Assisting Developers in Preventing Permissions Related Security Issues in Android Applications

被引：1

作者：

Tebib, Mohammed El Amin ^{[1
]}

Andre, Pascal ^{[2
]}

Aktouf, Oum-El-Kheir ^{[1
]}

Graa, Mariem ^{[3
]}

机构：

[1] Univ Grenoble Alpes, Grenoble INP, LCIS, Valence, France

[2] Univ Nantes, LS2N, CNRS, UMR 6004, Nantes, France

[3] IMT ATLANTIQUE, Nantes, France

来源：

DEPENDABLE COMPUTING, EDCC 2021 WORKSHOPS | 2021年 / 1462卷

关键词：

Android; Development; Security; Privacy; Permissions; IDE; MDRE;

D O I：

10.1007/978-3-030-86507-8_13

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Permissions related attacks are a widespread security issue in Android environment. Permissions misuse enables attackers to steal the application rights and perform malicious actions. While most of the existing solutions are advocated from end-users perspective, we take in this paper the developers perspective because security should be a software design concern. We propose a formal specification covering the permissions use by the current developers of Android applications, who are almost a third party developers. We underline a set of security properties. Then, we formally verify them by applying a Model Driven Reverse Engineering approach that enables abstraction and property verification. We implement the analysis approach as an IDE plug-in called PermDroid. Finally, we show the applicability of our approach through a case study.

引用

页码：132 / 143

页数：12

共 50 条

[41] Assisting IoT Projects and Developers in Designing Interoperable Semantic Web of Things Applications
Gyrard, Amelie
Bonnet, Christian
Boudaoud, Karima
Serrano, Martin
2015 IEEE INTERNATIONAL CONFERENCE ON DATA SCIENCE AND DATA INTENSIVE SYSTEMS, 2015, : 659 - 666
[42] Study on Content Rating and Security Permissions of Mobile Applications in Google Play
Tiuc, Simona
Marcu, Marius
Cernazanu-Glavan, Cosmin
2015 IEEE INTERNATIONAL SYMPOSIUM ON TECHNOLOGY AND SOCIETY (ISTAS), 2015,
[43] Assisting Developers of Big Data Analytics Applications When Deploying on Hadoop Clouds
Shang, Weiyi
Jiang, Zhen Ming
Hemmati, Hadi
Adams, Bram
Hassan, Ahmed E.
Martin, Patrick
PROCEEDINGS OF THE 35TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2013), 2013, : 402 - 411
[44] Android Security: A Survey of Issues, Malware Penetration, and Defenses
Faruki, Parvez
Bharmal, Ammar
Laxmi, Vijay
Ganmoor, Vijay
Gaur, Manoj Singh
Conti, Mauro
Rajarajan, Muttukrishnan
IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2015, 17 (02): : 998 - 1022
[45] Security Testing of the Communication among Android Applications
Avancini, Andrea
Ceccato, Mariano
2013 8TH INTERNATIONAL WORKSHOP ON AUTOMATION OF SOFTWARE TEST (AST), 2013, : 57 - 63
[46] Security Analysis of Mobile Money Applications on Android
Darvish, Hesham
Husain, Mohammad
2018 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA), 2018, : 3072 - 3078
[47] Do App Developers Follow the Android Official Data Security Guidelines? - An Empirical Measurement on App Data Security
Yang, Shishuai
Hou, Qinsheng
Li, Shuang
Diao, Wenrui
PROCEEDINGS OF THE 2023 30TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE, APSEC 2023, 2023, : 71 - 80
[48] Security issues in VoIP applications
Hung, Patrick C. K.
Martin, Miguel Vargas
2006 CANADIAN CONFERENCE ON ELECTRICAL AND COMPUTER ENGINEERING, VOLS 1-5, 2006, : 2194 - +
[49] Why Did Developers Migrate Android Applications From Java']Java to Kotlin?
Martinez, Matias
Mateus, Bruno Gois
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2022, 48 (11) : 4521 - 4534
[50] A Survey on Security Issues, Vulnerabilities and Attacks in Android based Smartphone
Hur, Jalal B.
Shamsi, Jawwad A.
2017 INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGIES (ICICT), 2017, : 40 - 46

← 1 2 3 4 5 →