The Transitivity-of-Trust Problem in Android Application Interaction

Author

Bartsch, Steffen ; Berger, Bernhard ; Bunke, Michaela ; Sohr, Karsten

Author_Institution

Tech. Univ. Darmstadt, Darmstadt, Germany

fYear

2013

fDate

2-6 Sept. 2013

Firstpage

291

Lastpage

296

Abstract

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for end users, while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent manner. In this paper, we propose to employ static analysis, based on the software architecture and focused on data-flow analysis, to detect information flows between components. Specifically, we aim to reveal transitivity-of-trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with two Android applications.

Keywords

data flow analysis; mobile computing; operating systems (computers); software architecture; trusted computing; android application interaction; data-flow analysis; information flow detection; multicomponent mobile platforms; software architecture; static analysis; transitivity-of-trust problem; Androids; Humanoid robots; Java; Mobile communication; Security; Smart phones; Software architecture; Android; mobile security; software architecture; static code analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security (ARES), 2013 Eighth International Conference on

Conference_Location

Regensburg

Type

conf

DOI

10.1109/ARES.2013.39

Filename

6657255