TU Darmstadt / ULB / TUbiblio

The Transitivity of Trust Problem in the Interaction of Android Applications

Bartsch, Steffen and Sohr, Karsten and Bunke, Michaela and Hofrichter, Oliver and Berger, Bernhard (2012):
The Transitivity of Trust Problem in the Interaction of Android Applications.
(64-2012), ISBN 978-0-7695-5008-4,
DOI: 10.1109/ARES.2013.39,
[Report]

Abstract

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for the end users while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent and usable manner. In this paper, we propose to employ static analysis based on the software architecture and focused data flow analysis to scalably detect information flows between components. Specifically, we aim to reveal transitivity of trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with Android applications, although the generalization of the analysis to similar composition-based architectures, such as Service-oriented Architecture, can also be explored in the future.

Item Type: Report
Erschienen: 2012
Creators: Bartsch, Steffen and Sohr, Karsten and Bunke, Michaela and Hofrichter, Oliver and Berger, Bernhard
Title: The Transitivity of Trust Problem in the Interaction of Android Applications
Language: English
Abstract:

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for the end users while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent and usable manner. In this paper, we propose to employ static analysis based on the software architecture and focused data flow analysis to scalably detect information flows between components. Specifically, we aim to reveal transitivity of trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with Android applications, although the generalization of the analysis to similar composition-based architectures, such as Service-oriented Architecture, can also be explored in the future.

Number: 64-2012
ISBN: 978-0-7695-5008-4
Uncontrolled Keywords: Secure Data
Divisions: 20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > SECUSO - Security, Usability and Society
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Zentren
20 Department of Computer Science
Profile Areas
LOEWE
Event Location: Washington DC, USA
Date Deposited: 28 Jul 2016 18:35
DOI: 10.1109/ARES.2013.39
Identification Number: Bartsch12android
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item