research-article

Improving mobile application security via bridging user expectations and application behaviors

Authors:

Tao XieAuthors Info & Claims

HotSoS '14: Proceedings of the 2014 Symposium and Bootcamp on the Science of Security

Article No.: 32, Pages 1 - 2

https://doi.org/10.1145/2600176.2600208

Published: 08 April 2014 Publication History

Get Access

Abstract

To keep malware out of mobile application markets, existing techniques analyze the security aspects of application behaviors and summarize patterns of these security aspects to determine what applications do. However, user expectations (reflected via user perception in combination with user judgment) are often not incorporated into such analysis to determine whether application behaviors are within user expectations. This poster presents our recent work on bridging the semantic gap between user perceptions of the application behaviors and the actual application behaviors.

References

[1]

S. Chakradeo, B. Reaves, P. Traynor, and W. Enck. MAST: Triage for market-scale mobile malware analysis. In Proc. Sixth ACM Conference on Security and Privacy in Wireless and Mobile Network, pages 13--24, 2013.

Digital Library

Google Scholar

[2]

CNN Money. Mobile apps overtake PC Internet usage in U.S., Feburary 2014.

Google Scholar

[3]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proc. 9th USENIX Conference on Operating Systems Design and Implementation, pages 1--6, 2010.

Digital Library

Google Scholar

[4]

W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proc. 16th ACM Conference on Computer and Communications security, pages 235--245, 2009.

Digital Library

Google Scholar

[5]

M. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic detection of capability leaks in stock Android smartphones. In Proc. 19th Annual Network and Distributed System Security Symposium, 2012.

Google Scholar

[6]

J. Lin, S. Amini, J. I. Hong, N. Sadeh, J. Lindqvist, and J. Zhang. Expectation and purpose: Understanding users' mental models of mobile app privacy through crowdsourcing. In Proc. ACM Conference on Ubiquitous Computing, pages 501--510, 2012.

Digital Library

Google Scholar

[7]

L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang. CHEX: Statically vetting Android apps for component hijacking vulnerabilities. In Proc. 2012 ACM Conference on Computer and Communications Security, pages 229--240, 2012.

Digital Library

Google Scholar

[8]

R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie. WHYPER: Towards automating risk assessment of mobile applications. In Proc. 22nd USENIX Security Symposium, pages 527--542, 2013.

Digital Library

Google Scholar

[9]

R. Pandita, X. Xiao, H. Zhong, T. Xie, S. Oney, and A. Paradkar. Inferring method specifications from natural language API descriptions. In Proc. 34th International Conference on Software Engineering, pages 815--825, June 2012.

Digital Library

Google Scholar

[10]

H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Using probabilistic generative models for ranking risks of Android apps. In Proc. 2012 ACM Conference on Computer and communications security, pages 241--252, 2012.

Digital Library

Google Scholar

[11]

X. Xiao, A. Paradkar, S. Thummalapenta, and T. Xie. Automated extraction of security policies from natural-language software documents. In Proc. ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, pages 12:1--12:11, 2012.

Digital Library

Google Scholar

[12]

X. Xiao, N. Tillmann, M. Fahndrich, J. De Halleux, and M. Moskal. User-aware privacy control via extended static-information-flow analysis. In Proc. of the 27th IEEE/ACM International Conference on Automated Software Engineering, pages 80--89, 2012.

Digital Library

Google Scholar

[13]

Y. Zhou and X. Jiang. Dissecting Android malware: Characterization and evolution. In Proc. IEEE Symposium on Security and Privacy, pages 95--109, 2012.

Digital Library

Google Scholar

[14]

Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets. In Proc. 19th Annual Network and Distributed System Security Symposium, pages 5--8, 2012.

Google Scholar

Cited By

View all

Vakare GKhan FNaikwade ARautela DLamkuche H(2024)Sentiment Analysis of Crypto Currency Trading Applications in India Using Machine LearningComputing, Communication and Learning10.1007/978-3-031-56998-2_12(138-150)Online publication date: 31-Mar-2024
https://doi.org/10.1007/978-3-031-56998-2_12
Vakare GRautela DShobharam Lamkuche H(2022)User's Perception on Security and Privacy in Using Crypto Currency Trading Application in India2022 International Conference on Knowledge Engineering and Communication Systems (ICKES)10.1109/ICKECS56523.2022.10060666(1-8)Online publication date: 28-Dec-2022
https://doi.org/10.1109/ICKECS56523.2022.10060666
Elahi HWang GPeng TChen J(2019)On Transparency and Accountability of Smart Assistants in Smart CitiesApplied Sciences10.3390/app92453449:24(5344)Online publication date: 6-Dec-2019
https://doi.org/10.3390/app9245344
Show More Cited By

Index Terms

Improving mobile application security via bridging user expectations and application behaviors

Recommendations

An analysis of mobile application network behavior
AINTEC '16: Proceedings of the 12th Asian Internet Engineering Conference

The impact of mobile applications in our every day lives is indisputable. While there are millions of applications available in mobile application markets, users often have very little information to rely upon when selecting which applications to ...
Security Behaviors of Elderly Mobile Health Application Users: A Correlational Study
Analysis of end user security behaviors

Many information security specialists believe that promoting good end user behaviors and constraining bad end user behaviors provide one important method for making information security effective within organizations. Because of the important of end ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

HotSoS '14: Proceedings of the 2014 Symposium and Bootcamp on the Science of Security

April 2014

184 pages

ISBN:9781450329071

DOI:10.1145/2600176

General Chair:
Laurie A. Williams
North Carolina State University
,
Program Chairs:
David M. Nicol
University of Illinois, Urbana-Champaign
,
Munindar P. Singh
North Carolina State University

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 April 2014

Check for updates

Author Tags

Qualifiers

Research-article

Conference

HotSoS '14

Sponsor:

No. Carolina State Univeresity

HotSoS '14: Symposium and Bootcamp on the Science of Security

April 8 - 9, 2014

North Carolina, Raleigh, USA

Acceptance Rates

HotSoS '14 Paper Acceptance Rate 12 of 21 submissions, 57%;

Overall Acceptance Rate 34 of 60 submissions, 57%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
240
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Vakare GKhan FNaikwade ARautela DLamkuche H(2024)Sentiment Analysis of Crypto Currency Trading Applications in India Using Machine LearningComputing, Communication and Learning10.1007/978-3-031-56998-2_12(138-150)Online publication date: 31-Mar-2024
https://doi.org/10.1007/978-3-031-56998-2_12
Vakare GRautela DShobharam Lamkuche H(2022)User's Perception on Security and Privacy in Using Crypto Currency Trading Application in India2022 International Conference on Knowledge Engineering and Communication Systems (ICKES)10.1109/ICKECS56523.2022.10060666(1-8)Online publication date: 28-Dec-2022
https://doi.org/10.1109/ICKECS56523.2022.10060666
Elahi HWang GPeng TChen J(2019)On Transparency and Accountability of Smart Assistants in Smart CitiesApplied Sciences10.3390/app92453449:24(5344)Online publication date: 6-Dec-2019
https://doi.org/10.3390/app9245344
Elahi HWang GXie D(2017)Assessing privacy behaviors of smartphone users in the context of data over-collection problem: An exploratory study2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI)10.1109/UIC-ATC.2017.8397613(1-8)Online publication date: Aug-2017
https://doi.org/10.1109/UIC-ATC.2017.8397613

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

An analysis of mobile application network behavior

Security Behaviors of Elderly Mobile Health Application Users: A Correlational Study

Analysis of end user security behaviors