DocumentCode :
1901262
Title :
Automatically securing permission-based software by reducing the attack surface: an application to Android
Author :
Bartel, Alexandre ; Klein, John ; Le Traon, Yves ; Monperrus, Martin
Author_Institution :
Univ. of Luxembourg, Luxembourg, Luxembourg
fYear :
2012
fDate :
3-7 Sept. 2012
Firstpage :
274
Lastpage :
277
Abstract :
In the permission-based security model (used e.g. in Android and Blackberry), applications can be granted more permissions than they actually need, what we call a “permission gap”. Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Using our tool on a dataset of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare.
Keywords :
invasive software; operating systems (computers); program diagnostics; Android applications; attack surface reduction; code injection; malware; permission gap; permission-based software security; static analysis; Android; Permissions; Soot; call-graph; permission-based software; security; static analysis;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Automated Software Engineering (ASE), 2012 Proceedings of the 27th IEEE/ACM International Conference on
Conference_Location :
Essen
Print_ISBN :
978-1-4503-1204-2
Type :
conf
DOI :
10.1145/2351676.2351722
Filename :
6494934
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=1901262
بازگشت