TU Darmstadt / ULB / TUbiblio

The Transitivity-of-Trust Problem in Android Application Interaction

Bartsch, Steffen ; Berger, Bernhard ; Bunke, Michaela ; Sohr, Karsten
eds.: Pernul, Günther ; Sandhu, Ravi (2013)
The Transitivity-of-Trust Problem in Android Application Interaction.
University of Surrey, Guildford, UK
Conference or Workshop Item, Bibliographie

Abstract

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for end users, while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent manner. In this paper, we propose to employ static analysis, based on the software architecture and focused on data-flow analysis, to detect information flows between components. Specifically, we aim to reveal transitivity-of-trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with two Android applications.

Item Type: Conference or Workshop Item
Erschienen: 2013
Editors: Pernul, Günther ; Sandhu, Ravi
Creators: Bartsch, Steffen ; Berger, Bernhard ; Bunke, Michaela ; Sohr, Karsten
Type of entry: Bibliographie
Title: The Transitivity-of-Trust Problem in Android Application Interaction
Language: English
Date: July 2013
Publisher: IEEE
Book Title: 8th International Conference on Availability, Reliability and Security (ARES 2013)
Event Location: University of Surrey, Guildford, UK
Corresponding Links:
Abstract:

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for end users, while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent manner. In this paper, we propose to employ static analysis, based on the software architecture and focused on data-flow analysis, to detect information flows between components. Specifically, we aim to reveal transitivity-of-trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with two Android applications.

Uncontrolled Keywords: Security, Usability and Society;Secure Data
Identification Number: TUD-CS-2013-0122
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > SECUSO - Security, Usability and Society
20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Zentren
20 Department of Computer Science
Profile Areas
LOEWE
Date Deposited: 28 Jul 2016 18:35
Last Modified: 30 May 2018 12:53
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details