EviCheck: Digital Evidence for Android

Seghir, Mohamed Nassim; Aspinall, David

doi:10.1007/978-3-319-24953-7_17

Cited by 6 publications

(4 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…a) Implementation: We have implemented the checker, which runs on mobile devices, as part of our tool EviCheck [24] 2 . EviCheck accepts apps directly in bytecode (APK) format and uses Androguard [12] as back-end for parsing them.…”

Section: Implementation and Experimentsmentioning

confidence: 99%

See 1 more Smart Citation

Certified Lightweight Contextual Policies for Android

Seghir¹,

Aspinall

Mareková³

2016

2016 IEEE Cybersecurity Development (SecDev)

Self Cite

View full text Add to dashboard Cite

Security in Android applications is enforced with access control policies implemented via permissions giving access to different resources on the phone. These permissions are often too coarse and their attribution is based on an all-or-nothing decision on most of Android distributions. How can we grant permissions and be sure they will not be misused? We propose a policy-based lightweight approach for the verification and certification of Android applications with respect to a given policy. It consists of a verifier running on a conventional computer and a checker residing on an Android mobile device. The verifier applies static analysis to show the conformance between an application and a given policy. It also generates a certificate asserting the validity of the analysis result. The checker, on a mobile device, can then check the validity of the certificate to confirm of refute the fulfilment of the policy by the application before installing it. This scheme represents a potential future model for app stores where apps are equipped with policies and checkable evidence. We have implemented our approach, we report on the preliminary results obtained for a set of popular real-world applications.

show abstract

Section: Implementation and Experimentsmentioning

confidence: 99%

“…Hence, we are able to directly perform it on mobile devices which are relatively limited in terms of resources. We have extended our tool EviCheck [24] with this new operational scheme (check on device). We report on the results obtained for a set of real-world applications.…”

Section: Introductionmentioning

confidence: 99%

Certified Lightweight Contextual Policies for Android

Seghir¹,

Aspinall

Mareková³

2016

2016 IEEE Cybersecurity Development (SecDev)

Self Cite

View full text Add to dashboard Cite

show abstract

“…In other words: it exists at least one method matching c from which r is transitively called (reachable). To address such a query, we compute the transitive closure of the call graph [9]. We propagate permissions (APIs) backwards from callees to callers until we reach a fixpoint.…”

Section: Application Abstractionmentioning

confidence: 99%

“…Our work complements such tools by providing the automatic means for inferring the properties to be checked. Hence, DroidGen can serve as a front-end for a verification tool such as EviCheck [9] to keep the user completely out of the loop.…”

Section: Related Workmentioning

confidence: 99%

DroidGen: Constraint-based and Data-Driven Policy Generation for Android

Seghir,

Aspinall

2016

Preprint

Self Cite

View full text Add to dashboard Cite

We present DroidGen a tool for automatic anti-malware policy inference. DroidGen is data-driven: uses a training set of malware and benign applications and makes call to a constraint solver to generate a policy under which a maximum of malware is excluded and a maximum of benign applications is allowed. Preliminary results are encouraging. We are able to automatically generate a policy which filters out 91% of the tested Android malware. Moreover, compared to black-box machine learning classifiers, our method has the advantage of generating policies in a declarative readable format. We illustrate our approach, describe its implementation and report on experimental results.

show abstract