Reference : Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Chal...
Scientific journals : Article
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/20036
Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android
English
Bartel, Alexandre mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)]
Klein, Jacques mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Monperrus, Martin mailto [University of Lille]
Le Traon, Yves mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Jun-2014
IEEE Transactions on Software Engineering (TSE)
IEEE Computer Society
40
6
617-632
Yes
International
[en] A common security architecture is based on the protection of certain resources by permission checks (used e.g., in Android and Blackberry). It has some limitations, for instance, when applications are granted more permissions than they actually need, which facilitates all kinds of malicious usage (e.g., through code injection). The analysis of permission-based framework requires a precise mapping between API methods of the framework and the permissions they require. In this paper, we show that naive static analysis fails miserably when applied with off-the-shelf components on the Android framework. We then present an advanced class-hierarchy and field-sensitive set of analyses to extract this mapping. Those static analyses are capable of analyzing the Android framework. They use novel domain specific optimizations dedicated to Android.
Fonds National de la Recherche - FnR
Researchers ; Professionals
http://hdl.handle.net/10993/20036

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
TSE_Alex_2014 (1).pdfAuthor preprint513.86 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.