Taming information-stealing smartphone applications (on Android)
作者: Yajin Zhou , Xinwen Zhang , Xuxian Jiang , Vincent W. Freeh
DOI: 10.1007/978-3-642-21599-5_7
关键词:
摘要: Smartphones have been becoming ubiquitous and mobile users are increasingly relying on them to store handle personal information. However, recent studies also reveal the disturbing fact that users' information is put at risk by (rogue) smartphone applications. Existing solutions exhibit limitations in their capabilities taming these privacy-violating In this paper, we argue for need of a new privacy mode smartphones. The can empower flexibly control fine-grained manner what kinds will be accessible an application. Also, granted access dynamically adjusted runtime better suit user's needs various scenarios (e.g., different time or location). We developed system called TISSA implements such Android. evaluation with more than dozen information-leaking Android applications demonstrates its effectiveness practicality. Furthermore, our shows introduces negligible performance overhead.
springer.com
wsj.com 
acm.org 
researchgate.net 参考文章(13)
Stephen Chong, David Naumann, Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security programming language design and implementation. ,(2009)
Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna, PiOS : Detecting privacy leaks in iOS applications network and distributed system security symposium. ,(2011)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Lieven Desmet, Wouter Joosen, Fabio Massacci, Pieter Philippaerts, Frank Piessens, Ida Siahaan, Dries Vanoverberghe, Security-by-contract on the .NET platform Information Security Technical Report. ,vol. 13, pp. 25- 32 ,(2008) , 10.1016/J.ISTR.2008.02.001
A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, C. Glezer, Google Android: A Comprehensive Security Assessment ieee symposium on security and privacy. ,vol. 8, pp. 35- 44 ,(2010) , 10.1109/MSP.2010.2
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691
Alastair R. Beresford, Andrew Rice, Nicholas Skehin, Ripduman Sohan, MockDroid Proceedings of the 12th Workshop on Mobile Computing Systems and Applications - HotMobile '11. pp. 49- 54 ,(2011) , 10.1145/2184489.2184500
Avik Chaudhuri, Language-based security on Android Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security - PLAS '09. pp. 1- 7 ,(2009) , 10.1145/1554339.1554341
William Enck, Machigar Ongtang, Patrick McDaniel, Understanding Android Security ieee symposium on security and privacy. ,vol. 7, pp. 50- 57 ,(2009) , 10.1109/MSP.2009.26
Mohammad Nauman, Sohail Khan, Xinwen Zhang, Apex: extending Android permission model and enforcement with user-defined runtime constraints computer and communications security. pp. 328- 332 ,(2010) , 10.1145/1755688.1755732