[Back]

M. Maffei, S. Calzavara, I. Grishchenko, A. Koutsos:
"A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications";
Talk: IEEE Computer Security Foundations Symposium, Santa Barbara, USA; 2017-08-21 - 2017-08-25; in: "IEEE 30th Computer Security Foundations Symposium CSF 2017", IEEE Xplore Digital Library, (2017), ISBN: 978-1-5386-3217-8; Paper ID 3, 15 pages.

Android is today the most popular operating system for mobile phones and tablets, and it boasts the largest application market among all its competitors. Though the huge number of available applications is arguably one of the main reasons for the success of Android, it also poses an important security challenge: there are way too many applications to ensure that they go through a timely and thorough security vetting before their publication on the market. Automated analysis tools thus play a critical role in ensuring that security verification does not fall behind with respect to the release of malicious (or buggy) applications. There are many relevant security concerns for Android applications, e.g., privilege escalation [12], [5] and component hijacking [26], but the most important challenge in the area is arguably information flow control, since Android applications are routinely granted access to personal information and other sensitive data stored on the device where they are installed. To counter the threats posed by malicious applications, the research community has proposed a plethora of increasingly sophisticated (static) information flow control frameworks for Android [41], [42], [27], [14], [22], [3], [40], [15], [7]. Despite all this progress, however, none of these static analysis tools is able to properly reconcile soundness and precision in its treatment of heap-allocated data structures

http://dx.doi.org/10.1109/CSF.2017.19

http://publik.tuwien.ac.at/files/publik_268462.pdf