Logo des Repositoriums
 

How useful are existing monitoring languages for securing android apps?

dc.contributor.authorArzt, Steven
dc.contributor.authorFalzon, Kevin
dc.contributor.authorFollner, Andreas
dc.contributor.authorRasthofer, Siegfried
dc.contributor.authorBodden, Eric
dc.contributor.authorStolz, Volker
dc.contributor.editorWagner, Stefan
dc.contributor.editorLichter, Horst
dc.date.accessioned2018-10-24T10:00:39Z
dc.date.available2018-10-24T10:00:39Z
dc.date.issued2013
dc.description.abstractThe Android operating system is currently dominating the mobile device market in terms of penetration and growth rate. An important contributor to its success are a wealth of cheap and easy-to-install mobile applications, known as apps. Today, installing untrusted apps is the norm, though this comes with risks: malware is ubiquitous and can easily leak confidential and sensitive data. In this work, we investigate the extent to which we can specify complex information flow properties using existing specification languages for runtime monitoring, with the goal to encapsulate potentially harmful apps and prevent private data from leaking. By modelling a set of representative, Android-specific security policies with Tracematches, JavaMOP, Dataflow Pointcuts and PQL, we are able to identify policylanguage features that are crucial for effectively defining runtime-enforceable Android security properties. Our evaluation demonstrates that while certain property languages suit our purposes better than others, they all lack essential features that would, if present, allow users to provide effective security guarantees about apps. We discuss those shortcomings and propose several possible mechanisms to overcome them.en
dc.identifier.isbn978-3-88579-609-1
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/17418
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofSoftware Engineering 2013 - Workshopband
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-215
dc.titleHow useful are existing monitoring languages for securing android apps?en
dc.typeText/Conference Paper
gi.citation.endPage122
gi.citation.publisherPlaceBonn
gi.citation.startPage107
gi.conference.date26. Februar-1. März 2013
gi.conference.locationAachen
gi.conference.sessiontitleRegular Research Papers

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
107.pdf
Größe:
155.89 KB
Format:
Adobe Portable Document Format