Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android
English
Bartel, Alexandre[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Klein, Jacques[University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Le Traon, Yves[University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
2012
IEEE/ACM International Conference on Automated Software Engineering
1-4
Yes
978-1-4503-1204-2
IEEE/ACM International Conference on Automated Software Engineering
[en] In the permission-based security model (used e.g. in An- droid and Blackberry), applications can be granted more permissions than they actually need, what we call a permission gap?. Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Using our tool on a dataset of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare.
[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
