Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Google Android: A Comprehensive Security Assessment
IEEE Security and Privacy
Securing Android-Powered Mobile Devices Using SELinux
IEEE Security and Privacy
Proceedings of the 17th ACM conference on Computer and communications security
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Toward a general collection methodology for Android devices
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A survey of mobile malware in the wild
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Challenges in network application identification
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Aurasium: practical policy enforcement for Android applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Security analysis of smartphone point-of-sale systems
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Why eve and mallory love android: an analysis of android SSL (in)security
Proceedings of the 2012 ACM conference on Computer and communications security
TreeDroid: a tree automaton based approach to enforcing data processing policies
Proceedings of the 2012 ACM conference on Computer and communications security
Security add-ons for mobile platforms
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Sweetening android lemon markets: measuring and combating malware in application marketplaces
Proceedings of the third ACM conference on Data and application security and privacy
Proceedings of the Ninth Symposium on Usable Privacy and Security
Rethinking SSL development in an appified world
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
An empirical study of cryptographic misuse in android applications
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Native code execution control for attack mitigation on android
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Secure smartphone-based registration and key deployment for vehicle-to-cloud communications
Proceedings of the 2013 ACM workshop on Security, privacy & dependability for cyber vehicles
I/O stack optimization for smartphones
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
Wi-Fi access denial of service attack to smartphones
International Journal of Security and Networks
DroidLegacy: Automated Familial Classification of Android Malware
Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014
DroidBarrier: know what is executing on your android
Proceedings of the 4th ACM conference on Data and application security and privacy
Repackaging Attack on Android Banking Applications and Its Countermeasures
Wireless Personal Communications: An International Journal
| Hi-index | 0.00 |
In the past few years, mobile devices (smartphones, PDAs) have seen both their computational power and their data connectivity rise to a level nearly equivalent to that available on small desktop computers, while becoming ubiquitous. On the downside, these mobile devices are now an extremely attractive target for large-scale security attacks. Mobile device middleware is thus experiencing an increased focus on attempts to mitigate potential security compromises. In particular, Android incorporates by design many well-known security features such as privilege separation. The Android security model also creates several new security sensitive concepts such as Android's application permission system and the unmoderated Android market. In this paper we look to Android as a specific instance of mobile computing. We first discuss the Android security model and some potential weaknesses of the model. We then provide a taxonomy of attacks to the platform demonstrated by real attacks that in the end guarantee privileged access to the device. Where possible, we also propose mitigations for the identified vulnerabilities.