Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android - Inria - Institut national de recherche en sciences et technologies du numérique Access content directly
Conference Papers Year : 2012

Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android

Abstract

In the permission-based security model (used e.g. in An-droid and Blackberry), applications can be granted more permissions than they actually need, what we call a "per-mission gap". Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Using our tool on a dataset of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare.

Domains

Software Engineering [cs.SE]
Fichier principal
Vignette du fichier
article.pdf (170.53 Ko) Télécharger le fichier
Origin : Publisher files allowed on an open archive

Martin Monperrus  : Connect in order to contact the contributor

https://hal.science/hal-00726196

Submitted on : Wednesday, October 17, 2018-7:38:25 AM

Last modification on : Wednesday, September 13, 2023-7:52:03 AM

Long-term archiving on: Friday, January 18, 2019-12:39:52 PM

Download

Dates and versions

hal-00726196 , version 1 (17-10-2018)

Identifiers

Cite

Alexandre Bartel, Jacques Klein, Yves Le Traon, Martin Monperrus. Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android. IEEE/ACM International Conference On Automated Software Engineering, Sep 2012, Essen, Germany. pp.274-277, ⟨10.1145/2351676.2351722⟩. ⟨hal-00726196⟩

Export

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite
119 View
330 Download

Altmetric

Share

Gmail Facebook X LinkedIn More