Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android

Bartel, Alexandre; Klein, Jacques; Monperrus, Martin; Le Traon, Yves

doi:10.1109/TSE.2014.2322867

Article (Scientific journals)

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android

Bartel, Alexandre; Klein, Jacques; Monperrus, Martin et al.

2014 • In IEEE Transactions on Software Engineering, 40 (6), p. 617-632

Peer reviewed

Permalink
https://hdl.handle.net/10993/20036

DOI
10.1109/TSE.2014.2322867

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

TSE_Alex_2014 (1).pdf

Author preprint (526.19 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Abstract :

[en] A common security architecture is based on the protection of certain resources by permission checks (used e.g., in Android and Blackberry). It has some limitations, for instance, when applications are granted more permissions than they actually need, which facilitates all kinds of malicious usage (e.g., through code injection). The analysis of permission-based framework requires a precise mapping between API methods of the framework and the permissions they require. In this paper, we show that naive static analysis fails miserably when applied with off-the-shelf components on the Android framework. We then present an advanced class-hierarchy and field-sensitive set of analyses to extract this mapping. Those static analyses are capable of analyzing the Android framework. They use novel domain specific optimizations dedicated to Android.

Disciplines :

Computer science

Author, co-author :

Bartel, Alexandre ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Klein, Jacques ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Monperrus, Martin; University of Lille

Le Traon, Yves ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Language :

English

Title :

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android

Publication date :

June 2014

Journal title :

IEEE Transactions on Software Engineering

Publisher :

IEEE Computer Society

Volume :

Issue :

Pages :

617-632

Peer reviewed :

Peer reviewed

Funders :

FNR - Fonds National de la Recherche [LU]

Available on ORBilu :

since 12 February 2015

Statistics

Number of views

94 (7 by Unilu)

Number of downloads

222 (2 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

WoS citations^™