Ghera: A Repository of Android App Vulnerability Benchmarks
作者: Joydeep Mitra , Venkatesh-Prasad Ranganath
关键词: Mobile apps 、 Android app 、 Computer science 、 Vulnerability 、 Computer security 、 Android (operating system) 、 World Wide Web
摘要: Security of mobile apps affects the security their users. This has fueled development techniques to automatically detect vulnerabilities in and help developers secure apps; specifically, context Android platform due openness ubiquitousness platform. Despite a slew research efforts this space, there is no comprehensive repository up-to-date lean benchmarks that contain most known app and, consequently, can be used rigorously evaluate both existing new vulnerability detection learn about vulnerabilities. In paper, we describe Ghera, an open source capture 25 (as pairs exploited/benign exploiting/malicious apps). We also present desirable characteristics repositories uncovered while creating Ghera.
arxiv.org
sci-hub.se 参考文章(12)
Adam Bates, Kevin R. B. Butler, Bradley Reaves, Patrick Traynor, Nolen Scaife, Mo(bile) money, mo(bile) problems: analysis of branchless banking applications in the developing world usenix security symposium. pp. 17- 32 ,(2015)
Yinzhi Cao, Yanick Fratantonio, Antonio Bianchi, Manuel Egele, Christopher Kruegel, Giovanni Vigna, Yan Chen, EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23140
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner, Analyzing inter-application communication in Android Proceedings of the 9th international conference on Mobile systems, applications, and services - MobiSys '11. pp. 239- 252 ,(2011) , 10.1145/1999995.2000018
Fengguo Wei, Sankardas Roy, Xinming Ou, Robby, Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps computer and communications security. pp. 1329- 1341 ,(2014) , 10.1145/2660267.2660357
Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith, Lars Baumgärtner, Bernd Freisleben, Why eve and mallory love android Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 50- 61 ,(2012) , 10.1145/2382196.2382205
Yajin Zhou, Xuxian Jiang, Dissecting Android Malware: Characterization and Evolution ieee symposium on security and privacy. pp. 95- 109 ,(2012) , 10.1109/SP.2012.16
Edward Garcia, Jason Nieh, Nicolas Viennot, A measurement study of google play measurement and modeling of computer systems. ,vol. 42, pp. 221- 233 ,(2014) , 10.1145/2591971.2592003
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, Patrick McDaniel, FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps programming language design and implementation. ,vol. 49, pp. 259- 269 ,(2014) , 10.1145/2594291.2594299
Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, Heng Yin, Attacks on WebView in the Android system annual computer security applications conference. pp. 343- 352 ,(2011) , 10.1145/2076732.2076781
Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon, AndroZoo: collecting millions of Android apps for the research community mining software repositories. pp. 468- 471 ,(2016) , 10.1145/2901739.2903508