Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Proceedings of the 17th ACM conference on Computer and communications security
Porscha: policy oriented secure content handling in Android
Proceedings of the 26th Annual Computer Security Applications Conference
Exploiting smart-phone USB connectivity for fun and profit
Proceedings of the 26th Annual Computer Security Applications Conference
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
On-device control flow verification for Java programs
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
CRePE: context-related policy enforcement for android
ISC'10 Proceedings of the 13th international conference on Information security
Privilege escalation attacks on android
ISC'10 Proceedings of the 13th international conference on Information security
Automating GUI testing for Android applications
Proceedings of the 6th International Workshop on Automation of Software Test
Taming information-stealing smartphone applications (on Android)
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
A specification based intrusion detection framework for mobile phones
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
Crowdroid: behavior-based malware detection system for Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Practical and lightweight domain isolation on Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Short paper: a look at smartphone permission models
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Poster: collaborative policy administration
Proceedings of the 18th ACM conference on Computer and communications security
"Andromaly": a behavioral malware detection framework for android devices
Journal of Intelligent Information Systems
Protecting health information on mobile devices
Proceedings of the second ACM conference on Data and Application Security and Privacy
Detecting repackaged smartphone applications in third-party android marketplaces
Proceedings of the second ACM conference on Data and Application Security and Privacy
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Unsafe exposure analysis of mobile in-app advertisements
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
DroidChecker: analyzing android applications for capability leak
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
A location-based policy-specification language for mobile devices
Pervasive and Mobile Computing
RGBDroid: a novel response-based approach to android privilege escalation attacks
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Semantically rich application-centric security in Android
Security and Communication Networks
Constroid: data-centric access control for android
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Runtime verification meets android security
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
MOSES: supporting operation modes on smartphones
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Android permissions: a perspective combining risks and benefits
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
RiskRanker: scalable and accurate zero-day android malware detection
Proceedings of the 10th international conference on Mobile systems, applications, and services
Measuring user confidence in smartphone security and privacy
Proceedings of the Eighth Symposium on Usable Privacy and Security
Java card architecture for autonomous yet secure evolution of smart cards applications
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Rooting android --- extending the ADB by an auto-connecting wifi-accessible service
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
ProfileDroid: multi-layer profiling of android applications
Proceedings of the 18th annual international conference on Mobile computing and networking
AdSplit: separating smartphone advertising from applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Verifiable control flow policies for java bytecode
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Dr. Android and Mr. Hide: fine-grained permissions in android applications
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Reducing attack surfaces for intra-application communication in android
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Using probabilistic generative models for ranking risks of Android apps
Proceedings of the 2012 ACM conference on Computer and communications security
Exposing security risks for commercial mobile devices
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
MADAM: a multi-level anomaly detector for android malware
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Permission evolution in the Android ecosystem
Proceedings of the 28th Annual Computer Security Applications Conference
Practicality of accelerometer side channels on smartphones
Proceedings of the 28th Annual Computer Security Applications Conference
Analysis of the communication between colluding applications on modern smartphones
Proceedings of the 28th Annual Computer Security Applications Conference
An Android runtime security policy enforcement framework
Personal and Ubiquitous Computing
Fast, scalable detection of "Piggybacked" mobile applications
Proceedings of the third ACM conference on Data and application security and privacy
Information Security Tech. Report
Bring your own device, securely
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Real-time detection and prevention of android SMS permission abuses
Proceedings of the first international workshop on Security in embedded systems and smartphones
Know your enemy: the risk of unauthorized access in smartphones by insiders
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Preventing accidental data disclosure in modern operating systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Vetting undesirable behaviors in android apps with permission use analysis
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
AFrame: isolating advertisements from mobile applications in Android
Proceedings of the 29th Annual Computer Security Applications Conference
SEC'13 Proceedings of the 22nd USENIX conference on Security
SEC'13 Proceedings of the 22nd USENIX conference on Security
Compac: enforce component-level access control in android
Proceedings of the 4th ACM conference on Data and application security and privacy
Transforming high-level requirements to executable policies for Android
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
Load time code validation for mobile phone Java Cards
Journal of Information Security and Applications
Quantifying and Classifying Covert Communications on Android
Mobile Networks and Applications
A taxonomy of privilege escalation attacks in Android applications
International Journal of Security and Networks
Unified security enhancement framework for the Android operating system
The Journal of Supercomputing
| Hi-index | 0.00 |
Smartphones are now ubiquitous. However, the security requirements of these relatively new systems and the applications they support are still being understood. As a result, the security infrastructure available in current smartphone operating systems is largely underdeveloped. In this paper, we consider the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them. We present Secure Application INTeraction (Saint), a modified infrastructure that governs install-time permission assignment and their run-time use as dictated by application provider policy. An in-depth description of the semantics of application policy is presented. The architecture and technical detail of Saint is given, and areas for extension, optimization, and improvement explored. As we show through concrete example, Saint provides necessary utility for applications to assert and control the security decisions on the platform.