Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Mobile Phones as Computing Devices: The Viruses are Coming!
IEEE Pervasive Computing
Eliciting security requirements with misuse cases
Requirements Engineering
Security Patterns: Integrating Security and Systems Engineering
Security Patterns: Integrating Security and Systems Engineering
A framework for security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
The Security Development Lifecycle
The Security Development Lifecycle
Computer Standards & Interfaces
SmartSiren: virus detection and alert for smartphones
Proceedings of the 5th international conference on Mobile systems, applications and services
A Pattern System for Security Requirements Engineering
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
A trusted mobile phone reference architecturevia secure kernel
Proceedings of the 2007 ACM workshop on Scalable trusted computing
Can you infect me now?: malware propagation in mobile phone networks
Proceedings of the 2007 ACM workshop on Recurring malcode
Security-by-contract on the .NET platform
Information Security Tech. Report
Measuring integrity on mobile phone systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Behavioral detection of malware on mobile handsets
Proceedings of the 6th international conference on Mobile systems, applications, and services
Ghost turns zombie: exploring the life cycle of web-based malware
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
P3P: Making Privacy Policies More Useful
IEEE Security and Privacy
Verifying compliance of trusted programs
SS'08 Proceedings of the 17th conference on Security symposium
Monitoring smartphones for anomaly detection
Mobile Networks and Applications
Understanding Android Security
IEEE Security and Privacy
Applying a security requirements engineering process
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Progressive multi gray-leveling: a voice spam protection algorithm
IEEE Network: The Magazine of Global Internetworking
Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Proceedings of the 17th ACM conference on Computer and communications security
System security, platform security and usability
Proceedings of the fifth ACM workshop on Scalable trusted computing
Infringo ergo sum: when will software engineering support infringements?
Proceedings of the FSE/SDP workshop on Future of software engineering research
The VMware mobile virtualization platform: is that a hypervisor in your pocket?
ACM SIGOPS Operating Systems Review
Porscha: policy oriented secure content handling in Android
Proceedings of the 26th Annual Computer Security Applications Conference
Paranoid Android: versatile protection for smartphones
Proceedings of the 26th Annual Computer Security Applications Conference
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
On-device control flow verification for Java programs
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
CRePE: context-related policy enforcement for android
ISC'10 Proceedings of the 13th international conference on Information security
Privilege escalation attacks on android
ISC'10 Proceedings of the 13th international conference on Information security
Security versus energy tradeoffs in host-based mobile malware detection
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Taming information-stealing smartphone applications (on Android)
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Towards permission-based attestation for the Android platform
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
All your droid are belong to us: a survey of current android attacks
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
A survey of mobile malware in the wild
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Practical and lightweight domain isolation on Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Short paper: a look at smartphone permission models
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers
Proceedings of the 18th ACM conference on Computer and communications security
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the 18th ACM conference on Computer and communications security
Attacks on WebView in the Android system
Proceedings of the 27th Annual Computer Security Applications Conference
Performance analysis of security enforcement on Android operating system
Proceedings of the 2011 ACM Symposium on Research in Applied Computation
Protecting health information on mobile devices
Proceedings of the second ACM conference on Data and Application Security and Privacy
Detecting repackaged smartphone applications in third-party android marketplaces
Proceedings of the second ACM conference on Data and Application Security and Privacy
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Unsafe exposure analysis of mobile in-app advertisements
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
DroidChecker: analyzing android applications for capability leak
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Design of SMS commanded-and-controlled and P2P-structured mobile botnets
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Is this app safe?: a large scale study on application permissions and risk signals
Proceedings of the 21st international conference on World Wide Web
RGBDroid: a novel response-based approach to android privilege escalation attacks
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Semantically rich application-centric security in Android
Security and Communication Networks
Constroid: data-centric access control for android
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Android permissions: a perspective combining risks and benefits
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
RiskRanker: scalable and accurate zero-day android malware detection
Proceedings of the 10th international conference on Mobile systems, applications, and services
Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
Java card architecture for autonomous yet secure evolution of smart cards applications
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
ProfileDroid: multi-layer profiling of android applications
Proceedings of the 18th annual international conference on Mobile computing and networking
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Aurasium: practical policy enforcement for Android applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
AdSplit: separating smartphone advertising from applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Privacy in mobile technology for personal healthcare
ACM Computing Surveys (CSUR)
Dr. Android and Mr. Hide: fine-grained permissions in android applications
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Short paper: rethinking permissions for mobile web apps: barriers and the road ahead
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Why eve and mallory love android: an analysis of android SSL (in)security
Proceedings of the 2012 ACM conference on Computer and communications security
PScout: analyzing the Android permission specification
Proceedings of the 2012 ACM conference on Computer and communications security
CHEX: statically vetting Android apps for component hijacking vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
Using probabilistic generative models for ranking risks of Android apps
Proceedings of the 2012 ACM conference on Computer and communications security
MADAM: a multi-level anomaly detector for android malware
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Permission evolution in the Android ecosystem
Proceedings of the 28th Annual Computer Security Applications Conference
Analysis of the communication between colluding applications on modern smartphones
Proceedings of the 28th Annual Computer Security Applications Conference
ThinAV: truly lightweight mobile cloud-based anti-malware
Proceedings of the 28th Annual Computer Security Applications Conference
What you see predicts what you get—lightweight agent-based malware detection
Security and Communication Networks
An Android runtime security policy enforcement framework
Personal and Ubiquitous Computing
Permission-based abnormal application detection for android
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Sweetening android lemon markets: measuring and combating malware in application marketplaces
Proceedings of the third ACM conference on Data and application security and privacy
Proceedings of the third ACM conference on Data and application security and privacy
Information Security Tech. Report
Towards unified authorization for android
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
MAST: triage for market-scale mobile malware analysis
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
Insights into layout patterns of mobile user interfaces by an automatic analysis of android apps
Proceedings of the 5th ACM SIGCHI symposium on Engineering interactive computing systems
Supporting visual security cues for WebView-based Android apps
Proceedings of the 28th Annual ACM Symposium on Applied Computing
MeadDroid: detecting monetary theft attacks in android by DVM monitoring
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
PSiOS: bring your own privacy & security to iOS devices
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Real-time detection and prevention of android SMS permission abuses
Proceedings of the first international workshop on Security in embedded systems and smartphones
Know your enemy: the risk of unauthorized access in smartphones by insiders
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
DEMO: Enabling trusted stores for android
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Identity, location, disease and more: inferring your secrets from android public resources
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Preventing accidental data disclosure in modern operating systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Vetting undesirable behaviors in android apps with permission use analysis
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
An empirical study of cryptographic misuse in android applications
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
The impact of vendor customizations on android security
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Structural detection of android malware using embedded call graphs
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
AFrame: isolating advertisements from mobile applications in Android
Proceedings of the 29th Annual Computer Security Applications Conference
FireDroid: hardening security in almost-stock Android
Proceedings of the 29th Annual Computer Security Applications Conference
Quantitative security risk assessment of android permissions and applications
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
SEC'13 Proceedings of the 22nd USENIX conference on Security
WHYPER: towards automating risk assessment of mobile applications
SEC'13 Proceedings of the 22nd USENIX conference on Security
SEC'13 Proceedings of the 22nd USENIX conference on Security
RiskMon: continuous and automated risk assessment of mobile applications
Proceedings of the 4th ACM conference on Data and application security and privacy
Compac: enforce component-level access control in android
Proceedings of the 4th ACM conference on Data and application security and privacy
DroidBarrier: know what is executing on your android
Proceedings of the 4th ACM conference on Data and application security and privacy
Load time code validation for mobile phone Java Cards
Journal of Information Security and Applications
Detecting mobile malware threats to homeland security through static analysis
Journal of Network and Computer Applications
Unified security enhancement framework for the Android operating system
The Journal of Supercomputing
ipShield: a framework for enforcing context-aware privacy
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
Users have begun downloading an increasingly large number of mobile phone applications in response to advancements in handsets and wireless networks. The increased number of applications results in a greater chance of installing Trojans and similar malware. In this paper, we propose the Kirin security service for Android, which performs lightweight certification of applications to mitigate malware at install time. Kirin certification uses security rules, which are templates designed to conservatively match undesirable properties in security configuration bundled with applications. We use a variant of security requirements engineering techniques to perform an in-depth security analysis of Android to produce a set of rules that match malware characteristics. In a sample of 311 of the most popular applications downloaded from the official Android Market, Kirin and our rules found 5 applications that implement dangerous functionality and therefore should be installed with extreme caution. Upon close inspection, another five applications asserted dangerous rights, but were within the scope of reasonable functional needs. These results indicate that security configuration bundled with Android applications provides practical means of detecting malware.