238 Hits in 4.2 sec

Automatically Exploiting Potential Component Leaks in Android Applications

Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon
2014 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications  
PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak.  ...  We present PCLeaks, a tool based on intercomponent communication (ICC) vulnerabilities to perform dataflow analysis on Android applications to find potential component leaks (e.g., another component can  ...  ContentScope also detects content pollution in Android applications, which is not handled currently by PCLeaks.  ... 
doi:10.1109/trustcom.2014.50 dblp:conf/trustcom/LiBKT14 fatcat:miwicwsqrvh6djwp33zfwqfb3y

An effective access control scheme for preventing permission leak in Android

Longfei Wu, Xiaojiang Du, Hongli Zhang
2015 2015 International Conference on Computing, Networking and Communications (ICNC)  
In the Android system, each application runs in its own sandbox, and the permission mechanism is used to enforce access control to the system APIs and applications.  ...  SPAC has been implemented on a Nexus 4 smartphone, and our evaluation demonstrates its effectiveness in mitigating permission leak vulnerabilities.  ...  [5] study the passive content leaks and pollution in content provider.  ... 
doi:10.1109/iccnc.2015.7069315 dblp:conf/iccnc/WuDZ15 fatcat:l7tsymoz6nfktcgd6gsalxrosq

A novel hybrid method to analyze security vulnerabilities in Android applications

Junwei Tang, Ruixuan Li, Kaipeng Wang, Xiwu Gu, Zhiyong Xu
2020 Tsinghua Science and Technology  
We propose a novel hybrid method to analyze the security vulnerabilities in Android applications.  ...  Our hybrid method can effectively analyze nine major categories of important security vulnerabilities in Android applications.  ...  Zhou and Jiang [1] mainly focused on content provider component and discovered two security vulnerabilities related to content providers, namely, passive content leak and content pollution, which may  ... 
doi:10.26599/tst.2019.9010067 fatcat:udxcnk7pona7rnakt5weqxup5i

Comparing Capability of Static Analysis Tools to Detect Security Weaknesses in Mobile Applications

Tosin Daniel Oyetoyan, Marcos Lordello Chaim
2017 European Symposium on Research in Computer Security  
In this preliminary study we investigate the detection capability of mainstream vs. Android-specific tools to guide decision-making during tools' selection.  ...  Malicious applications are constant threats to user data on smartphones as they could sniff or manipulate them by exploiting software weaknesses in legitimate mobile applications.  ...  Jiang, Y.Z.X., Xuxian, Z.: Detecting passive content leaks and pollution in android applications. In: Proceedings of the th Network and Distributed System Security Symposium (NDSS) ( ) .  ... 
dblp:conf/esorics/OyetoyanC17 fatcat:b2fuaevea5hj7dsimvoynjzngy

The impact of vendor customizations on android security

Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
Finally, in vulnerability analysis, we detect buggy pre-loaded apps that can be exploited to mount permission re-delegation attacks or leak private information.  ...  Such provenance analysis allows for proper attribution of detected security issues in the examined Android images.  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the NSF.  ... 
doi:10.1145/2508859.2516728 dblp:conf/ccs/WuGZWJ13 fatcat:bo5ynxv6wvdsno2733lpxleysq

FineDroid: Enforcing Permissions with System-Wide Application Execution Context [chapter]

Yuan Zhang, Min Yang, Guofei Gu, Hao Chen
2015 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
To protect sensitive resources from unauthorized use, modern mobile systems, such as Android and iOS, design a permission-based access control model.  ...  First, any code package in an application could use the granted permissions, inducing attackers to embed malicious payloads into benign apps.  ...  This kind of attack has been verified in several forms, such as capability leak [20, 21, 36] , component hijacking [24] , content leak and pollution [41] .  ... 
doi:10.1007/978-3-319-28865-9_1 fatcat:27k3zfwalba4tehul6kn6dqfgi

Self-protection of Android systems from inter-component communication attacks

Mahmoud Hammad, Joshua Garcia, Sam Malek
2018 Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering - ASE 2018  
in [89] , privilege escalation attack discussed in [111] , passive data leak and content pollution attacks presented in [135] , and identical custom permission attack explained in [70] .  ...  Passive Data Leak Android apps store their sensitive data in database components called Content Providers.  ...  The experimental evaluations show that RevealDroid achieves an accuracy of 98% in detection of malware and an accuracy of 95% in determination of their families.  ... 
doi:10.1145/3238147.3238207 dblp:conf/kbse/HammadGM18 fatcat:qht4e54ehjfltlht6wjuwzsata

Software engineering techniques for statically analyzing mobile apps: research trends, characteristics, and potential for industrial adoption

Marco Autili, Ivano Malavolta, Alexander Perucci, Gian Luca Scoccia, Roberto Verdecchia
2021 Journal of Internet Services and Applications  
study aimed at identifying, evaluating and classifying characteristics, trends and potential for industrial adoption of existing research in static analysis of mobile apps.  ...  The results of this study give a solid foundation for assessing existing and future approaches for static analysis of mobile apps, especially in terms of their industrial adoptability.Researchers and practitioners  ...  Availability of data and materials The datasets analysed during the current study are available in the github repository, mobile-static-analysis-replication-package.  ... 
doi:10.1186/s13174-021-00134-x fatcat:mlzjbkdi7fhezisn3tcv7wzlbi

Attacks on Android Clipboard [chapter]

Xiao Zhang, Wenliang Du
2014 Lecture Notes in Computer Science  
In this paper, we perform a thorough study on the risks imposed by the globally accessible Android Clipboard.  ...  Furthermore, it can also cause phishing attacks, including web phishing and app phishing. Data stealing happens when sensitive data copied into the clipboard is accessed by malicious applications.  ...  [54] analyze a large number of applications to assess the prevalence of content provider vulnerabilities in Android.  ... 
doi:10.1007/978-3-319-08509-8_5 fatcat:2r5slrevxnfvte7evw7pjxxvby


Min Zheng, Mingshen Sun, John C.S. Lui
2014 Proceedings of the 9th ACM symposium on Information, computer and communications security - ASIA CCS '14  
Android mobile devices are enjoying a lion's market share in smartphones and mobile devices. This also attracts malware writers to target the Android platform.  ...  To understand the impact of this new malware distribution channel, we analyze 250 Android firmwares and 24,009 pre-installed applications.  ...  in countries content leaks and pollution in Android applications.  ... 
doi:10.1145/2590296.2590313 dblp:conf/ccs/ZhengSL14 fatcat:2lwwztwmrzb53ecbrhovb7f2ce

A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android Software

Alireza Sadeghi, Hamid Bagheri, Joshua Garcia, Sam Malek
2017 IEEE Transactions on Software Engineering  
While existing research has made significant progress towards detection and mitigation of Android security, gaps and challenges remain.  ...  In parallel with the meteoric rise of mobile software, we are witnessing an alarming escalation in the number and sophistication of the security threats targeted at mobile platforms, particularly Android  ...  ACKNOWLEDGMENTS This work was supported in part by awards CCF-1252644, CNS-1629771 and CCF-1618132 from the National Science Foundation, D11AP00282 from the Defense Advanced Research Projects Agency, W911NF  ... 
doi:10.1109/tse.2016.2615307 fatcat:lf4auma3fbe6thk4bxxsvasg4u

On the Privacy and Security of the Ultrasound Ecosystem

Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico Maggi, Christopher Kruegel, Giovanni Vigna
2017 Proceedings on Privacy Enhancing Technologies  
This technology is already utilized in a number of different real-world applications, such as device pairing, proximity detection, and cross-device tracking.  ...  In particular, we introduce a browser extension and an Android permission that enable the user to selectively suppress frequencies falling within the ultrasonic spectrum.  ...  Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the author(s) and do not necessarily reflect the views of NSF or Secure Business Austria.  ... 
doi:10.1515/popets-2017-0018 dblp:journals/popets/MavroudisHFMKV17 fatcat:oouykfzv4bffjc5ghsiy3e6dki

Analyzing inter-application communication in Android

Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner
2011 Proceedings of the 9th international conference on Mobile systems, applications, and services - MobiSys '11  
We examine Android application interaction and identify security risks in application components. We provide a tool, ComDroid, that detects application communication vulnerabilities.  ...  ComDroid can be used by developers to analyze their own applications before release, by application reviewers to analyze applications in the Android Market, and by end users.  ...  Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of the National Science Foundation.  ... 
doi:10.1145/1999995.2000018 dblp:conf/mobisys/ChinFGW11 fatcat:eildcftygra2lidwpeol7vhxr4

An Automated Approach for Privacy Leakage Identification in IoT Apps [article]

Bara' Nazzal, Manar H. Alalfi
2022 arXiv   pre-print
provide security auditors with an effective and precise tool to pinpoint security issues in SmartThings apps under test.  ...  This shows an improvement in performance both in terms of speed up to 4 folds, as well as improving the precision avoiding false positives by providing a higher level of flow and path sensitivity analysis  ...  ContentScope specifically tries to detect two vulnerabilities, passive content leak and content pollution and uses the analyses to determine their prevalence in Android markets.  ... 
arXiv:2202.02895v1 fatcat:r7nh2wk4xrcgzi3l4okssiiopi

Intelligent monitoring system for biogas detection based on the Internet of Things: Mohammedia, Morocco city landfill case

Jamal Mabrouki, Mourade Azrour, Ghizlane Fattah, Driss Dhiba, Souad El Hajjaji
2021 Big Data Mining and Analytics  
Measurement results carried out at various sites of the landfill in the city of Mohammedia by the system show that the biogas contents present dangers and sanitary risks which are of another order.  ...  Through burning, biogas from mechanization reduces gas pollution from fermentation by a factor of 20.  ...  In our days, we need high-performance biogas detection systems that have been growing steadily for several years in various fields, from analytical chemistry to the detection of gas leaks in domestic appliances  ... 
doi:10.26599/bdma.2020.9020017 fatcat:scgzr7sy5zhhtomyiodp6pscwi
« Previous Showing results 1 — 15 out of 238 results