Reference : Automatically Securing Permission-Based Software by Reducing the Attack Surface: An A...
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/3890
Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android
English
Bartel, Alexandre mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Klein, Jacques mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Monperrus, Martin [University of Lille, France]
Le Traon, Yves mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
2012
IEEE/ACM International Conference on Automated Software Engineering
1-4
Yes
978-1-4503-1204-2
IEEE/ACM International Conference on Automated Software Engineering
September 2012
Essen
Germany
[en] Permissions ; permission-based software ; call-graph ; Android ; security ; Soot ; static analysis
[en] In the permission-based security model (used e.g. in An- droid and Blackberry), applications can be granted more permissions than they actually need, what we call a permission gap?. Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Using our tool on a dataset of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare.
http://hdl.handle.net/10993/3890
IEEE/ACM International Conference on Automated Software Engineering

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
ase2012-androidMap.pdfNo commentaryAuthor postprint180.66 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.