Schematic pseudocode for program constructs and its computer automation by SCHEMACODE
Communications of the ACM
Reasoning about inconsistencies in natural language requirements
ACM Transactions on Software Engineering and Methodology (TOSEM)
Feature-rich part-of-speech tagging with a cyclic dependency network
NAACL '03 Proceedings of the 2003 Conference of the North American Chapter of the Association for Computational Linguistics on Human Language Technology - Volume 1
Accurate unlexicalized parsing
ACL '03 Proceedings of the 41st Annual Meeting on Association for Computational Linguistics - Volume 1
Incorporating non-local information into information extraction systems by Gibbs sampling
ACL '05 Proceedings of the 43rd Annual Meeting on Association for Computational Linguistics
/*icomment: bugs or bad comments?*/
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Parseweb: a programmer assistant for reusing open source code on the web
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
QSIC '08 Proceedings of the 2008 The Eighth International Conference on Quality Software
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Improving API documentation usability with knowledge pushing
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
The Stanford typed dependencies representation
CrossParser '08 Coling 2008: Proceedings of the workshop on Cross-Framework and Cross-Domain Parser Evaluation
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Inferring Resource Specifications from Natural Language API Documentation
ASE '09 Proceedings of the 2009 IEEE/ACM International Conference on Automated Software Engineering
Advanced Data Mining Techniques
Advanced Data Mining Techniques
Text2Test: Automated Inspection of Natural Language Use Cases
ICST '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification and Validation
Proceedings of the 17th ACM conference on Computer and communications security
Not So Great Expectations: Why Application Markets Haven't Failed Security
IEEE Security and Privacy
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
A survey of mobile malware in the wild
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the 18th ACM conference on Computer and communications security
Generating Parameter Comments and Integrating with Method Summaries
ICPC '11 Proceedings of the 2011 IEEE 19th International Conference on Program Comprehension
RiskRanker: scalable and accurate zero-day android malware detection
Proceedings of the 10th international conference on Mobile systems, applications, and services
Dissecting Android Malware: Characterization and Evolution
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
Inferring method specifications from natural language API descriptions
Proceedings of the 34th International Conference on Software Engineering
Security'12 Proceedings of the 21st USENIX conference on Security symposium
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Proceedings of the 2012 ACM Conference on Ubiquitous Computing
PScout: analyzing the Android permission specification
Proceedings of the 2012 ACM conference on Computer and communications security
Using probabilistic generative models for ranking risks of Android apps
Proceedings of the 2012 ACM conference on Computer and communications security
Automated extraction of security policies from natural-language software documents
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
MAST: triage for market-scale mobile malware analysis
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
RiskMon: continuous and automated risk assessment of mobile applications
Proceedings of the 4th ACM conference on Data and application security and privacy
Systematic audit of third-party android phones
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
Application markets such as Apple's App Store and Google's Play Store have played an important role in the popularity of smartphones and mobile devices. However, keeping malware out of application markets is an ongoing challenge. While recent work has developed various techniques to determine what applications do, no work has provided a technical approach to answer, what do users expect? In this paper, we present the first step in addressing this challenge. Specifically, we focus on permissions for a given application and examine whether the application description provides any indication for why the application needs a permission. We present WHYPER, a framework using Natural Language Processing (NLP) techniques to identify sentences that describe the need for a given permission in an application description. WHYPER achieves an average precision of 82.8%, and an average recall of 81.5% for three permissions (address book, calendar, and record audio) that protect frequently-used security and privacy sensitive resources. These results demonstrate great promise in using NLP techniques to bridge the semantic gap between user expectations and application functionality, further aiding the risk assessment of mobile applications.