File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Conference Paper: CoChecker: detecting capability and sensitive data leaks from component chains in android

TitleCoChecker: detecting capability and sensitive data leaks from component chains in android
Authors
KeywordsAndroid security
Privilege escalation attack
Static taint analysis
Issue Date2014
PublisherSpringer Verlag. The Journal's web site is located at http://springerlink.com/content/105633/
Citation
The 19th Australasian Conference on Information Security and Privacy (ACISP 2014), Wollongong, NSW., Australia, 7-9 July 2014. In Lecture Notes in Computer Science, 2014, v. 8544, p. 446-453 How to Cite?
AbstractStudies show that malicious applications can obtain sensitive data from and perform protected operations in a mobile phone using an authorised yet vulnerable application as a deputy (referred to as privilege escalation attack). Thus it is desirable to have a checker that can help developers check whether their applications are vulnerable to these attacks. In this paper, we introduce our tool, CoChecker, to identify the leak paths (chains of components) that would lead to privilege escalation attacks using static taint analysis. We propose to build a call graph to model the execution of multiple entry points in a component and eliminate the false negatives due to the Android's event-driven programming paradigm. We further carry out inter-component communication through intent-tracing and formulate the call graph of the analyzed app. The evaluation of CoChecker on the state-of-the-art test suit DroidBench and randomly downloaded apps shows that it is both efficient and effective. © 2014 Springer International Publishing Switzerland.
DescriptionLNCS v. 8544 entitled: Information security and privacy : 19th Australasian Conference, ACISP 2014 ... proceedings
Session 11: Short Papers 2
Persistent Identifierhttp://hdl.handle.net/10722/203662
ISBN
ISSN
2023 SCImago Journal Rankings: 0.606

 

DC FieldValueLanguage
dc.contributor.authorCui, Xen_US
dc.contributor.authorYu, Den_US
dc.contributor.authorChan, PFen_US
dc.contributor.authorHui, LCKen_US
dc.contributor.authorYiu, SMen_US
dc.contributor.authorQing, Sen_US
dc.date.accessioned2014-09-19T15:49:11Z-
dc.date.available2014-09-19T15:49:11Z-
dc.date.issued2014en_US
dc.identifier.citationThe 19th Australasian Conference on Information Security and Privacy (ACISP 2014), Wollongong, NSW., Australia, 7-9 July 2014. In Lecture Notes in Computer Science, 2014, v. 8544, p. 446-453en_US
dc.identifier.isbn978-3-319-08343-8-
dc.identifier.issn0302-9743en_US
dc.identifier.urihttp://hdl.handle.net/10722/203662-
dc.descriptionLNCS v. 8544 entitled: Information security and privacy : 19th Australasian Conference, ACISP 2014 ... proceedings-
dc.descriptionSession 11: Short Papers 2-
dc.description.abstractStudies show that malicious applications can obtain sensitive data from and perform protected operations in a mobile phone using an authorised yet vulnerable application as a deputy (referred to as privilege escalation attack). Thus it is desirable to have a checker that can help developers check whether their applications are vulnerable to these attacks. In this paper, we introduce our tool, CoChecker, to identify the leak paths (chains of components) that would lead to privilege escalation attacks using static taint analysis. We propose to build a call graph to model the execution of multiple entry points in a component and eliminate the false negatives due to the Android's event-driven programming paradigm. We further carry out inter-component communication through intent-tracing and formulate the call graph of the analyzed app. The evaluation of CoChecker on the state-of-the-art test suit DroidBench and randomly downloaded apps shows that it is both efficient and effective. © 2014 Springer International Publishing Switzerland.-
dc.languageengen_US
dc.publisherSpringer Verlag. The Journal's web site is located at http://springerlink.com/content/105633/en_US
dc.relation.ispartofLecture Notes in Computer Scienceen_US
dc.rightsThe original publication is available at www.springerlink.com-
dc.subjectAndroid security-
dc.subjectPrivilege escalation attack-
dc.subjectStatic taint analysis-
dc.titleCoChecker: detecting capability and sensitive data leaks from component chains in androiden_US
dc.typeConference_Paperen_US
dc.identifier.emailHui, LCK: hui@cs.hku.hken_US
dc.identifier.emailYiu, SM: smyiu@cs.hku.hken_US
dc.identifier.authorityHui, LCK=rp00120en_US
dc.identifier.authorityYiu, SM=rp00207en_US
dc.description.naturelink_to_subscribed_fulltext-
dc.identifier.doi10.1007/978-3-319-08344-5_31-
dc.identifier.scopuseid_2-s2.0-84904181369-
dc.identifier.hkuros238681en_US
dc.identifier.hkuros240251-
dc.identifier.volume8544en_US
dc.identifier.spage446en_US
dc.identifier.epage453en_US
dc.publisher.placeGermanyen_US
dc.customcontrol.immutablesml 141014-
dc.identifier.issnl0302-9743-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats