检索结果-内蒙古大学图书馆

37th IEEE/ACM International Conference on Automated Software Engineering (ASE)

作者： Malviya, Vikas K. Leow, Chee Wei Kasthuri, Ashok Tun, Yan Naing Shar, Lwin Khin Jiang, Lingxiao Singapore Management Univ Sch Comp & Informat Syst Singapore Singapore

ISBN: (纸本)9781450394758

It is the basic right of a user to know how the permissions are used within the android app's scope and to refuse the app if granted permissions are used for the activities other than specified use which can amount to malicious behavior. This paper proposes an approach and a vision to automatically model the permissions necessary for android apps from users' perspective and enable fine-grained permission controls by users, thus facilitating users in making more well-informed and flexible permission decisions for different app functionalities, which in turn improve the security and data privacy of the App and enforce apps to reduce permission misuses. Our proposed approach works in mainly two stages. First, it looks for discrepancies between the permission uses perceivable by users and the permissions actually used by apps via program analysis techniques. Second, it runs prediction algorithms using machine learning techniques to catch the discrepancies in permission usage and thereby alert the user for action about data violation. We have evaluated preliminary implementations of our approach and achieved promising fine-grained permission control accuracy. In addition to the benefits of users' privacy protection, we envision that wider adoption of the approach may also enforce better privacy-aware design by responsible bodies such as app developers, governments, and enterprises.

关键词： automated permission control UI perception android application analysis android permissions machine learning

来源：评论

学校读者我要写书评

暂无评论

Right to Know, Right to Refuse: Towards UI Perception-Based Automated Fine-Grained Permission Controls for android Apps 22

Right to Know, Right to Refuse: Towards UI Perception-Based ...

引用

Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering

作者： Vikas Kumar Malviya Chee Wei Leow Ashok Kasthuri Yan Naing Tun Lwin Khin Shar Lingxiao Jiang School of Computing and Information Systems Singapore Management University Singapore

ISBN: (纸本)9781450394758

It is the basic right of a user to know how the permissions are used within the android app’s scope and to refuse the app if granted permissions are used for the activities other than specified use which can amount to malicious behavior. This paper proposes an approach and a vision to automatically model the permissions necessary for android apps from users’ perspective and enable fine-grained permission controls by users, thus facilitating users in making more well-informed and flexible permission decisions for different app functionalities, which in turn improve the security and data privacy of the App and enforce apps to reduce permission misuses. Our proposed approach works in mainly two stages. First, it looks for discrepancies between the permission uses perceivable by users and the permissions actually used by apps via program analysis techniques. Second, it runs prediction algorithms using machine learning techniques to catch the discrepancies in permission usage and thereby alert the user for action about data violation. We have evaluated preliminary implementations of our approach and achieved promising fine-grained permission control accuracy. In addition to the benefits of users’ privacy protection, we envision that wider adoption of the approach may also enforce better privacy-aware design by responsible bodies such as app developers, governments, and enterprises.

关键词： automated permission control UI perception machine learning android application analysis android permissions

来源：评论

学校读者我要写书评

暂无评论

Effort estimation of open source android projects via transaction analysis

引用

JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS 2021年第1期33卷

作者： Qi, Kan Boehm, Barry Univ Southern Calif Ctr Syst & Software Engn Los Angeles CA 90007 USA

Transactions have been used in many software sizing methods to measure software functional size and provide a basis for effort estimation. To further investigate the effects that transactions have on software functional size and more accurately estimate project effort using the transactional information, in this paper, we propose a method to identify transactions, as well as their complexity attributes that are influential to software functional size, directly from the source code of android projects using static and dynamic analyses. The identified transactions are classified into different complexity levels and applied with different weights based on their evaluated complexity levels to distinguish their effects on software functional size. A size metric called sum of weighted transactions (SWT) is proposed to measure software functional size. We calibrate an effort estimation model using SWT based on a data set of 34 open source android projects, and show the effectiveness of using SWT as a software functional size measure to estimate project effort.

关键词： android application analysis Bayesian analysis effort estimation model calibration software functional size analysis software size metrics transaction analysis use case analysis

来源：评论

学校读者我要写书评

暂无评论

NDroid: Toward Tracking Information Flows Across Multiple android Contexts

引用

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 2019年第3期14卷 814-828页

作者： Xue, Lei Qian, Chenxiong Zhou, Hao Luo, Xiapu Zhou, Yajin Shao, Yuru Chan, Alvin T. S. Hong Kong Polytech Univ Dept Comp Hong Kong Hong Kong Peoples R China Georgia Inst Technol Sch Comp Sci Atlanta GA 30332 USA Zhejiang Univ Inst Cyber Secur Res Hangzhou 310027 Zhejiang Peoples R China Zhejiang Univ Coll Comp Sci & Technol Hangzhou 310027 Zhejiang Peoples R China Univ Michigan Ann Arbor MI 48109 USA Singapore Inst Technol Singapore 138683 Singapore

For performance and compatibility reasons, developers tend to use native code in their applications (or simply apps). This makes a bidirectional data flow through multiple contexts, i.e., the Java context and the native context, in android apps. Unfortunately, this interaction brings serious challenges to existing dynamic analysis systems, which fail to capture the data flow across different contexts. In this paper, we first performed a large-scale study on apps using native code and reported some observations. Then, we identified several scenarios where data flow cannot be tracked by existing systems, leading to uncaught information leakage. Based on these insights, we designed and implemented NDroid, an efficient dynamic taint analysis system that could track the data flow between both Java context and native context. The evaluation of real apps demonstrated the effectiveness of NDroid in identifying information leakage with reasonable performance overhead.

关键词： android application analysis taint analysis Java native interface (JNI)

来源：评论

学校读者我要写书评

暂无评论

Composite Constant Propagation and its application to android Program analysis

引用

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING 2016年第11期42卷 999-1014页

作者： Octeau, Damien Luchaup, Daniel Jha, Somesh McDaniel, Patrick Univ Wisconsin Dept Comp Sci 1210 W Dayton St Madison WI 53706 USA Penn State Univ Dept Comp Sci & Engn University Pk PA 16802 USA Carnegie Mellon Univ CyLab Pittsburgh PA 15213 USA

Many program analyses require statically inferring the possible values of composite types. However, current approaches either do not account for correlations between object fields or do so in an ad hoc manner. In this paper, we introduce the problem of composite constant propagation. We develop the first generic solver that infers all possible values of complex objects in an interprocedural, flow and context-sensitive manner, taking field correlations into account. Composite constant propagation problems are specified using COAL, a declarative language. We apply our COAL solver to the problem of inferring android Inter-Component Communication (ICC) values, which is required to understand how the components of android applications interact. Using COAL, we model ICC objects in android more thoroughly than the state-of-the-art. We compute ICC values for 489 applications from the Google Play store. The ICC values we infer are substantially more precise than previous work. The analysis is efficient, taking two minutes per application on average. While this work can be used as the basis for many whole-program analyses of android applications, the COAL solver can also be used to infer the values of composite objects in many other contexts.

关键词： Composite constant constant propagation inter-component communication ICC android application analysis

来源：评论

学校读者我要写书评

暂无评论

DexMonitor: Dynamically Analyzing and Monitoring Obfuscated android applications

引用

IEEE ACCESS 2018年 6卷 71229-71240页

作者： Cho, Haehyun Yi, Jeong Hyun Ahn, Gail-Joon Arizona State Univ Ctr Cybersecur & Digital Forens Tempe AZ 85281 USA Soongsil Univ Cyber Secur Res Ctr Seoul 06978 South Korea Samsung Elect Samsung Res Seoul 06765 South Korea

Both android application developers and malware authors use sophisticated obfuscation tools to prevent their mobile applications from being repackaged and analyzed. These tools obfuscate sensitive strings and classes, API calls, and control flows in the Dalvik bytecode. Consequently, it is inevitable for the security analysts to spend the significant amount of time for understanding the robustness of these obfuscation techniques and fully comprehending the intentions of each application. Since such analyses are often error-prone and require extensive analysis experience, it is critical to explore a novel approach to systematically analyzeandroid application bytecode. In this paper, we propose an approach to address such a critical challenge by placing hooks in the Dalvik virtual machine at the point where a Dalvik instruction is about to be executed. Also, we demonstrate the effectiveness of our approach through case studies on real-world applications with our prototype called DexMonitor.

关键词： Bytecode monitoring android application analysis mobile security

来源：评论

学校读者我要写书评

暂无评论

A Hybrid analysis for Mobile Security Threat Detection 7

A Hybrid Analysis for Mobile Security Threat Detection

引用

7th IEEE Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (IEEE UEMCON)

作者： Shi, Yong You, Wanqing Qian, Kai Bhattacharya, Prabir Qian, Ying Kennedaw State Univ Dept Comp Sci Kennesaw GA 30144 USA Morgan State Univ Dept Comp Sci Baltimore MD 21239 USA East China Normal Univ Dept Comp Sci Shanghai Peoples R China

ISBN: (纸本)9781509014965

with the rapid advancement of technology today, smartphones become more and more powerful and attract a huge amount of users with new features provided by mobile device operating systems such as android. However, due to its security vulnerability, hackers and cybercriminals constantly attack android mobile devices. Thus, research on effective and efficient mobile threat analysis becomes an emerging and important topic in cybersecurity research area, using various security analysis and evaluation strategies such as static analysis and dynamic analysis. In this paper, we propose a hybrid approach which aggregates the static and dynamic analysis for detecting security threat and attack in mobile app. In our approach, we implement the unification of data states and software execution on the critical test path. Our approach has two phases. We first perform the static analysis to identify the possible attack critical path based on android API and the existing attack patterns, next we perform the dynamic analysis which follows the path to execute the program in a limited and focused scope, and detect the attack possibility by checking conformance of detected path with the existing attack patterns. In the second phase of runtime dynamic analysis, dynamic inspection will report the type of attack scenarios with respect to the type of confidential data leakage, such as web browser cookie, without accessing any real critical and protected data sources in mobile devices.

关键词： android application analysis static analysis dynamic analysis data path tracing symbolic execution

来源：评论

学校读者我要写书评

暂无评论

Automated Detection and analysis for android Ransomware 17

Automated Detection and Analysis for Android Ransomware

引用

2015 IEEE 17th International Conference on High Performance Computing and Communications (HPCC)

作者： Yang, Tianda Yang, Yu Qian, Kai Lo, Dan Chia-Tien Qian, Ying Tao, Lixin Kennesaw State Univ Dept Comp Sci Marietta GA USA East China Normal Univ Dept Comp Sci Shanghai Peoples R China Pace Univ Dept Comp Sci New York NY 10038 USA

ISBN: (纸本)9781479989379

Along with the rapid growth of new science and technology, the functions of smartphones become more and more powerful. Nevertheless, everything has two aspects. Smartphones bring so much convenience for people and also bring the security risks at the same time. Malicious application has become a big threat to the mobile security. Thus, an efficiency security analysis and detection method is important and necessary. Due to attacking of malicious application, user could not use smartphone normally and personal information could be stolen. What is worse, attacking proliferation will impact the healthy growth of the mobile Internet industry. To limit the growing speed of malicious application, the first thing we need to know what malicious application is and how to deal with. Detecting and analyzing their behaviors helps us deeply understand the attacking principle such that we can take effective countermeasures against malicious application. This article describes the basic android component and manifest, the reason that android is prevalent and why attacking came in. This paper analyzed and penetrated malicious ransomware which threats mobile security now with our developed automated analysis approach for such mobile malware detection.

关键词： android application analysis Automatic analysis static analysis dynamic analysis

来源：评论

学校读者我要写书评

暂无评论

POSTER: A hybrid approach for mobile security threat analysis 8

POSTER: A hybrid approach for mobile security threat analysi...

引用

8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015

作者： You, Wanqing Qian, Kai Guo, Minzhe Bhattacharya, Prabir Qian, Ying Tao, Lixin Department of Computer Science and Software Engineering Southern Polytechnic State University MariettaGA United States Department of Electrical Engineering and Computing Systems University of Cincinnati United States Department of Computer Science East China Normal University Shanghai China Dept. of Computer Science Pace University New York United States

ISBN: (纸本)9781450336239

Research on effective and efficient mobile threat analysis becomes an emerging and important topic in cybersecurity research area. Static analysis and dynamic analysis constitute two of the most popular types of techniques for security analysis and evaluation;nevertheless, each of them has its strengths and weaknesses. To leverage the benefits of both approaches, we propose a hybrid approach that integrates the static and dynamic analysis for detecting security threats in mobile applications. The key of this approach is the unification of data states and software execution on critical test paths. The approach consists of two phases. In the first phase, a pilot static analysis is conducted to identify potential critical attack paths based on android APIs and existing attack patterns. In the second phase, a dynamic analysis follows the identified critical paths to execute the program in a limited and focused manner. Attacks shall be detected by checking the conformance of the detected paths with existing attack patterns. The method will report the types of detected attack scenarios based on types of sensitive data that may be compromised, such as web browser cookie.

关键词： android application analysis Data path tracing Dynamic analysis Static analysis Symbolic execution

来源：评论

学校读者我要写书评

暂无评论

A hybrid approach for mobile security threat analysis 15

A hybrid approach for mobile security threat analysis

引用

Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks

作者： Wanqing You Kai Qian Minzhe Guo Prabir Bhattacharya Ying Qian Lixin Tao Southern Polytechnic State University Marietta GA University of Cincinnati East China Normal University Shanghai China Pace University New York

ISBN: (纸本)9781450336239

Research on effective and efficient mobile threat analysis becomes an emerging and important topic in cybersecurity research area. Static analysis and dynamic analysis constitute two of the most popular types of techniques for security analysis and evaluation; nevertheless, each of them has its strengths and weaknesses. To leverage the benefits of both approaches, we propose a hybrid approach that integrates the static and dynamic analysis for detecting security threats in mobile applications. The key of this approach is the unification of data states and software execution on critical test paths. The approach consists of two phases. In the first phase, a pilot static analysis is conducted to identify potential critical attack paths based on android APIs and existing attack patterns. In the second phase, a dynamic analysis follows the identified critical paths to execute the program in a limited and focused manner. Attacks shall be detected by checking the conformance of the detected paths with existing attack patterns. The method will report the types of detected attack scenarios based on types of sensitive data that may be compromised, such as web browser cookie.

关键词： data path tracing static analysis android application analysis dynamic analysis symbolic execution

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：