• DocumentCode
    1901262
  • Title

    Automatically securing permission-based software by reducing the attack surface: an application to Android

  • Author

    Bartel, Alexandre ; Klein, John ; Le Traon, Yves ; Monperrus, Martin

  • Author_Institution
    Univ. of Luxembourg, Luxembourg, Luxembourg
  • fYear
    2012
  • fDate
    3-7 Sept. 2012
  • Firstpage
    274
  • Lastpage
    277
  • Abstract
    In the permission-based security model (used e.g. in Android and Blackberry), applications can be granted more permissions than they actually need, what we call a “permission gap”. Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Using our tool on a dataset of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare.
  • Keywords
    invasive software; operating systems (computers); program diagnostics; Android applications; attack surface reduction; code injection; malware; permission gap; permission-based software security; static analysis; Android; Permissions; Soot; call-graph; permission-based software; security; static analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Automated Software Engineering (ASE), 2012 Proceedings of the 27th IEEE/ACM International Conference on
  • Conference_Location
    Essen
  • Print_ISBN
    978-1-4503-1204-2
  • Type

    conf

  • DOI
    10.1145/2351676.2351722
  • Filename
    6494934
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1901262