SpanDex: Secure password tracking for android

Proceedings of the 23rd USENIX Security Symposium

Volumn , Issue , 2014, Pages 481-494

  Cox, Landon P ^a   Gilbert, Peter ^a   Lawler, Geoffrey ^a   Pistol, Valentin ^a   Razeen, Ali ^a   Wu, Bi ^a   Cheemalapati, Sai ^a  

^a DUKE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANDROID (OPERATING SYSTEM); AUTHENTICATION; POLYURETHANES;

AMOUNT OF INFORMATION; CONTROL FLOWS; DALVIK VIRTUAL MACHINES; IMPLICIT INFORMATION FLOWS; SENSITIVE DATAS; SYMBOLIC EXECUTION; TECHNICAL CHALLENGES; UNTRUSTED CODE;

MOBILE SECURITY;

EID: 85026653947     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (24)

1. Smali: An assembler/disassembler for android's dex format, 2013.
2. Apple. iphone 5s, 2013.
3. P. Bright. Sony hacked yet again, plaintext passwords, e-mails, dob posted, 2011.
4. L. Cavallaro, P. Saxena, and R. Sekar. On the limits of information flow techniques for malware analysis and containment. In DIMVA '08, 2008.
5. J. Clause, W. Li, and A. Orso. Dytan: a generic dynamic taint analysis framework. In ISSTA '07, 2007.
6. David Malone and Kevin Maher. Investigating the Distribution of Password Choices. In WWW '12, April 2012.
7. Dazzlepod. Uniqpass v11, 2013.
8. D. E. Denning. A lattice model of secure information flow. Commun. ACM, 19(5):236-243, May 1976.
9. P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and event processes in the asbestos operating system. In SOSP '05, 2005.
10. M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2011.
11. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI'10, 2010.
12. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang. Riskranker: scalable and accurate zero-day android malware detection. In MobiSys '12, 2012.
13. X. Jiang. Smishing vulnerability in multiple android platforms, 2012.
14. M. G. Kang, S. McCamant, P. Poosankam, and D. Song. DTA++: Dynamic taint analysis with targeted control-flow propagation. In NDSS '11, 2011.
15. M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information flow control for standard OS abstractions. In SOSP '07, 2007.
16. B. W. Lampson. Hints for computer system design. SIGOPS Oper. Syst. Rev., 17(5):33-48, Oct. 1983.
17. D. Liu, E. Cuervo, V. Pistol, R. Scudellari, and L. P. Cox. Screenpass: Secure password entry on touchscreen devices. In MobiSys '13, 2013.
18. S. McCamant and M. D. Ernst. Quantitative information flow as network flow capacity. SIGPLAN Not., 43(6):193-205, June 2008.
19. J. Newsome. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In NDSS '05, 2005.
20. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21:2003, 2003.
21. L. Segall. Gawker data exposed in major hack attack, 2010.
22. A. Slowinska and H. Bos. Pointless tainting? evaluating the practicality of pointer tainting. In EuroSys '09, 2009.
23. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In OSDI '06, 2006.
24. Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In IEEE SP '12, 2012.