TU Darmstadt / ULB / TUbiblio

The Transitivity of Trust Problem in the Interaction of Android Applications

Bartsch, Steffen ; Sohr, Karsten ; Bunke, Michaela ; Hofrichter, Oliver ; Berger, Bernhard (2012)
The Transitivity of Trust Problem in the Interaction of Android Applications.
doi: 10.1109/ARES.2013.39
Report, Bibliographie

Kurzbeschreibung (Abstract)

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for the end users while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent and usable manner. In this paper, we propose to employ static analysis based on the software architecture and focused data flow analysis to scalably detect information flows between components. Specifically, we aim to reveal transitivity of trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with Android applications, although the generalization of the analysis to similar composition-based architectures, such as Service-oriented Architecture, can also be explored in the future.

Typ des Eintrags: Report
Erschienen: 2012
Autor(en): Bartsch, Steffen ; Sohr, Karsten ; Bunke, Michaela ; Hofrichter, Oliver ; Berger, Bernhard
Art des Eintrags: Bibliographie
Titel: The Transitivity of Trust Problem in the Interaction of Android Applications
Sprache: Englisch
Publikationsjahr: 2012
(Heft-)Nummer: 64-2012
Veranstaltungsort: Washington DC, USA
DOI: 10.1109/ARES.2013.39
Kurzbeschreibung (Abstract):

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for the end users while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent and usable manner. In this paper, we propose to employ static analysis based on the software architecture and focused data flow analysis to scalably detect information flows between components. Specifically, we aim to reveal transitivity of trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with Android applications, although the generalization of the analysis to similar composition-based architectures, such as Service-oriented Architecture, can also be explored in the future.

Freie Schlagworte: Secure Data
ID-Nummer: Bartsch12android
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Fachbereich Informatik > SECUSO - Security, Usability and Society
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE > LOEWE-Zentren
20 Fachbereich Informatik
Profilbereiche
LOEWE
Hinterlegungsdatum: 28 Jul 2016 18:35
Letzte Änderung: 17 Mai 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen