A Usage-Pattern Perspective for Privacy Ranking of Android Apps
作者: Xiaolei Li , Xinshu Dong , Zhenkai Liang
DOI: 10.1007/978-3-319-13841-1_14
关键词: Private information retrieval 、 Internal logic 、 Android (operating system) 、 Static analysis 、 World Wide Web 、 Permission 、 Computer science
摘要: Android applies a permission-based model to regulate applications (apps). When users grant apps permissions access their sensitive data, they cannot control how the utilize data. Existing taint-based techniques only detect presence of exfiltration flow for but much data are leaked. Users need more intuitive measures inform them which going leak private information. In this paper, we take an alternative approach identifying apps’ internal logic about We define such as sequence operations on named usage pattern. build static analysis tool automatically extract patterns from apps. Our evaluation shows that our effectively and efficiently identifies key thus ranks according different patterns.
springer.com
sci-hub.st 参考文章(18)
Kristopher K. Micinski, Jinseong Jeon, Jeffrey S. Foster, SymDroid: Symbolic Execution for Dalvik Bytecode ,(2012)
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Clint Gibler, Jonathan Crussell, Jeremy Erickson, Hao Chen, AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale trust and trustworthy computing. pp. 291- 307 ,(2012) , 10.1007/978-3-642-30921-2_17
Lok Kwong Yan, Heng Yin, DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis usenix security symposium. pp. 29- 29 ,(2012)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Johannes Hoffmann, Martin Ussath, Thorsten Holz, Michael Spreitzenbarth, Slicing droids: program slicing for smali code acm symposium on applied computing. pp. 1844- 1851 ,(2013) , 10.1145/2480362.2480706
Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, Guofei Jiang, CHEX Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 229- 240 ,(2012) , 10.1145/2382196.2382223
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang, The impact of vendor customizations on android security computer and communications security. pp. 623- 634 ,(2013) , 10.1145/2508859.2516728
Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, David Wagner, Android permissions: user attention, comprehension, and behavior symposium on usable privacy and security. pp. 3- ,(2012) , 10.1145/2335356.2335360
V. Sarkar, D. Sbirlea, M. G. Burke, S. Guarnieri, M. Pistoia, Automatic detection of inter-application permission leaks in Android applications Journal of Reproduction and Development. ,vol. 57, pp. 2- ,(2013) , 10.1147/JRD.2013.2284403