A framework for static detection of privacy leaks in android applications
作者: Christopher Mann , Artem Starostin
关键词: Computer science 、 Android (operating system) 、 Privacy policy 、 Computer security 、 Static analysis 、 Privacy software
摘要: We report on applying techniques for static information flow analysis to identify privacy leaks in Android applications. have crafted a framework which checks with the help of security type system whether Dalvik bytecode implementation an app conforms given policy. carefully analyzed API possible sources and sinks private data identified exemplary policies based this. demonstrate applicability our two case studies showing detection leaks.
acm.org
tu-darmstadt.de
core.ac.uk 
sci-hub.se 参考文章(11)
William Enck, Defending users against smartphone apps: techniques and future directions international conference on information systems security. pp. 49- 70 ,(2011) , 10.1007/978-3-642-25560-1_3
Ricardo Medel, Adriana Compagnoni, Eduardo Bonelli, A Typed Assembly Language for Non-interference Lecture Notes in Computer Science. pp. 360- 374 ,(2005) , 10.1007/11560586_29
Samir Genaim, Fausto Spoto, Information Flow Analysis for Java Bytecode Lecture Notes in Computer Science. ,vol. 3385, pp. 346- 362 ,(2005) , 10.1007/978-3-540-30579-8_23
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Fred B. Schneider, Enforceable security policies ACM Transactions on Information and System Security. ,vol. 3, pp. 30- 50 ,(2000) , 10.1145/353323.353382
Jay Ligatti, Lujo Bauer, David Walker, Edit automata: enforcement mechanisms for run-time security policies International Journal of Information Security. ,vol. 4, pp. 2- 16 ,(2005) , 10.1007/S10207-004-0046-8
Gilles Barthe, David Pichardie, Tamara Rezk, A certified lightweight non-interference java bytecode verifier european symposium on programming. pp. 125- 140 ,(2007) , 10.1007/978-3-540-71316-6_10
Dorothy E Denning, Peter J Denning, None, Certification of programs for secure information flow Communications of the ACM. ,vol. 20, pp. 504- 513 ,(1977) , 10.1145/359636.359712
J. Van Leeuwen, Handbook of theoretical computer science ,(1990)
Dennis Volpano, Cynthia Irvine, Geoffrey Smith, A sound type system for secure flow analysis Journal of Computer Security. ,vol. 4, pp. 167- 187 ,(1996) , 10.3233/JCS-1996-42-304