TU Darmstadt / ULB / TUbiblio

The Transitivity-of-Trust Problem in Android Application Interaction

Bartsch, Steffen ; Berger, Bernhard ; Bunke, Michaela ; Sohr, Karsten
Hrsg.: Pernul, Günther ; Sandhu, Ravi (2013)
The Transitivity-of-Trust Problem in Android Application Interaction.
University of Surrey, Guildford, UK
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for end users, while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent manner. In this paper, we propose to employ static analysis, based on the software architecture and focused on data-flow analysis, to detect information flows between components. Specifically, we aim to reveal transitivity-of-trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with two Android applications.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2013
Herausgeber: Pernul, Günther ; Sandhu, Ravi
Autor(en): Bartsch, Steffen ; Berger, Bernhard ; Bunke, Michaela ; Sohr, Karsten
Art des Eintrags: Bibliographie
Titel: The Transitivity-of-Trust Problem in Android Application Interaction
Sprache: Englisch
Publikationsjahr: Juli 2013
Verlag: IEEE
Buchtitel: 8th International Conference on Availability, Reliability and Security (ARES 2013)
Veranstaltungsort: University of Surrey, Guildford, UK
Zugehörige Links:
Kurzbeschreibung (Abstract):

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for end users, while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent manner. In this paper, we propose to employ static analysis, based on the software architecture and focused on data-flow analysis, to detect information flows between components. Specifically, we aim to reveal transitivity-of-trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with two Android applications.

Freie Schlagworte: Security, Usability and Society;Secure Data
ID-Nummer: TUD-CS-2013-0122
Fachbereich(e)/-gebiet(e): LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Fachbereich Informatik > SECUSO - Security, Usability and Society
20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE > LOEWE-Zentren
20 Fachbereich Informatik
Profilbereiche
LOEWE
Hinterlegungsdatum: 28 Jul 2016 18:35
Letzte Änderung: 30 Mai 2018 12:53
PPN:
Zugehörige Links:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen