Assisting Developers in Preventing Permissions Related Security Issues in Android Applications

被引：1

作者：

Tebib, Mohammed El Amin ^{[1
]}

Andre, Pascal ^{[2
]}

Aktouf, Oum-El-Kheir ^{[1
]}

Graa, Mariem ^{[3
]}

机构：

[1] Univ Grenoble Alpes, Grenoble INP, LCIS, Valence, France

[2] Univ Nantes, LS2N, CNRS, UMR 6004, Nantes, France

[3] IMT ATLANTIQUE, Nantes, France

来源：

DEPENDABLE COMPUTING, EDCC 2021 WORKSHOPS | 2021年 / 1462卷

关键词：

Android; Development; Security; Privacy; Permissions; IDE; MDRE;

D O I：

10.1007/978-3-030-86507-8_13

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Permissions related attacks are a widespread security issue in Android environment. Permissions misuse enables attackers to steal the application rights and perform malicious actions. While most of the existing solutions are advocated from end-users perspective, we take in this paper the developers perspective because security should be a software design concern. We propose a formal specification covering the permissions use by the current developers of Android applications, who are almost a third party developers. We underline a set of security properties. Then, we formally verify them by applying a Model Driven Reverse Engineering approach that enables abstraction and property verification. We implement the analysis approach as an IDE plug-in called PermDroid. Finally, we show the applicability of our approach through a case study.

引用

下载

页码：132 / 143

页数：12

共 50 条

[21] Applications of mobile agents and related security issues
Ketel, Mohammed
PROCEEDINGS IEEE SOUTHEASTCON 2007, VOLS 1 AND 2, 2007, : 23 - 28
[22] Evaluation of mHealth Applications Security Based on Application Permissions
Pustozerov, Evgenii
Von Jan, Ute
Albrecht, Urs-Vito
UNIFYING THE APPLICATIONS AND FOUNDATIONS OF BIOMEDICAL AND HEALTH INFORMATICS, 2016, 226 : 241 - 244
[23] Android Password Managers and Vault Applications: Data Storage Security Issues Identification
Sabev, P.
Petrov, M.
JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2022, 67
[24] Android (Nougats) Security Issues and Solutions
Iqbal, Shahid
Yasin, Amber
Naqash, Talha
PROCEEDINGS OF 4TH IEEE INTERNATIONAL CONFERENCE ON APPLIED SYSTEM INNOVATION 2018 ( IEEE ICASI 2018 ), 2018, : 1152 - 1155
[25] Assessment of malicious applications using permissions and enhanced user interfaces on Android
Lee, Sangho
Ju, Da Young
2013 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS: BIG DATA, EMERGENT THREATS, AND DECISION-MAKING IN SECURITY INFORMATICS, 2013, : 270 - 270
[26] Leveraging the first line of defense: a study on the evolution and usage of android security permissions for enhanced android malware detection
Guerra-Manzanares, Alejandro
Bahsi, Hayretdin
Luckner, Marcin
JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2023, 19 (01) : 65 - 96
[27] Leveraging the first line of defense: a study on the evolution and usage of android security permissions for enhanced android malware detection
Alejandro Guerra-Manzanares
Hayretdin Bahsi
Marcin Luckner
Journal of Computer Virology and Hacking Techniques, 2023, 19 : 65 - 96
[28] A Proposal for Addressing Security Issues Related to Dynamic Code Loading on Android Platform
Kelec, Aleksandar
Djuric, Zoran
COMPUTER SYSTEMS SCIENCE AND ENGINEERING, 2020, 35 (04): : 271 - 282
[29] Android Applications and Security Breach
Noemi Benitez-Mejia, Diana Gabriela
Sanchez-Perez, Gabriel
Karina Toscano-Medina, Linda
2016 THIRD INTERNATIONAL CONFERENCE ON DIGITAL INFORMATION PROCESSING, DATA MINING, AND WIRELESS COMMUNICATIONS (DIPDMWC), 2016, : 164 - 169
[30] Data Security of Android Applications
Obiri-Yeboah, Jesse
Qi, Man
2016 12TH INTERNATIONAL CONFERENCE ON NATURAL COMPUTATION, FUZZY SYSTEMS AND KNOWLEDGE DISCOVERY (ICNC-FSKD), 2016, : 1716 - 1721

← 1 2 3 4 5 →