Identifying vulnerabilities of SSL/TLS certificate verification in Android apps with static and dynamic analysis
作者: Yingjie Wang , Guangquan Xu , Xing Liu , Weixuan Mao , Chengxiang Si
DOI: 10.1016/J.JSS.2020.110609
关键词:
摘要: Many Android developers fail to properly implement SSL/TLS during the development of an app, which may result in Man-In-The-Middle (MITM) attacks or phishing attacks. In this work …
sci-hub.st 参考文章(57)
Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong, Xinhui Han, Wei Zou, SmartDroid Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '12. pp. 93- 104 ,(2012) , 10.1145/2381934.2381950
Damien Octeau, Siegfried Rasthofer, Yves Le Traon, Tegawende F. Bissyande, Eric Bodden, Alexandre Bartel, Patrick McDaniel, Steven Arzt, Jacques Klein, Li Li, IccTA: detecting inter-component privacy leaks in Android apps international conference on software engineering. ,vol. 1, pp. 280- 291 ,(2015) , 10.5555/2818754.2818791
Wei Wang, Xing Wang, Dawei Feng, Jiqiang Liu, Zhen Han, Xiangliang Zhang, Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection IEEE Transactions on Information Forensics and Security. ,vol. 9, pp. 1869- 1882 ,(2014) , 10.1109/TIFS.2014.2353996
Wei Wang, Xiangliang Zhang, Sylvain Gombault, Constructing attribute weights from computer audit data for effective intrusion detection Journal of Systems and Software. ,vol. 82, pp. 1974- 1981 ,(2009) , 10.1016/J.JSS.2009.06.040
Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith, Lars Baumgärtner, Bernd Freisleben, Why eve and mallory love android Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 50- 61 ,(2012) , 10.1145/2382196.2382205
Wei Wang, Xiaohong Guan, Xiangliang Zhang, Liwei Yang, Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data Computers & Security. ,vol. 25, pp. 539- 550 ,(2006) , 10.1016/J.COSE.2006.05.005
Wei Wang, Xiaohong Guan, Xiangliang Zhang, Profiling program and user behaviors for anomaly intrusion detection based on non-negative matrix factorization conference on decision and control. ,vol. 1, pp. 99- 104 ,(2004) , 10.1109/CDC.2004.1428613
Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, Vitaly Shmatikov, The most dangerous code in the world Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 38- 49 ,(2012) , 10.1145/2382196.2382204
J. Clark, P. C. van Oorschot, SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements ieee symposium on security and privacy. pp. 511- 525 ,(2013) , 10.1109/SP.2013.41
W. Wang, R. Battiti, Identifying intrusions in computer networks with principal component analysis availability, reliability and security. pp. 270- 279 ,(2006) , 10.1109/ARES.2006.73