Interactively verifying absence of explicit information flows in Android apps

8 years 24 days ago

Download theory.stanford.edu

App stores are increasingly the preferred mechanism for distributing software, including mobile apps (Google Play), desktop apps (Mac App Store and Ubuntu Software Center), computer games (the Steam Store), and browser extensions (Chrome Web Store). The centralized nature of these stores has important implications for security. While app stores have unprecedented ability to audit apps, users now trust hosted apps, making them more vulnerable to malware that evades detection and ﬁnds its way onto the app store. Sound static explicit information ﬂow analysis has the potential to signiﬁcantly aid human auditors, but it is handicapped by high false positive rates. Instead, auditors currently rely on a combination of dynamic analysis (which is unsound) and lightweight static analysis (which cannot identify information ﬂows) to help detect malicious behaviors. We propose a process for producing apps certiﬁed to be free of malicious explicit information ﬂows. In practice, impreci...

Osbert Bastani, Saswat Anand, Alex Aiken

Real-time Traffic

OOPSLA 2015 | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	16 Apr 2016
Updated	16 Apr 2016
Type	Journal
Year	2015
Where	OOPSLA
Authors	Osbert Bastani, Saswat Anand, Alex Aiken

Comments (0)

Sciweavers

Interactively verifying absence of explicit information flows in Android apps

OOPSLA 2015 | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers