File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1007/978-3-319-08344-5_31
- Scopus: eid_2-s2.0-84904181369
- Find via
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Conference Paper: CoChecker: detecting capability and sensitive data leaks from component chains in android
| Title | CoChecker: detecting capability and sensitive data leaks from component chains in android |
|---|---|
| Authors | |
| Keywords | Android security Privilege escalation attack Static taint analysis |
| Issue Date | 2014 |
| Publisher | Springer Verlag. The Journal's web site is located at http://springerlink.com/content/105633/ |
| Citation | The 19th Australasian Conference on Information Security and Privacy (ACISP 2014), Wollongong, NSW., Australia, 7-9 July 2014. In Lecture Notes in Computer Science, 2014, v. 8544, p. 446-453 How to Cite? |
| Abstract | Studies show that malicious applications can obtain sensitive data from and perform protected operations in a mobile phone using an authorised yet vulnerable application as a deputy (referred to as privilege escalation attack). Thus it is desirable to have a checker that can help developers check whether their applications are vulnerable to these attacks. In this paper, we introduce our tool, CoChecker, to identify the leak paths (chains of components) that would lead to privilege escalation attacks using static taint analysis. We propose to build a call graph to model the execution of multiple entry points in a component and eliminate the false negatives due to the Android's event-driven programming paradigm. We further carry out inter-component communication through intent-tracing and formulate the call graph of the analyzed app. The evaluation of CoChecker on the state-of-the-art test suit DroidBench and randomly downloaded apps shows that it is both efficient and effective. © 2014 Springer International Publishing Switzerland. |
| Description | LNCS v. 8544 entitled: Information security and privacy : 19th Australasian Conference, ACISP 2014 ... proceedings Session 11: Short Papers 2 |
| Persistent Identifier | http://hdl.handle.net/10722/203662 |
| ISBN | |
| ISSN | 2020 SCImago Journal Rankings: 0.249 |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Cui, X | en_US |
| dc.contributor.author | Yu, D | en_US |
| dc.contributor.author | Chan, PF | en_US |
| dc.contributor.author | Hui, LCK | en_US |
| dc.contributor.author | Yiu, SM | en_US |
| dc.contributor.author | Qing, S | en_US |
| dc.date.accessioned | 2014-09-19T15:49:11Z | - |
| dc.date.available | 2014-09-19T15:49:11Z | - |
| dc.date.issued | 2014 | en_US |
| dc.identifier.citation | The 19th Australasian Conference on Information Security and Privacy (ACISP 2014), Wollongong, NSW., Australia, 7-9 July 2014. In Lecture Notes in Computer Science, 2014, v. 8544, p. 446-453 | en_US |
| dc.identifier.isbn | 978-3-319-08343-8 | - |
| dc.identifier.issn | 0302-9743 | en_US |
| dc.identifier.uri | http://hdl.handle.net/10722/203662 | - |
| dc.description | LNCS v. 8544 entitled: Information security and privacy : 19th Australasian Conference, ACISP 2014 ... proceedings | - |
| dc.description | Session 11: Short Papers 2 | - |
| dc.description.abstract | Studies show that malicious applications can obtain sensitive data from and perform protected operations in a mobile phone using an authorised yet vulnerable application as a deputy (referred to as privilege escalation attack). Thus it is desirable to have a checker that can help developers check whether their applications are vulnerable to these attacks. In this paper, we introduce our tool, CoChecker, to identify the leak paths (chains of components) that would lead to privilege escalation attacks using static taint analysis. We propose to build a call graph to model the execution of multiple entry points in a component and eliminate the false negatives due to the Android's event-driven programming paradigm. We further carry out inter-component communication through intent-tracing and formulate the call graph of the analyzed app. The evaluation of CoChecker on the state-of-the-art test suit DroidBench and randomly downloaded apps shows that it is both efficient and effective. © 2014 Springer International Publishing Switzerland. | - |
| dc.language | eng | en_US |
| dc.publisher | Springer Verlag. The Journal's web site is located at http://springerlink.com/content/105633/ | en_US |
| dc.relation.ispartof | Lecture Notes in Computer Science | en_US |
| dc.rights | The original publication is available at www.springerlink.com | - |
| dc.subject | Android security | - |
| dc.subject | Privilege escalation attack | - |
| dc.subject | Static taint analysis | - |
| dc.title | CoChecker: detecting capability and sensitive data leaks from component chains in android | en_US |
| dc.type | Conference_Paper | en_US |
| dc.identifier.email | Hui, LCK: hui@cs.hku.hk | en_US |
| dc.identifier.email | Yiu, SM: smyiu@cs.hku.hk | en_US |
| dc.identifier.authority | Hui, LCK=rp00120 | en_US |
| dc.identifier.authority | Yiu, SM=rp00207 | en_US |
| dc.description.nature | link_to_subscribed_fulltext | - |
| dc.identifier.doi | 10.1007/978-3-319-08344-5_31 | - |
| dc.identifier.scopus | eid_2-s2.0-84904181369 | - |
| dc.identifier.hkuros | 238681 | en_US |
| dc.identifier.hkuros | 240251 | - |
| dc.identifier.volume | 8544 | en_US |
| dc.identifier.spage | 446 | en_US |
| dc.identifier.epage | 453 | en_US |
| dc.publisher.place | Germany | en_US |
| dc.customcontrol.immutable | sml 141014 | - |
| dc.identifier.issnl | 0302-9743 | - |