Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/2846661.2846667acmconferencesArticle/Chapter ViewAbstractPublication PagessplashConference Proceedingsconference-collections
short-paper

Automatic detection, correction, and visualization of security vulnerabilities in mobile apps

Published: 26 October 2015 Publication History

Abstract

Mobile devices have revolutionized many aspects of our lives. We use them as portable computers and, often without realizing it, we run various types of security-sensitive programs on them, such as personal and enterprise email and instant-messaging applications, as well as social, banking, insurance and retail programs. These applications access and transmit over the network numerous pieces of private information. Guaranteeing that such information is not exposed to unauthorized observers is very challenging given the level of complexity that these applications have reached. Furthermore, using program-analysis tools with out-of-the-box configurations in order to detect confidentiality violations may not yield the desired results because only a few pieces of private data, such as the device's ID and geographical location, are obtained from standard sources. The majority of confidentiality sources (such as credit-card and bank-account numbers) are application-specific and require careful configuration. This paper presents Astraea, a privacy-enforcement system for Android and iOS that dynamically detects and repairs leakage of private data originating from standard as well as application-specific sources. Astraea features several novel contributions: (i) it allows for visually configuring, directly atop the application's User Interface (UI), the fields that constitute custom sources of private data; (ii) it relies on application-level instrumentation, without interfering with the underlying operating system; (iii) it performs an enhanced form of value-similarity analysis to detect and repair data leakage even when sensitive data has been encoded or hashed, and (iv) it displays the results of the privacy analysis on top of a visual representation of the application's UI.

Cited By

View all
  • (2020)Security Analysis of IoT Devices by Using Mobile Computing: A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2020.30063588(120331-120350)Online publication date: 2020
  • (2019)Towards Secure Password Protection in Portable ApplicationsNational Cyber Summit (NCS) Research Track10.1007/978-3-030-31239-8_1(3-13)Online publication date: 25-Sep-2019
  • (2018)Vulnerabilities in Banking Transactions with Mobile Devices Android: A Systematic Literature ReviewTechnology Trends10.1007/978-3-030-05532-5_8(104-115)Online publication date: 30-Dec-2018

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
MobileDeLi 2015: Proceedings of the 3rd International Workshop on Mobile Development Lifecycle
October 2015
57 pages
ISBN:9781450339063
DOI:10.1145/2846661
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 October 2015

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Mobile security
  2. Usable security

Qualifiers

  • Short-paper

Conference

SPLASH '15
Sponsor:

Acceptance Rates

Overall Acceptance Rate 6 of 8 submissions, 75%

Upcoming Conference

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)4
  • Downloads (Last 6 weeks)0
Reflects downloads up to 28 Nov 2024

Other Metrics

Citations

Cited By

View all
  • (2020)Security Analysis of IoT Devices by Using Mobile Computing: A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2020.30063588(120331-120350)Online publication date: 2020
  • (2019)Towards Secure Password Protection in Portable ApplicationsNational Cyber Summit (NCS) Research Track10.1007/978-3-030-31239-8_1(3-13)Online publication date: 25-Sep-2019
  • (2018)Vulnerabilities in Banking Transactions with Mobile Devices Android: A Systematic Literature ReviewTechnology Trends10.1007/978-3-030-05532-5_8(104-115)Online publication date: 30-Dec-2018

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media