An Android Security Case Study with Bauhaus

Author

Berger, Bernhard J. ; Bunke, Michaela ; Sohr, Karsten

Author_Institution

Center for Comput. Technol. (TZI), Univ. Bremen, Bremen, Germany

fYear

2011

fDate

17-20 Oct. 2011

Firstpage

179

Lastpage

183

Abstract

Software security has made great progress, code analysis tools are widely-used in industry for detecting common implementation-level security bugs. However, given the fact that we must deal with legacy code we plead to employ the techniques long been developed in the research area of program comprehension for software security. In cooperation with a security expert, we carried out a case study with the mobile phone platform Android, and employed the reverse engineering tool-suite Bauhaus for this security assessment. During the investigation we found some inconsistencies in the implementation of the Android security concepts. Based on the lessons learned from the case study, we propose several research topics in the area of reverse engineering that would support a security analyst during security assessments.

Keywords

mobile computing; program debugging; reverse engineering; security of data; Android security; Bauhaus; code analysis tool; implementation-level security bug; legacy code; mobile phone; program comprehension; reverse engineering tool; software security; Androids; Bluetooth; Documentation; Humanoid robots; Security; Smart phones; Software; Android; program comprehension; security assessment; software security;

fLanguage

English

Publisher

ieee

Conference_Titel

Reverse Engineering (WCRE), 2011 18th Working Conference on

Conference_Location

Limerick

ISSN

1095-1350

Print_ISBN

978-1-4577-1948-6

Type

conf

DOI

10.1109/WCRE.2011.29

Filename

6079840