Detecting information leaks in Android applications using a hybrid approach with program slicing, instrumentation and tagging - Citegraph

Paper Info

Title
Detecting information leaks in Android applications using a hybrid approach with program slicing, instrumentation and tagging

Abstract
With the increasingly amount of private information stored in mobile devices, the need for more secure ways to detect, control and avoid malicious behaviors has become higher. The too coarse-grained permission system implemented in the Android platform does not cover problems such as preventing an application to send a previously acquired information over SMS or Internet to another device or server. This problem arises because the permission systems implemented in the Android platform works only in the access control and does not handle how the acquired information is handled by the application. In order to enhance detection and awareness of such unwanted information flows, we propose a hybrid information-flow analysis, known as FlowSlicer, that mixes the benefits of static and dynamic analysis, using slicing on a system dependency graph and instrumenting statements found to be important. In order to analyse properly the obtained results, tests regarding overhead and also leak detection rate were performed in the applications present in the category AndroidSpecific from the DroidBench repository, since FlowSlicer intends to work mainly for applications designed for the Android platform. The results show that FlowSlicer is effective in detecting leaks, detects all leaks present in the evaluated applications, and only includes an imperceptible overhead to the instrumented application. The obtained results also show how both static and dynamic analysis work together and help each other in their disadvantages: static analysis helps dynamic analysis by reducing the set of statements to be analysed and dynamic analysis helps to prove false positives from static analysis not to be true.

Year	DOI	Venue
2017	10.1109/CCST.2017.8167856	2017 International Carnahan Conference on Security Technology (ICCST)
Keywords	Field	DocType
system dependency graph,instrumenting statements,leak detection rate,FlowSlicer,Android platform,dynamic analysis,static analysis,information leaks,Android applications,hybrid approach,program slicing,instrumentation,private information,mobile devices,malicious behaviors,coarse-grained permission system,permission systems,access control,unwanted information,hybrid information-flow analysis,information leak detection,tagging,Internet	Program slicing,Permission,Android (operating system),Computer science,Computer security,Static analysis,Mobile device,Access control,Dependency graph,Embedded system,The Internet	Conference
ISSN	ISBN	Citations
1071-6572	978-1-5386-1586-7	0
PageRank	References	Authors
0.34	5	2

Authors (2 rows)

Cited by (0 rows)

References (5 rows)

Name	Order	Citations	PageRank
Luis Menezes	1	0	0.34
Roland Wismüller	2	436	66.49

1