发布求助
文献互助 智能选刊 最新文献

Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices最新文献

筛选
英文 中文
Understanding the Service Life Cycle of Android Apps: An Exploratory Study 理解Android应用的服务生命周期:一项探索性研究
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices Pub Date : 2015-10-12 DOI: 10.1145/2808117.2808123
Kobra Khanmohammadi, M. Rejali, A. Hamou-Lhadj
{"title":"Understanding the Service Life Cycle of Android Apps: An Exploratory Study","authors":"Kobra Khanmohammadi, M. Rejali, A. Hamou-Lhadj","doi":"10.1145/2808117.2808123","DOIUrl":"https://doi.org/10.1145/2808117.2808123","url":null,"abstract":"The fast growing use of the Android platform has been accompanied with an increase of malwares in Android applications. A popular way in distributing malwares in the mobile world is through repackaging legitimate apps, embedding malicious code in them, and publishing them in app stores. Therefore, examining the similarity between the behavior of malicious and normal apps can help detect malwares due to repacking. Malicious apps operate by keeping their operations invisible to the user. They also run long enough to perform their malicious tasks. One way to detect malicious apps is to examine their service life cycle. In this paper, we examine the service life cycle of apps. We extract various features of app services. We use these features to classify over 250 normal and malicious apps. Our findings show that malicious apps tend to use services to do their malicious operation and have no communication with the other components of the app, whereas the services in normal apps are usually bound to other components and send messages to notify users about the operations they perform. The results of this exploratory study can be used in the future to design techniques for detecting malicious apps using the classification of their service features.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117229553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
AutoPPG: Towards Automatic Generation of Privacy Policy for Android Applications AutoPPG:迈向Android应用程序隐私政策的自动生成
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices Pub Date : 2015-10-12 DOI: 10.1145/2808117.2808125
Le Yu, Zhang Tao, Xiapu Luo, Lei Xue
{"title":"AutoPPG: Towards Automatic Generation of Privacy Policy for Android Applications","authors":"Le Yu, Zhang Tao, Xiapu Luo, Lei Xue","doi":"10.1145/2808117.2808125","DOIUrl":"https://doi.org/10.1145/2808117.2808125","url":null,"abstract":"A privacy policy is a statement informing users how their information will be collected, used, and disclosed. Failing to provide a correct privacy policy may result in a fine. However, writing privacy policy is tedious and error-prone, because the author may not well understand the source code, which could be written by others (e.g., outsourcing), or does not know the internals of third-party libraries without source codes. In this paper, we propose and develop a novel system named AutoPPG to automatically construct correct and readable descriptions to facilitate the generation of privacy policy for Android applications (i.e., apps). Given an app, AutoPPG first conducts various static code analyses to characterize its behaviors related to users' private information and then applies natural language processing techniques to generating correct and accessible sentences for describing these behaviors. The experimental results using real apps and crowdsourcing indicate that: (1) AutoPPG creates correct and easy-to-understand descriptions for privacy policies; and (2) the privacy policies constructed by AutoPPG usually reveal more operations related to users' private information than existing privacy policies.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121607090","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 53
Supporting Privacy-Conscious App Update Decisions with User Reviews 支持具有隐私意识的应用程序更新决策和用户评论
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices Pub Date : 2015-10-12 DOI: 10.1145/2808117.2808124
Yuan Tian, Bin Liu, Weisi Dai, Blase Ur, P. Tague, L. Cranor
{"title":"Supporting Privacy-Conscious App Update Decisions with User Reviews","authors":"Yuan Tian, Bin Liu, Weisi Dai, Blase Ur, P. Tague, L. Cranor","doi":"10.1145/2808117.2808124","DOIUrl":"https://doi.org/10.1145/2808117.2808124","url":null,"abstract":"Smartphone app updates are critical to user security and privacy. New versions may fix important security bugs, which is why users should usually update their apps. However, occasionally apps turn malicious or radically change features in a way users dislike. Users should not necessarily always update in those circumstances, but current update processes are largely automatic. Therefore, it is important to understand user behaviors around updating apps and help them to make security-conscious choices. We conducted two related studies in this area. First, to understand users' current update decisions, we conducted an online survey of user attitudes toward updates. Based on the survey results, we then designed a notification scheme integrating user reviews, which we tested in a field study. Participants installed an Android app that simulated update notifications, enabling us to collect users' update decisions and reactions. We compared the effectiveness of our review-based update notifications with the permission-based notifications. Compared to notifications with permission descriptions only, we found our review-based update notification was more effective at alerting users of invasive or malicious app updates, especially for less trustworthy apps.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"137 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129282104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Session details: Privacy 会话详细信息:隐私
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices Pub Date : 2015-10-12 DOI: 10.1145/3247577
M. Contois
{"title":"Session details: Privacy","authors":"M. Contois","doi":"10.1145/3247577","DOIUrl":"https://doi.org/10.1145/3247577","url":null,"abstract":"","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130325429","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The Impact of Timing on the Salience of Smartphone App Privacy Notices 时间对智能手机应用隐私声明重要性的影响
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices Pub Date : 2015-10-12 DOI: 10.1145/2808117.2808119
Rebecca Balebako, F. Schaub, Idris Adjerid, A. Acquisti, L. Cranor
{"title":"The Impact of Timing on the Salience of Smartphone App Privacy Notices","authors":"Rebecca Balebako, F. Schaub, Idris Adjerid, A. Acquisti, L. Cranor","doi":"10.1145/2808117.2808119","DOIUrl":"https://doi.org/10.1145/2808117.2808119","url":null,"abstract":"In a series of experiments, we examined how the timing impacts the salience of smartphone app privacy notices. In a web survey and a field experiment, we isolated different timing conditions for displaying privacy notices: in the app store, when an app is started, during app use, and after app use. Participants installed and played a history quiz app, either virtually or on their phone. After a distraction or delay they were asked to recall the privacy notice's content. Recall was used as a proxy for the attention paid to and salience of the notice. Showing the notice during app use significantly increased recall rates over showing it in the app store. In a follow-up web survey, we tested alternative app store notices, which improved recall but did not perform as well as notices shown during app use. The results suggest that even if a notice contains information users care about, it is unlikely to be recalled if only shown in the app store.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125401591","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 64
NJAS: Sandboxing Unmodified Applications in non-rooted Devices Running stock Android NJAS:沙箱未修改的应用程序在非根设备运行的股票Android
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices Pub Date : 2015-10-12 DOI: 10.1145/2808117.2808122
Antonio Bianchi, Y. Fratantonio, Christopher Krügel, G. Vigna
{"title":"NJAS: Sandboxing Unmodified Applications in non-rooted Devices Running stock Android","authors":"Antonio Bianchi, Y. Fratantonio, Christopher Krügel, G. Vigna","doi":"10.1145/2808117.2808122","DOIUrl":"https://doi.org/10.1145/2808117.2808122","url":null,"abstract":"Malware poses a serious threat to the Android ecosystem. Moreover, even benign applications can sometimes constitute security and privacy risks to their users, as they might contain vulnerabilities, or they might perform unwanted actions. Previous research has shown that the current Android security model is not sufficient to protect against these threats, and several solutions have been proposed to enable the specification and enforcing of finer-grained security policies. Unfortunately, many existing solutions suffer from several limitations: they require modifications to the Android framework, root access to the device, to create a modified version of an existing app that cannot be installed without enabling unsafe options, or they cannot completely sandbox native code components. In this work, we propose a novel approach that aims to sandbox arbitrary Android applications. Our solution, called NJAS, works by executing an Android application within the context of another one, and it achieves sandboxing by means of system call interposition. In this paper, we show that our solution overcomes major limitations that affect existing solutions. In fact, it does not require any modification to the framework, does not require root access to the device, and does not require the user to enable unsafe options. Moreover, the core sandboxing mechanism cannot be evaded by using native code components.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126185914","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 44
Context-Specific Access Control: Conforming Permissions With User Expectations 上下文特定的访问控制:符合用户期望的权限
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices Pub Date : 2015-10-12 DOI: 10.1145/2808117.2808121
Amir Rahmati, H. Madhyastha
{"title":"Context-Specific Access Control: Conforming Permissions With User Expectations","authors":"Amir Rahmati, H. Madhyastha","doi":"10.1145/2808117.2808121","DOIUrl":"https://doi.org/10.1145/2808117.2808121","url":null,"abstract":"Current mobile platforms take an all-or-nothing approach to assigning permissions to applications. Once a user grants an application permission to access a particular resource, the application can use that permission whenever it executes thereafter. This enables an application to access privacy sensitive resources even when they are not needed for it to perform its expected functions. In this paper, we introduce \"Context-Specific Access Control\" (CSAC) as a design approach towards enforcing the principle of least privilege. CSAC's goal is to enable a user to ensure that, at any point in time, an application has access to those resources which she expects are needed by the application component with which she is currently interacting. We study 100 popular applications from Google Play store and find that existing applications are amenable to CSAC as most applications' use of privacy sensitive resources is limited to a small number of contexts. Furthermore, via dynamic analysis of the 100 applications and a small-scale user study, we find that CSAC does not prohibitively increase the number of access control decisions that users need to make.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125102405","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
The Past, Present and Future of Digital Privacy 数字隐私的过去、现在和未来
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices Pub Date : 2015-10-12 DOI: 10.1145/2808117.2808127
A. Manea
{"title":"The Past, Present and Future of Digital Privacy","authors":"A. Manea","doi":"10.1145/2808117.2808127","DOIUrl":"https://doi.org/10.1145/2808117.2808127","url":null,"abstract":"Communication technologies have evolved immensely over the past 20 years, with the Internet removing physical borders and mobility keeping us always connected. But privacy technologies, standards and legislation have struggled to keep up. This talk will look at the evolution of online privacy through the lens of users, government and private industry. We will examine where we are today, how we got here, and most importantly how we move forward in a way that protects consumer privacy without stifling innovation. Last but not least, we will discuss the viability and importance of public/private partnerships in solving issues related to online privacy.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129073679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices 第五届ACM CCS智能手机和移动设备安全与隐私研讨会论文集
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices Pub Date : 2015-10-12 DOI: 10.1145/2808117
D. Lie, Glenn Wurster
{"title":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","authors":"D. Lie, Glenn Wurster","doi":"10.1145/2808117","DOIUrl":"https://doi.org/10.1145/2808117","url":null,"abstract":"It is our great pleasure to welcome you to the 5th annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2015). The workshop was created to organize and foster discussion of security in the emerging area of smartphone and mobile device computing. As organizers of top security venues, we've observed a consistently large number of submissions describing novel approaches to solving the challenges of this area. We wanted to provide a dedicated venue to discuss these challenges and promising approaches for future research directions. \u0000 \u0000The call for papers attracted submissions from Canada, China, Germany, Hong Kong, India, Israel, Mexico, Switzerland, United Arab Emirates, United Kingdom, and the United States. The program committee reviewed and accepted 9 of 25 submitted papers. We are also honored to have a keynote speech by Alex Manea, Director, BlackBerry Security on The Past, Present and Future of Digital Privacy. \u0000 \u0000We hope that you will find this program interesting and thought-provoking and that the workshop will provide you with a valuable opportunity to share ideas with other researchers and practitioners from institutions around the world.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123932135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
PrivacyGuard: A VPN-based Platform to Detect Information Leakage on Android Devices PrivacyGuard:基于vpn的Android设备信息泄露检测平台
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices Pub Date : 2015-10-12 DOI: 10.1145/2808117.2808120
Yihang Song, U. Hengartner
{"title":"PrivacyGuard: A VPN-based Platform to Detect Information Leakage on Android Devices","authors":"Yihang Song, U. Hengartner","doi":"10.1145/2808117.2808120","DOIUrl":"https://doi.org/10.1145/2808117.2808120","url":null,"abstract":"More and more people rely on mobile devices to access the Internet, which also increases the amount of private information that can be gathered from people's devices. Although today's smartphone operating systems are trying to provide a secure environment, they fail to provide users with adequate control over and visibility into how third-party applications use their private data. Whereas there are a few tools that alert users when applications leak private information, these tools are often hard to use by the average user or have other problems. To address these problems, we present PrivacyGuard, an open-source VPN-based platform for intercepting the network traffic of applications. PrivacyGuard requires neither root permissions nor any knowledge about VPN technology from its users. PrivacyGuard does not significantly increase the trusted computing base since PrivacyGuard runs in its entirety on the local device and traffic is not routed through a remote VPN server. We implement PrivacyGuard on the Android platform by taking advantage of the VPNService class provided by the Android SDK. PrivacyGuard is configurable, extensible, and useful for many different purposes. We investigate its use for detecting the leakage of multiple types of sensitive data, such as a phone's IMEI number or location data. PrivacyGuard also supports modifying the leaked information and replacing it with crafted data for privacy protection. According to our experiments, PrivacyGuard can detect more leakage incidents by applications and advertisement libraries than TaintDroid. We also demonstrate that PrivacyGuard has reasonable overhead on network performance and almost no overhead on battery consumption.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117296894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 96
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信