Assisting Developers in Preventing Permissions Related Security Issues in Android Applications

被引：1

作者：

Tebib, Mohammed El Amin ^{[1
]}

Andre, Pascal ^{[2
]}

Aktouf, Oum-El-Kheir ^{[1
]}

Graa, Mariem ^{[3
]}

机构：

[1] Univ Grenoble Alpes, Grenoble INP, LCIS, Valence, France

[2] Univ Nantes, LS2N, CNRS, UMR 6004, Nantes, France

[3] IMT ATLANTIQUE, Nantes, France

来源：

DEPENDABLE COMPUTING, EDCC 2021 WORKSHOPS | 2021年 / 1462卷

关键词：

Android; Development; Security; Privacy; Permissions; IDE; MDRE;

D O I：

10.1007/978-3-030-86507-8_13

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Permissions related attacks are a widespread security issue in Android environment. Permissions misuse enables attackers to steal the application rights and perform malicious actions. While most of the existing solutions are advocated from end-users perspective, we take in this paper the developers perspective because security should be a software design concern. We propose a formal specification covering the permissions use by the current developers of Android applications, who are almost a third party developers. We underline a set of security properties. Then, we formally verify them by applying a Model Driven Reverse Engineering approach that enables abstraction and property verification. We implement the analysis approach as an IDE plug-in called PermDroid. Finally, we show the applicability of our approach through a case study.

引用

下载

页码：132 / 143

页数：12

共 50 条

[1] Unravelling Security Issues of Runtime Permissions in Android
Efthimios Alepis
Constantinos Patsakis
Journal of Hardware and Systems Security, 2019, 3 (1) : 45 - 63
[2] Quantitative Security Risk Assessment of Android Permissions and Applications
Wang, Yang
Zheng, Jun
Sun, Chen
Mukkamala, Srinivas
DATA AND APPLICATIONS SECURITY AND PRIVACY XXVII, 2013, 7964 : 226 - 241
[3] Abusing Android Permissions: A Security Perspective
Alenezi, Mamdouh
Almomani, Iman
2017 IEEE JORDAN CONFERENCE ON APPLIED ELECTRICAL ENGINEERING AND COMPUTING TECHNOLOGIES (AEECT), 2017,
[4] Security Evaluation System for Android Applications Using User's Reviews and Permissions
Okazaki, Naonobu
Kita, Yoshihiro
Aburada, Kentaro
Park, Mirang
JOURNAL OF ROBOTICS NETWORKING AND ARTIFICIAL LIFE, 2015, 2 (03): : 190 - 193
[5] Cybersecurity for Android Applications: Permissions in Android 5 and 6
Moore, Scott R.
Ge, Huangyi
Li, Ninghui
Proctor, Robert W.
INTERNATIONAL JOURNAL OF HUMAN-COMPUTER INTERACTION, 2019, 35 (07) : 630 - 640
[6] South African Android Applications, Their Security Permissions and Compliance With the Protection of Personal Information Act
White, Quintin
van Staden, Wynand
PROCEEDINGS OF THE 14TH INTERNATIONAL CONFERENCE ON CYBER WARFARE AND SECURITY (ICCWS 2019), 2019, : 492 - 501
[7] Proposal of Security Evaluation System using User's Reviews and Permissions for Android Applications
Okazaki, Naonobu
Kita, Yoshihiro
Aburada, Kentaro
Park, Mirang
PROCEEDINGS OF INTERNATIONAL CONFERENCE ON ARTIFICIAL LIFE AND ROBOTICS (ICAROB2015), 2015, : 331 - 334
[8] Privacy issues of android application permissions: A literature review
Shrivastava, Gulshan
Kumar, Prabhat
Gupta, Deepak
Rodrigues, Joel J. P. C.
TRANSACTIONS ON EMERGING TELECOMMUNICATIONS TECHNOLOGIES, 2020, 31 (12):
[9] Estimate Risks Eate for Android Applications Using Android Permissions
Er-Rajy, Latifa
El Kiram, My Ahmed
El Ghazouani, Mohamed
INTERNATIONAL JOURNAL OF MOBILE COMPUTING AND MULTIMEDIA COMMUNICATIONS, 2021, 12 (04)
[10] Android Custom Permissions Demystified: A Comprehensive Security Evaluation
Li, Rui
Diao, Wenrui
Li, Zhou
Yang, Shishuai
Li, Shuang
Guo, Shanqing
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2022, 48 (11) : 4465 - 4484

← 1 2 3 4 5 →