Reference : Automatically Securing Permission-Based Software by Reducing the Attack Surface: An A...
Parts of books : Contribution to collective works
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/3888
Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android
English
Bartel, Alexandre mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Klein, Jacques mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Monperrus, Martin [University of Lille, France]
Le Traon, Yves mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
2011
Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android (Tech Report)
Tech Report
1-11
No
9782879711072
[en] call-graph ; android ; security ; soot ; java ; static analysis
[en] Android based devices are becoming widespread. As a result and since those devices contain personal and confidential data, the security model of the android software stack has been analyzed extensively. One key feature of the security model is that applications must declare a list of permissions they are using to access resources. Using static analysis, we first extracted a table from the Android API which maps methods to permissions. Then, we use this mapping within a tool we developed to check that applications effectively need all the permissions they declare. Using our tool on a set of android applications, we found out that a non negligible part of the applications do not use all the permissions they declare. Consequently, the attack surface of such applications can be reduced by removing the non-needed permissions.
http://hdl.handle.net/10993/3888
Tech Report

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
AttackSurfaceReduction-tr.pdfNo commentaryAuthor postprint434.65 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.