Detecting Privacy Leaks Through Existing Android Frameworks
Download Detecting Privacy Leaks Through Existing Android Frameworks PDF/ePub or read online books in Mobi eBooks. Click Download or Read Online button to get Detecting Privacy Leaks Through Existing Android Frameworks book now. This website allows unlimited access to, at the time of writing, more than 1.5 million titles, including hundreds of thousands of titles in various foreign languages.
Detecting Privacy Leaks Through Existing Android Frameworks
The Android application ecosystem has thrived, with hundreds of thousands of applications (apps) available to users; however, not all of them are safe or privacy-friendly. Analyzing these many apps for malicious behaviors is an important but challenging area of research as malicious apps tend to use prevalent stealth techniques, e.g., encryption, code transformation, and other obfuscation approaches to bypass detection. Academic researchers and security companies have realized that the traditional signature-based and static analysis methods are inadequate to deal with this evolvingthreat. In recent years, a number of static and dynamic code analysis proposals for analyzing Android apps have been introduced in academia and in the commercial world. Moreover, as a single detection approach may be ineffective against advanced obfuscation techniques, multiple frameworks for privacy leakage detection have been shown to yield better results when used in conjunction. In this dissertation, our contribution is two-fold. First, we organize 32 of the most recent and promising privacy-oriented proposals on Android apps analysis into two categories: static and dynamic analysis. For each category, we survey the state of-the-art proposals and provide a high-level overview of the methodology they rely on to detect privacy-sensitive leakages and app behaviors. Second, we choose one popular proposal from each category to analyze and detect leakages in 5,000 Android apps. Our toolchain setup consists of IntelliDroid (static) to find and trigger sensitive API (Application Program Interface) calls in target apps and leverages TaintDroid (dynamic) to detect leakages in these apps. We found that about 33%of the tested apps leak privacy-sensitive information over the network (e.g., IMEI, location, UDID), which is consistent with existing work. Furthermore, we highlight the efficiency of combining IntelliDroid and TaintDroid in comparison with Android Monkey and TaintDroid as used in most prior work. We report an overall increase in the frequency of leakage of identifiers. This increase may indicate that IntelliDroid is a better approach over Android Monkey.
Security, Privacy, and Anonymity in Computation, Communication, and Storage
This book constitutes the refereed proceedings of the 10th International Conference on Security, Privacy and Anonymity in Computation, Communication, and Storage, SpaCCS 2017, held in Guangzhou, China, in December 2017. The 47 papers presented in this volume were carefully reviewed and selected from 140 submissions. They deal with research findings, achievements, innovations and perspectives in information security and related fields covering topics such as security algorithms and architectures, privacy-aware policies, regulations and techniques, anonymous computation and communication, encompassing fundamental theoretical approaches, practical experimental projects, and commercial application systems for computation, communication and storage.
Research in Attacks, Intrusions, and Defenses
This book constitutes the refereed conference proceedings of the 20th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2017, held in Atlanta, GA, USA, in September 2017. The 21 revised full papers were selected from 105 submissions. They are organized in the following topics: software security, intrusion detection, systems security, android security, cybercrime, cloud security, network security.