{"title":"Android应用程序间安全漏洞的自动检测和缓解(特邀演讲)","authors":"S. Malek, H. Bagheri, Alireza Sadeghi","doi":"10.1145/2661694.2661699","DOIUrl":null,"url":null,"abstract":"Android is the most popular platform for mobile devices. It facilitates sharing data and services between applications by providing a rich inter-application communication system. While such sharing can be controlled by the Android permission system, enforcing permissions is not sufficient to prevent security violations, since permissions may be mismanaged, intentionally or unintentionally, which can compromise user privacy. In this paper, we provide an overview of a novel approach for compositional analysis of Android inter-application vulnerabilities, entitled COVERT. Our analysis is modular to enable incremental analysis of applications as they are installed on an Android device. It extracts security specifications from application packages, captures them in an analyzable formal specification language, and checks whether it is safe for a combination of applications - holding certain permissions and potentially interacting with each other - to install simultaneously. To our knowledge, our work is the first formally-precise analysis tool for automated compositional analysis of Android applications.","PeriodicalId":318577,"journal":{"name":"Proceedings of the 2nd International Workshop on Software Development Lifecycle for Mobile","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Automated detection and mitigation of inter-application security vulnerabilities in Android (invited talk)\",\"authors\":\"S. Malek, H. Bagheri, Alireza Sadeghi\",\"doi\":\"10.1145/2661694.2661699\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Android is the most popular platform for mobile devices. It facilitates sharing data and services between applications by providing a rich inter-application communication system. While such sharing can be controlled by the Android permission system, enforcing permissions is not sufficient to prevent security violations, since permissions may be mismanaged, intentionally or unintentionally, which can compromise user privacy. In this paper, we provide an overview of a novel approach for compositional analysis of Android inter-application vulnerabilities, entitled COVERT. Our analysis is modular to enable incremental analysis of applications as they are installed on an Android device. It extracts security specifications from application packages, captures them in an analyzable formal specification language, and checks whether it is safe for a combination of applications - holding certain permissions and potentially interacting with each other - to install simultaneously. To our knowledge, our work is the first formally-precise analysis tool for automated compositional analysis of Android applications.\",\"PeriodicalId\":318577,\"journal\":{\"name\":\"Proceedings of the 2nd International Workshop on Software Development Lifecycle for Mobile\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2nd International Workshop on Software Development Lifecycle for Mobile\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2661694.2661699\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2nd International Workshop on Software Development Lifecycle for Mobile","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2661694.2661699","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Automated detection and mitigation of inter-application security vulnerabilities in Android (invited talk)
Android is the most popular platform for mobile devices. It facilitates sharing data and services between applications by providing a rich inter-application communication system. While such sharing can be controlled by the Android permission system, enforcing permissions is not sufficient to prevent security violations, since permissions may be mismanaged, intentionally or unintentionally, which can compromise user privacy. In this paper, we provide an overview of a novel approach for compositional analysis of Android inter-application vulnerabilities, entitled COVERT. Our analysis is modular to enable incremental analysis of applications as they are installed on an Android device. It extracts security specifications from application packages, captures them in an analyzable formal specification language, and checks whether it is safe for a combination of applications - holding certain permissions and potentially interacting with each other - to install simultaneously. To our knowledge, our work is the first formally-precise analysis tool for automated compositional analysis of Android applications.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
