Self-Organizing Maps
ACM SIGOPS Operating Systems Review
Data Mining: Concepts and Techniques
Data Mining: Concepts and Techniques
Expandable grids for visualizing and authoring computer security policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Understanding Android Security
IEEE Security and Privacy
Usability meets access control: challenges and research opportunities
Proceedings of the 14th ACM symposium on Access control models and technologies
Proceedings of the 5th Symposium on Usable Privacy and Security
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
System security, platform security and usability
Proceedings of the fifth ACM workshop on Scalable trusted computing
Proceedings of the first ACM conference on Data and application security and privacy
Privilege escalation attacks on android
ISC'10 Proceedings of the 13th international conference on Information security
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
All your droid are belong to us: a survey of current android attacks
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
L4Android: a generic operating system framework for secure smartphones
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Short paper: a look at smartphone permission models
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers
Proceedings of the 18th ACM conference on Computer and communications security
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Attacks on WebView in the Android system
Proceedings of the 27th Annual Computer Security Applications Conference
Performance analysis of security enforcement on Android operating system
Proceedings of the 2011 ACM Symposium on Research in Applied Computation
Detecting repackaged smartphone applications in third-party android marketplaces
Proceedings of the second ACM conference on Data and Application Security and Privacy
Don't kill my ads!: balancing privacy in an ad-supported mobile application market
Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Is this app safe?: a large scale study on application permissions and risk signals
Proceedings of the 21st international conference on World Wide Web
Android permissions: a perspective combining risks and benefits
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Proceedings of the 2012 ACM Conference on Ubiquitous Computing
Dr. Android and Mr. Hide: fine-grained permissions in android applications
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
PScout: analyzing the Android permission specification
Proceedings of the 2012 ACM conference on Computer and communications security
Using probabilistic generative models for ranking risks of Android apps
Proceedings of the 2012 ACM conference on Computer and communications security
Permission evolution in the Android ecosystem
Proceedings of the 28th Annual Computer Security Applications Conference
Analysis of the communication between colluding applications on modern smartphones
Proceedings of the 28th Annual Computer Security Applications Conference
A conundrum of permissions: installing applications on an android smartphone
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Permission-based abnormal application detection for android
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Fast, scalable detection of "Piggybacked" mobile applications
Proceedings of the third ACM conference on Data and application security and privacy
Proceedings of the third ACM conference on Data and application security and privacy
Towards unified authorization for android
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
MAST: triage for market-scale mobile malware analysis
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
A multi-dimensional measure for intrusion: the intrusiveness quality attribute
Proceedings of the 9th international ACM Sigsoft conference on Quality of software architectures
Privacy as part of the app decision-making process
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Supporting visual security cues for WebView-based Android apps
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Role mining algorithm evaluation and improvement in large volume android applications
Proceedings of the first international workshop on Security in embedded systems and smartphones
Preventing accidental data disclosure in modern operating systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Vetting undesirable behaviors in android apps with permission use analysis
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
The impact of vendor customizations on android security
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Sleeping android: the danger of dormant permissions
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
AndroSimilar: robust statistical feature signature for Android malware detection
Proceedings of the 6th International Conference on Security of Information and Networks
Proceedings of the 29th Annual Computer Security Applications Conference
Quantitative security risk assessment of android permissions and applications
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
WHYPER: towards automating risk assessment of mobile applications
SEC'13 Proceedings of the 22nd USENIX conference on Security
SEC'13 Proceedings of the 22nd USENIX conference on Security
An operational semantics for android activities
Proceedings of the ACM SIGPLAN 2014 Workshop on Partial Evaluation and Program Manipulation
RiskMon: continuous and automated risk assessment of mobile applications
Proceedings of the 4th ACM conference on Data and application security and privacy
Quantifying and Classifying Covert Communications on Android
Mobile Networks and Applications
ipShield: a framework for enforcing context-aware privacy
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
Permission-based security models provide controlled access to various system resources. The expressiveness of the permission set plays an important role in providing the right level of granularity in access control. In this work, we present a methodology for the empirical analysis of permission-based security models which makes novel use of the Self-Organizing Map (SOM) algorithm of Kohonen (2001). While the proposed methodology may be applicable to a wide range of architectures, we analyze 1,100 Android applications as a case study. Our methodology is of independent interest for visualization of permission-based systems beyond our present Android-specific empirical analysis. We offer some discussion identifying potential points of improvement for the Android permission model attempting to increase expressiveness where needed without increasing the total number of permissions or overall complexity.