Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android

Bartel, Alexandre; Klein, Jacques; Monperrus, Martin; Le Traon, Yves

doi:10.1145/2351676.2351722

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android

Bartel, Alexandre; Klein, Jacques; Monperrus, Martin et al.

2012 • In IEEE/ACM International Conference on Automated Software Engineering

Peer reviewed

Permalink
https://hdl.handle.net/10993/3890

DOI
10.1145/2351676.2351722

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

ase2012-androidMap.pdf

Author postprint (185 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Permissions; permission-based software; call-graph; Android; security; Soot; static analysis

Abstract :

[en] In the permission-based security model (used e.g. in An- droid and Blackberry), applications can be granted more permissions than they actually need, what we call a permission gap?. Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Using our tool on a dataset of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare.

Disciplines :

Computer science

Identifiers :

UNILU:UL-CONFERENCE-2012-433

Author, co-author :

Bartel, Alexandre ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Klein, Jacques ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Monperrus, Martin; University of Lille, France

Le Traon, Yves ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Language :

English

Title :

Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android

Publication date :

2012

Event name :

IEEE/ACM International Conference on Automated Software Engineering

Event place :

Essen, Germany

Event date :

September 2012

Main work title :

IEEE/ACM International Conference on Automated Software Engineering

ISBN/EAN :

978-1-4503-1204-2

Pages :

1-4

Peer reviewed :

Peer reviewed

Commentary :

IEEE/ACM International Conference on Automated Software Engineering

Available on ORBilu :

since 16 July 2013

Statistics

Number of views

140 (4 by Unilu)

Number of downloads

188 (2 by Unilu)

More statistics

Scopus citations^®

105

Scopus citations^®
without self-citations

OpenCitations