Securing Android with Local Policies
详细信息    查看全文
  • 刊名:Lecture Notes in Computer Science
  • 出版年:2015
  • 出版时间:2015
  • 年:2015
  • 卷:9465
  • 期:1
  • 页码:202-218
  • 全文大小:669 KB
  • 参考文献:1.Armando, A., Carbone, R., Costa, G., Merlo, A.: Android permissions unleashed. In: Proceedings of the 28th IEEE Computer Security Foundations Symposium, CSF 2015, Italy, Verona (2015)
    2.Armando, A., Costa, G., Merlo, A.: Bring your own device, securely. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing, SAC 2013, Coimbra, Portugal, 18–22 March 2013, pp. 1852–1858 (2013)
    3. Armando, A., Merlo, A., Migliardi, M., Verderame, L.: Would you mind forking this process? a denial of service attack on android (and some countermeasures). In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 13–24. Springer, Heidelberg (2012) CrossRef
    4.Bartoletti, M., Costa, G., Degano, P., Martinelli, F., Zunino, R.: Securing java with local policies. J. Object Technol. 8(4), 5–32 (2009)CrossRef
    5.Bartoletti, M., Costa, G., Zunino, R.: Jalapa: Securing java with local policies: Tool demonstration. Electr. Notes Theor. Comput. Sci. 253(5), 145–151 (2009)CrossRef
    6.Bartoletti, M., Degano, P., Ferrari, G.L.: Enforcing secure service composition. In: Proceedings of the 18th Computer Security Foundations Workshop (CSFW) (2005)
    7. Bartolett, M., Degano, P., Ferrari, G.-L.: History-based access control with local policies. In: Sassone, V. (ed.) FOSSACS 2005. LNCS, vol. 3441, pp. 316–332. Springer, Heidelberg (2005) CrossRef
    8.Bartoletti, M., Degano, P., Ferrari, G.L.: Planning and verifying service composition. J. Comput. Secur. 17(5), 799–837 (2009)
    9. Bartoletti, M., Degano, P., Ferrari, G.-L., Zunino, R.: Types and effects for resource usage analysis. In: Seidl, H. (ed.) FOSSACS 2007. LNCS, vol. 4423, pp. 32–47. Springer, Heidelberg (2007) CrossRef
    10.Bartoletti, M., Degano, P., Ferrari, G.L., Zunino, R.: Model checking usage policies. Math. Struct. Comput. Sci. 25(3), 710–763 (2015)MathSciNet CrossRef
    11.Bartoletti, M., Zunino, R.: LocUsT: a tool for checking usage policies. Technical report TR-08-07, Dip. Informatica, Univ. Pisa (2008)
    12.Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R.: Xmandroid: a new android evolution to mitigate privilege escalation attacks. Technical report TR-2011-04, Technische Univ. Darmstadt, April 2011
    13.Burguera, I., Zurutuza, U., Nadjm-Therani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011) (2011)
    14.Chaudhuri, A.: Language-based security on android. In: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, PLAS 2009, pp. 1–7. ACM, New York (2009)
    15.Costa, G., Martinelli, F., Mori, P., Schaefer, C., Walter, T.: Runtime monitoring for next generation java ME platform. Comput. Secur. 29(1), 74–87 (2010)CrossRef
    16.Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 21. USENIX Association, Berkeley (2011)
    17.Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 627–638. ACM, New York (2011)
    18.Felt, A.P., Hanna, S., Chin, E., Wang, H.J., Moshchuk, E.: Permission re-delegation: attacks and defenses. In: 20th Usenix Security Symposium (2011)
    19.Furia, C.A., Mandrioli, D., Morzenti, A., Rossi, M.: Modeling Time in Computing. Monographs in Theoretical Computer Science. An EATCS Series. Springer, Heidelberg (2012)
    20.Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 328–332. ACM, New York (2010)
    21.Necula, G.C.: Proof-carrying code. In: Twenty-Fourth ACM Symposium on Principles of Programming Languages (1997)
    22.Ongtang, M., Mclaughlin, S., Enck, W., Mcdaniel, P.: Semantically rich application-centric security in android. In: ACSAC 2009: Annual Computer Security Applications Conference (2009)
    23.Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: a stealthy and context-aware sound trojan for smartphones. In: Proceedings of the 18th Annual Network & Distributed System Security Symposium (2011)
    24.Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google android: a comprehensive security assessment. IEEE Secur. Priv. 8(2), 35–44 (2010)CrossRef
    25.Shin, W., Kiyomoto, S., Fukushima, K., Tanaka, T.: A formal model to analyze the permission authorization and enforcement in the android framework. In: Proceedings of the 2010 IEEE Second International Conference on Social Computing, SOCIALCOM 2010, pp. 944–951. IEEE Computer Society, Washington, DC (2010)
    26. Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on android). In: Beres, Y., Balacheff, B., Sadeghi, A.-R., Sasse, A., McCune, J.M., Perrig, A. (eds.) TRUST 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011) CrossRef
  • 作者单位:Gabriele Costa (16)

    16. DIBRIS, Università di Genova, Genova, Italy
  • 丛书名:Programming Languages with Applications to Biology and Security
  • ISBN:978-3-319-25527-9
  • 刊物类别:Computer Science
  • 刊物主题:Artificial Intelligence and Robotics
    Computer Communication Networks
    Software Engineering
    Data Encryption
    Database Management
    Computation by Abstract Devices
    Algorithm Analysis and Problem Complexity
  • 出版者:Springer Berlin / Heidelberg
  • ISSN:1611-3349
文摘
Local policies have been proposed in [6] as a formalism for efficient and effective policy verification and enforcement. The basic approach consists of an enriched syntax of a programming language with a scope operator that the developer uses to apply a local policy to a specific portion of her code. Due to their fair expressiveness and modularity, they have been successfully applied also to object-orienter languages and web services. In this paper we apply the existing approach to the Android application framework. To this aim, we present a novel programming language, namely , which includes both the Android IPC logic and local policies. Page %P Close Plain text Look Inside Chapter Metrics Provided by Bookmetrix Reference tools Export citation EndNote (.ENW) JabRef (.BIB) Mendeley (.BIB) Papers (.RIS) Zotero (.RIS) BibTeX (.BIB) Add to Papers Other actions About this Book Reprints and Permissions Share Share this content on Facebook Share this content on Twitter Share this content on LinkedIn Supplementary Material (0) References (26) References1.Armando, A., Carbone, R., Costa, G., Merlo, A.: Android permissions unleashed. In: Proceedings of the 28th IEEE Computer Security Foundations Symposium, CSF 2015, Italy, Verona (2015)2.Armando, A., Costa, G., Merlo, A.: Bring your own device, securely. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing, SAC 2013, Coimbra, Portugal, 18–22 March 2013, pp. 1852–1858 (2013)3. Armando, A., Merlo, A., Migliardi, M., Verderame, L.: Would you mind forking this process? a denial of service attack on android (and some countermeasures). In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 13–24. Springer, Heidelberg (2012) CrossRef4.Bartoletti, M., Costa, G., Degano, P., Martinelli, F., Zunino, R.: Securing java with local policies. J. Object Technol. 8(4), 5–32 (2009)CrossRef5.Bartoletti, M., Costa, G., Zunino, R.: Jalapa: Securing java with local policies: Tool demonstration. Electr. Notes Theor. Comput. Sci. 253(5), 145–151 (2009)CrossRef6.Bartoletti, M., Degano, P., Ferrari, G.L.: Enforcing secure service composition. In: Proceedings of the 18th Computer Security Foundations Workshop (CSFW) (2005)7. Bartolett, M., Degano, P., Ferrari, G.-L.: History-based access control with local policies. In: Sassone, V. (ed.) FOSSACS 2005. LNCS, vol. 3441, pp. 316–332. Springer, Heidelberg (2005) CrossRef8.Bartoletti, M., Degano, P., Ferrari, G.L.: Planning and verifying service composition. J. Comput. Secur. 17(5), 799–837 (2009)9. Bartoletti, M., Degano, P., Ferrari, G.-L., Zunino, R.: Types and effects for resource usage analysis. In: Seidl, H. (ed.) FOSSACS 2007. LNCS, vol. 4423, pp. 32–47. Springer, Heidelberg (2007) CrossRef10.Bartoletti, M., Degano, P., Ferrari, G.L., Zunino, R.: Model checking usage policies. Math. Struct. Comput. Sci. 25(3), 710–763 (2015)MathSciNetCrossRef11.Bartoletti, M., Zunino, R.: LocUsT: a tool for checking usage policies. Technical report TR-08-07, Dip. Informatica, Univ. Pisa (2008)12.Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R.: Xmandroid: a new android evolution to mitigate privilege escalation attacks. Technical report TR-2011-04, Technische Univ. Darmstadt, April 201113.Burguera, I., Zurutuza, U., Nadjm-Therani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011) (2011)14.Chaudhuri, A.: Language-based security on android. In: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, PLAS 2009, pp. 1–7. ACM, New York (2009)15.Costa, G., Martinelli, F., Mori, P., Schaefer, C., Walter, T.: Runtime monitoring for next generation java ME platform. Comput. Secur. 29(1), 74–87 (2010)CrossRef16.Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 21. USENIX Association, Berkeley (2011)17.Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 627–638. ACM, New York (2011)18.Felt, A.P., Hanna, S., Chin, E., Wang, H.J., Moshchuk, E.: Permission re-delegation: attacks and defenses. In: 20th Usenix Security Symposium (2011)19.Furia, C.A., Mandrioli, D., Morzenti, A., Rossi, M.: Modeling Time in Computing. Monographs in Theoretical Computer Science. An EATCS Series. Springer, Heidelberg (2012)20.Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 328–332. ACM, New York (2010)21.Necula, G.C.: Proof-carrying code. In: Twenty-Fourth ACM Symposium on Principles of Programming Languages (1997)22.Ongtang, M., Mclaughlin, S., Enck, W., Mcdaniel, P.: Semantically rich application-centric security in android. In: ACSAC 2009: Annual Computer Security Applications Conference (2009)23.Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: a stealthy and context-aware sound trojan for smartphones. In: Proceedings of the 18th Annual Network & Distributed System Security Symposium (2011)24.Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google android: a comprehensive security assessment. IEEE Secur. Priv. 8(2), 35–44 (2010)CrossRef25.Shin, W., Kiyomoto, S., Fukushima, K., Tanaka, T.: A formal model to analyze the permission authorization and enforcement in the android framework. In: Proceedings of the 2010 IEEE Second International Conference on Social Computing, SOCIALCOM 2010, pp. 944–951. IEEE Computer Society, Washington, DC (2010)26. Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on android). In: Beres, Y., Balacheff, B., Sadeghi, A.-R., Sasse, A., McCune, J.M., Perrig, A. (eds.) TRUST 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011) CrossRef About this Chapter Title Securing Android with Local Policies Book Title Programming Languages with Applications to Biology and Security Book Subtitle Essays Dedicated to Pierpaolo Degano on the Occasion of His 65th Birthday Pages pp 202-218 Copyright 2015 DOI 10.1007/978-3-319-25527-9_14 Print ISBN 978-3-319-25526-2 Online ISBN 978-3-319-25527-9 Series Title Lecture Notes in Computer Science Series Volume 9465 Series ISSN 0302-9743 Publisher Springer International Publishing Copyright Holder Springer International Publishing Switzerland Additional Links About this Book Topics Logics and Meanings of Programs Software Engineering Information Systems Applications (incl. Internet) Computer Communication Networks Programming Techniques Algorithm Analysis and Problem Complexity Industry Sectors Electronics Aerospace Automotive eBook Packages Computer Science Editors Chiara Bodei (13) Gian-Luigi Ferrari (14) Corrado Priami (15) Editor Affiliations 13. Dipartimento di Informatica, Università di Pisa 14. Dipartimento di Informatica, Università di Pisa 15. Dipartimento di Matematica, Università degli Studi di Trento Authors Gabriele Costa (16) Author Affiliations 16. DIBRIS, Università di Genova, Genova, Italy Continue reading... To view the rest of this content please follow the download PDF link above.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700