Automatically securing permission-based software by reducing the attack surface: an application to Android

Bartel, Alexandre; Klein, Jacques; Traon, Yves Le; Monperrus, Martin

doi:10.1145/2351676.2351722

Cited by 111 publications

(68 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Except privacy leaks detection, there has been a rich body of work on other Android security issues [9], [12], [18], [20], [23], [51] such as energy bugs [15], [32] and SSL vulnerabilities [19], [41]. Our work can complement their research by providing a highly precise control-flow graph to enable them to perform inter-component data-flow analysis and consequently to get better results.…”

Section: Related Workmentioning

confidence: 99%

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

Bartel

Bissyandé³

et al. 2015

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering

Self Cite

376

360

View full text Add to dashboard Cite

Abstract-Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record user conversations and upload them remotely. To give more confidence about how Shake Them All actually processes what it records, it is necessary to build a precise analysis tool that tracks the flow of any sensitive data from its source point to any sink, especially if those are in different components.Since Android applications may leak private data carelessly or maliciously, we propose IccTA, a static taint analyzer to detect privacy leaks among components in Android applications. IccTA goes beyond state-of-the-art approaches by supporting intercomponent detection. By propagating context information among components, IccTA improves the precision of the analysis. IccTA outperforms existing tools on two benchmarks for ICC-leak detectors: DroidBench and ICC-Bench. Moreover, our approach detects 534 ICC leaks in 108 apps from MalGenome and 2,395 ICC leaks in 337 apps in a set of 15,000 Google Play apps.

show abstract

Section: Related Workmentioning

confidence: 99%

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

Bartel

Bissyandé³

et al. 2015

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering

Self Cite

376

360

View full text Add to dashboard Cite

show abstract

“…Stowaway [23] and COPES [16] are designed to find those apps that request more permissions than they need. PScout [15] analyzes the usage trend of permissions in Android apps.…”

Section: Evaluation Resultsmentioning

confidence: 99%

DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications

Yang

et al. 2014

Computer Security - ESORICS 2014

168

120

View full text Add to dashboard Cite

Most existing malicious Android app detection approaches rely on manually selected detection heuristics, features, and models. In this paper, we describe a new, complementary system, called DroidMiner, which uses static analysis to automatically mine malicious program logic from known Android malware, abstracts this logic into a sequence of threat modalities, and then seeks out these threat modality patterns in other unknown (or newly published) Android apps. We formalize a two-level behavioral graph representation used to capture Android app program logic, and design new techniques to identify and label elements of the graph that capture malicious behavioral patterns (or malicious modalities). After the automatic learning of these malicious behavioral models, DroidMiner can scan a new Android app to (i) determine whether it contains malicious modalities, (ii) diagnose the malware family to which it is most closely associated, (iii) and provide further evidence as to why the app is considered to be malicious by including a concise description of identified malicious behaviors. We evaluate DroidMiner using 2,466 malicious apps, identified from a corpus of over 67,000 third-party market Android apps, plus an additional set of over 10,000 official market Android apps. Using this set of real-world apps, we demonstrate that DroidMiner achieves a 95.3% detection rate, with only a 0.4% false positive rate. We further evaluate DroidMiner's ability to classify malicious apps under their proper family labels, and measure its label accuracy at 92%.

show abstract

“…Clearly, users prefer applications with minimum set of permissions. This protection mechanism is often error-prone and in most of the cases developers end up using permissions they do not require in their code, or the opposite [4].…”

Section: Issues When Designing An Android Applicationmentioning

confidence: 99%

A high-level modeling language for the efficient design, implementation, and testing of Android applications

Jaber

Falcone

Dak-Al-Bab

et al. 2016

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

Abstract. Developing mobile applications remains difficult, time consuming, and error-prone, in spite of the number of existing platforms and tools. In this paper, we define MoDroid, a high-level modeling language to ease the development of Android applications. MoDroid allows developing models representing the core of applications. MoDroid provides Android programmers with the following advantages: (1) Models are built using highlevel primitives that abstract away several implementation details; (2) It allows the definition of interfaces between models to automatically compose them; (3) Java native android can be automatically generated along with the required permissions; (4) It supports efficient model-based testing that operates on models. MoDroid is fully implemented and was used to develop several non-trivial Android applications.

show abstract

Automatically securing permission-based software by reducing the attack surface: an application to Android

Cited by 111 publications

References 25 publications

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications

A high-level modeling language for the efficient design, implementation, and testing of Android applications

Contact Info

Product

Resources

About