301 Hits in 6.4 sec

On the effectiveness of API-level access control using bytecode rewriting in Android

Hao Hao, Vicky Singh, Wenliang Du
2013 Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security - ASIA CCS '13  
This work is the first systematic study on the effectiveness of using bytecode rewriting for API-level access control.  ...  We have provided a systematic evaluation to assess the effectiveness of API-level access control using bytecode rewriting on Android Operating System.  ...  EFFECTIVENESS OF API LEVEL ACCESS CONTROL To measure the effectiveness of the API-level access control using the methods described above, we need to understand what it is trying to protect and how these  ... 
doi:10.1145/2484313.2484317 dblp:conf/ccs/HaoSD13 fatcat:geln44uynngopptsdqdne6y7ba

URANOS: User-Guided Rewriting for Plugin-Enabled ANdroid ApplicatiOn Security [chapter]

Daniel Schreckling, Stephan Huber, Focke Höhne, Joachim Posegga
2013 Lecture Notes in Computer Science  
URANOS is an Android application which uses syntactical static analysis to determine in which component of an Android application a permission is required.  ...  We show, how users can trigger bytecode rewriting to (de)activate selected or redundant permissions in Android applications without sacrificing functionality.  ...  Acknowledgements The research leading to these results has received funding from the European Union's FP7 project COMPOSE, under grant agreement 317862.  ... 
doi:10.1007/978-3-642-38530-8_4 fatcat:oxlkx7uur5f7vftsnkbhiukoda


Benjamin Davis, Hao Chen
2013 Proceeding of the 11th annual international conference on Mobile systems, applications, and services - MobiSys '13  
automatic app localization, informing users of hidden behavior in apps, and updating apps depending on outdated APIs.  ...  We show that our system is capable of supporting a variety of useful policies, including providing flexible fine-grained network access control, building HTTPS-Everywhere functionality into apps, implementing  ...  Their work is based on a specialized replacement for some privacy-sensitive APIs and use Dalvik bytecode rewriting to modify apps to use their replacement API.  ... 
doi:10.1145/2462456.2464462 dblp:conf/mobisys/DavisC13 fatcat:sgzumimvyneodc5hdendkoc46a

Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps

Bin Liu, Bin Liu, Hongxia Jin, Ramesh Govindan
2015 Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services - MobiSys '15  
Our system, PEDAL, contains a novel machine classifier for detecting ad libraries even in the presence of obfuscated code, and techniques for automatically instrumenting bytecode to effect privilege de-escalation  ...  We evaluate PEDAL on a large set of apps from the Google Play store and demonstrate that it has a 98% accuracy in detecting ad libraries and imposes less than 1% runtime overhead on apps.  ...  Acknowledgements We would like to thank our shepherd, Landon Cox, and the anonymous referees, for their insightful suggestions for improving the technical content and presentation of the paper.  ... 
doi:10.1145/2742647.2742668 dblp:conf/mobisys/LiuLJG15 fatcat:z7d2klkvgna5xoeoq6fse4ulqa

Efficient, context-aware privacy leakage confinement for android applications without firmware modding

Mu Zhang, Heng Yin
2014 Proceedings of the 9th ACM symposium on Information, computer and communications security - ASIA CCS '14  
Besides, no effective mechanism is in place to distinguish malicious privacy leakage from those of legitimate uses. In this paper, we take a bytecode rewriting approach.  ...  As Android has become the most prevalent operating system in mobile devices, privacy concerns in the Android platform are increasing.  ...  In our experiment, we prepare a set of specific libraries which consist of Android SDK of API level 16 (Android 4.1, Jelly Bean), Google Maps of API level 16, Google Analytics SDK v2 and Google Admob SDK  ... 
doi:10.1145/2590296.2590312 dblp:conf/ccs/ZhangY14 fatcat:v65b5sfrrrfvlbi6g6taxubbea

Hybrid User-level Sandboxing of Third-party Android Apps

Yajin Zhou, Kunal Patel, Lei Wu, Zhi Wang, Xuxian Jiang
2015 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security - ASIA CCS '15  
AppCage leverages two complimentary user-level sandboxes to interpose and regulate an app's access to sensitive APIs.  ...  In this paper, we propose AppCage, a system that thoroughly confines the run-time behavior of third-party Android apps without requiring framework modifications or root privilege.  ...  This work was supported in part by the US National Science Foundation (NSF) under Grants 0855036 and 0952640.  ... 
doi:10.1145/2714576.2714598 dblp:conf/ccs/ZhouPWWJ15 fatcat:w5iqqjqyp5g2jozmif7ffa5zqu

Sensor Guardian: prevent privacy inference on Android sensors

Xiaolong Bai, Jie Yin, Yu-Ping Wang
2017 EURASIP Journal on Information Security  
In this paper, we present Sensor Guardian, a privacy protection system that mitigates this threat on Android by hooking and controlling applications' access to sensors.  ...  control. which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons  ...  JY participated in the Sensor Guardian's design and revised the manuscript. YW analyzed the experiment results and wrote the final version of the manuscript.  ... 
doi:10.1186/s13635-017-0061-8 fatcat:bguwnyw65rdtjhmzcbj6fin6je

AppShield: Enabling Multi-entity Access Control Cross Platforms for Mobile App Management [chapter]

Zhengyang Qu, Guanyu Guo, Zhengyue Shao, Vaibhav Rastogi, Yan Chen, Hao Chen, Wangjun Hong
2017 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
As for functionalities, a BYOD solution should isolate an arbitrary number of entities, such as those relating to business and personal uses and provide fine-grained access control on multi-entity management  ...  Diverse personal devices are used to access enterprise resources, and deployment of the solutions with customized operating system (OS) dependency will thus be restricted.  ...  To eliminate the side effect of Android garbage collection when calculating memory usage, we used the tool dumpsys in Android Debug Bridge (adb) to get the maximal memory usage during the execution of  ... 
doi:10.1007/978-3-319-59608-2_1 fatcat:tmlogodjhvd4dmhlf7dvwksisu

Dr. Android and Mr. Hide

Jinseong Jeon, Kristopher K. Micinski, Jeffrey A. Vaughan, Ari Fogel, Nikhilesh Reddy, Jeffrey S. Foster, Todd Millstein
2012 Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '12  
We used these strategies to investigate fine-grained versions of five of the most common Android permissions, including access to the Internet, user contacts, and system settings.  ...  Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony.  ...  Acknowledgements Thanks to Yixin Zhu for technical contributions to a precursor of this work and to Philip Phelps for help with the microbenchmarking app.  ... 
doi:10.1145/2381934.2381938 dblp:conf/ccs/JeonMVFRFM12 fatcat:3e6merthejgm7hyynikr75zhsq

Malicious Behavior Monitoring for Android Applications

Quan Qian, Jing Cai, Mengbo Xie, Rui Zhang
2016 International Journal of Network Security  
For those suspicious applications, based on the reverse engineering, embed monitoring Smali code for those sensitive APIs such as sending SMS, accessing user location, device ID, phone number, etc.  ...  From experiments, it shows that almost 26% applications in Android market have privacy leakage risks. And our proposed method is feasible and effective for monitoring these kind of malicious behavior.  ...  The authors gratefully acknowledge the anonymous reviewers for their valuable comments.  ... 
dblp:journals/ijnsec/QianCXZ16 fatcat:p5k5iql4cjgwhf62afkwfn4z2m

AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware [chapter]

Wenbo Yang, Yuanyuan Zhang, Juanru Li, Junliang Shu, Bodong Li, Wenjun Hu, Dawu Gu
2015 Lecture Notes in Computer Science  
Its core technique is a bytecode decrypting and Dalvik executable (DEX) reassembling method, which is able to recover any protected bytecode effectively without the knowledge of the packer.  ...  A thorough investigation on 37,688 Android malware samples is conducted to take statistics of how widespread are those samples protected by Android packers.  ...  Acknowledgments We would like to thank our shepherd, Elias Athanasopoulos, and the anonymous reviewers for their insightful comments that greatly helped improve the manuscript of this paper.  ... 
doi:10.1007/978-3-319-26362-5_17 fatcat:xoxyebbexncjrhlagqkdje7oxe

Android Platform Modeling and Android App Verification in the ACL2 Theorem Prover [chapter]

Eric Smith, Alessandro Coglio
2016 Lecture Notes in Computer Science  
We present our work in using the ACL2 theorem prover to formally model the Android platform and to formally verify Android apps.  ...  Our formal Android model is an executable simulator of a growing subset of the Android platform, and app proofs are done by automated symbolic execution of the app's event handlers using the formal model  ...  The proof methodology described in this paper, based on state machines and simulations, can verify a large class of app properties.  ... 
doi:10.1007/978-3-319-29613-5_11 fatcat:s7zqxdbnejhszjiyblwm4c5rpa

In-Vivo Bytecode Instrumentation for Improving Privacy on Android Smartphones in Uncertain Environments [article]

Alexandre Bartel, Martin Monperrus (INRIA Lille - Nord Europe), Kevin Allix
2013 arXiv   pre-print
Both prototypes improve the privacy of Android systems thanks to in-vivo bytecode instrumentation.  ...  In this paper we claim that an efficient and readily applicable means to improve privacy of Android applications is: 1) to perform runtime monitoring by instrumenting the application bytecode and 2) in-vivo  ...  [20] presented an Android Application rewriting framework prototype, and discussed its use for monitoring an application, and for implementing fine-grained Access Control.  ... 
arXiv:1208.4536v2 fatcat:xvldrfefrfh3zlkoqwszkoyxxy

Towards self-healing smartphone software via automated patching

Md. Tanzirul Azim, Iulian Neamtiu, Lisa M. Marvel
2014 Proceedings of the 29th ACM/IEEE international conference on Automated software engineering - ASE '14  
In the recovery stage, we use bytecode rewriting to alter app behavior as to avoid such situations in the future.  ...  Experiments on several real-world, popular Android apps and bugs show that our approach manages to recover the apps from crashes effectively, timely, and without introducing overhead.  ...  The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory  ... 
doi:10.1145/2642937.2642955 dblp:conf/kbse/AzimNM14 fatcat:4hdsy7qmr5c75cj4ackvs5vjey

AppGuard – Fine-Grained Policy Enforcement for Untrusted Android Applications [chapter]

Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei, Philipp von Styp-Rekowsky
2014 Lecture Notes in Computer Science  
The utility of AppGuard has already been demonstrated by more than 1,000,000 downloads. Android's security concept is based on isolation of third-party apps and access control [1] .  ...  -Our evaluation on typical Android apps has shown very little overhead in terms of space and runtime.  ...  and the Emmy Noether program of the German federal government.  ... 
doi:10.1007/978-3-642-54568-9_14 fatcat:oeino6qcrrcw3a7c57rkldvyhe
« Previous Showing results 1 — 15 out of 301 results