and J. Shin. SCANDAL: Static Analyzer for Detecting Privacy Leaks in Android Applications. In Proceedings of the Mobile Security Technologies Workshop (MoST'12), May 2012.
22. M. Lange, S. Liebergeld, A. Lackorzynski, A. Warg, and M. Peter. L4Android: A Generic Operating System Framework for Secure Smartphones. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM'11), October 2011.
23. B. Livshits and J. Jung. Automatic Mediation of Privacy-Sensitive Resource Access in Smartphone Applications. In Proceedings of the 22th Usenix Security Symposium, August 2013.
24. L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang. CHEX: statically vetting Android apps for component hijacking vulnerabilities. In Proceedings of the 2012 ACM Conferenceon Computer and Communications Security (CCS'12), October 2012.
25. C. Mann and A. Starostin. A Framework for Static Detection of Privacy Leaks in Android Applications. In Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC'12), March 2012.
26. M. Martin, B. Livshits, and M. S. Lam. Finding Application Errors and Security Flaws Using PQL: A Program Query Language. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications (OOPSLA'05), October 2005.
27. M. Nauman, S. Khan, and X. Zhang. Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS'10), April 2010.
28. D. Octeau, S. Jha, and P. McDaniel. Retargeting Android Applications to Java Bytecode. In Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering (FSE'12), November 2012.
29. M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically Rich Application-Centric Security in Android. In Proceedings of the 2009 Annual Computer Security Applications Conference (ACSAC'09), December 2009.
30. S. Shekhar, M. Dietz, and D. S. Wallach. AdSplit: Separating Smartphone Advertising from Applications. In Proceedings of the 20th Usenix Security Symposium, August 2012.
31. C. Wu, Y. Zhou, K. Patel, Z. Liang, and X. Jiang. AirBag: Boosting Smartphone Resistance to Malware Infection. In Proceedings of the 21th Annual Network and Distributed System Security Symposium (NDSS'14), February 2014.
32. R. Xu, H. Saïdi, and R. Anderson. Aurasium: Practical Policy Enforcement for Android Applications. In Proceedings of the 21st USENIX Conference on Security Symposium, August 2012.
33. W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks. In Proceedings of the 15th Conference on USENIX Security Symposium, July 2006.
34. Z. Yang, M. Yang, Y. Zhang, G. Gu, P. Ning, and X. S. Wang. AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS'13), November 2013.
35. M. Zhang and H. Yin. AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications. In Proceedings of the 21th Annual Network and Distributed System Security Symposium (NDSS'14), February 2014.
36. Y. Zhou and X. Jiang. Dissecting Android Malware: Characterization and Evolution. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (Oakland'12), May 2012.
37. Y. Zhou and X. Jiang. Detecting Passive Content Leaks and Pollution in Android Applications. In Proceedings of the 20th Network and Distributed System Security Symposium (NDSS'13), February 2013.
38. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In Proceedings of 19th Annual Network and Distributed System Security Symposium (NDSS'12), February 2012.
39. Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh. Taming Information-Stealing Smartphone Applications (on Android). In Proceedings of the 4th International Conference on Trust and Trustworthy Computing (TRUST'11), June 2011.