Workshop DeMobile 2014 – Author Index |
Contents -
Abstracts -
Authors
|
Aiken, Alex |
![]() Yu Feng, Isil Dillig, Saswat Anand, and Alex Aiken (University of Texas at Austin, USA; Stanford University, USA) We present Apposcopy, a new semantics-based approach for detecting Android malware that steal private information. Apposcopy incorporates (i) a high-level language for specifying malware signatures and (ii) a static analysis for deciding if a given application matches a given signature. We have evaluated Apposcopy on a corpus of real-world Android applications and show that it can effectively pinpoint malicious applications that belong to certain malware families. ![]() |
|
Anand, Saswat |
![]() Yu Feng, Isil Dillig, Saswat Anand, and Alex Aiken (University of Texas at Austin, USA; Stanford University, USA) We present Apposcopy, a new semantics-based approach for detecting Android malware that steal private information. Apposcopy incorporates (i) a high-level language for specifying malware signatures and (ii) a static analysis for deciding if a given application matches a given signature. We have evaluated Apposcopy on a corpus of real-world Android applications and show that it can effectively pinpoint malicious applications that belong to certain malware families. ![]() |
|
Bagheri, Hamid |
![]() Sam Malek, Hamid Bagheri, and Alireza Sadeghi (George Mason University, USA) Android is the most popular platform for mobile devices. It facilitates sharing data and services between applications by providing a rich inter-application communication system. While such sharing can be controlled by the Android permission system, enforcing permissions is not sufficient to prevent security violations, since permissions may be mismanaged, intentionally or unintentionally, which can compromise user privacy. In this paper, we provide an overview of a novel approach for compositional analysis of Android inter-application vulnerabilities, entitled COVERT. Our analysis is modular to enable incremental analysis of applications as they are installed on an Android device. It extracts security specifications from application packages, captures them in an analyzable formal specification language, and checks whether it is safe for a combination of applications - holding certain permissions and potentially interacting with each other - to install simultaneously. To our knowledge, our work is the first formally-precise analysis tool for automated compositional analysis of Android applications. ![]() |
|
Banerjee, Abhijeet |
![]() Abhijeet Banerjee and Abhik Roychoudhury (National University of Singapore, Singapore) Developing energy-efficient application is crucial for mobile platforms such as smartphone and tablets, since such devices operate on a limited amount of battery power. However, until recently most of the smartphone applications have been developed in an energy-oblivious fashion. This is increasingly becoming a concern due to the fact that smartphone applications are progressively becoming complex and energy-intensive, whereas the battery technology is unable to keep up. Existing studies have proposed a number of testing and re-factoring techniques that can be used to increase the energy-efficiency of such applications, after the development has been completed. However, we feel that maximum level of energy-efficiency can be achieved only if energy-efficient design practices are used in the software development process. In this study, we propose a set of energy-aware design patterns, specifically targeted at smartphone applications. These design patterns can be applied to huge number of real-life scenarios for energy-efficient information gathering and processing, within the smartphone application. We also present some examples of design patterns for application development for the Android platform. ![]() |
|
Datta, Subhajit |
![]() Subhajit Datta (Singapore University of Technology and Design, Singapore) There can be little contention about Stroustrup's epigrammatic remark: our civilization runs on software. However a caveat is increasingly due, much of the software that runs our civilization, runs on mobile devices today. Mobile operating systems have come to play a preeminent role in the ubiquity and utility of such devices. The development ecosystem of Android - one of the most popular mobile operating systems - presents an interesting context for studying whether and how collaboration dynamics in mobile development differ from conventional software development. In this paper, we examine factors that influence task ownership in Android development. Our results can inform project governance decisions at the individual and organizational levels. ![]() |
|
Dig, Danny |
![]() Danny Dig (Oregon State University, USA) One contemporary development task is refactoring long-running, blocking synchronous code (e.g., accessing the web, database, or file system) into non-blocking asynchronous code. Asynchronous programming is in demand today because responsiveness is especially important on mobile devices. While major programming languages make asynchronous programming possible, they do not make it easy. In this invited talk we present our growing refactoring toolset that enables Android and Windows Phone developers to retrofit asynchrony. There are several challenges that our toolset addresses: reasoning about a programming model which inverts the flow of control, determining non-interference of asynchronous operations with the main thread of execution, converting from legacy callback-based idioms to the newer style, etc. Our empirical evaluation shows that our toolset is (i) highly applicable, (ii) accurate, (iii) safer than manual refactoring, (iv) it saves development effort, (v) its results have been accepted by the open-source developers, thus it is useful. ![]() |
|
Dillig, Isil |
![]() Yu Feng, Isil Dillig, Saswat Anand, and Alex Aiken (University of Texas at Austin, USA; Stanford University, USA) We present Apposcopy, a new semantics-based approach for detecting Android malware that steal private information. Apposcopy incorporates (i) a high-level language for specifying malware signatures and (ii) a static analysis for deciding if a given application matches a given signature. We have evaluated Apposcopy on a corpus of real-world Android applications and show that it can effectively pinpoint malicious applications that belong to certain malware families. ![]() |
|
Feng, Yu |
![]() Yu Feng, Isil Dillig, Saswat Anand, and Alex Aiken (University of Texas at Austin, USA; Stanford University, USA) We present Apposcopy, a new semantics-based approach for detecting Android malware that steal private information. Apposcopy incorporates (i) a high-level language for specifying malware signatures and (ii) a static analysis for deciding if a given application matches a given signature. We have evaluated Apposcopy on a corpus of real-world Android applications and show that it can effectively pinpoint malicious applications that belong to certain malware families. ![]() |
|
Malek, Sam |
![]() Sam Malek, Hamid Bagheri, and Alireza Sadeghi (George Mason University, USA) Android is the most popular platform for mobile devices. It facilitates sharing data and services between applications by providing a rich inter-application communication system. While such sharing can be controlled by the Android permission system, enforcing permissions is not sufficient to prevent security violations, since permissions may be mismanaged, intentionally or unintentionally, which can compromise user privacy. In this paper, we provide an overview of a novel approach for compositional analysis of Android inter-application vulnerabilities, entitled COVERT. Our analysis is modular to enable incremental analysis of applications as they are installed on an Android device. It extracts security specifications from application packages, captures them in an analyzable formal specification language, and checks whether it is safe for a combination of applications - holding certain permissions and potentially interacting with each other - to install simultaneously. To our knowledge, our work is the first formally-precise analysis tool for automated compositional analysis of Android applications. ![]() |
|
Ongkosit, Thanaporn |
![]() Thanaporn Ongkosit and Shingo Takada (Keio University, Japan) Responsiveness is an important type of quality factor in Android application because it directly affects user experience. When the user interface thread performs lengthy operations, the user may feel that the application has become sluggish or frozen. This may lead to a negative user experience, poor review, and loss in market success. This paper proposes a static responsiveness analysis tool for Android applications to find potentially poor responsiveness defects which are difficult to detect by conventional testing methods as they are sensitive to the user environment. This tool finds responsiveness defects by discovering operations invoked in the user interface thread that may block the execution of other operations. We collect these operations according to Android developer guideline and previous related work. The proposed tool successfully found 45 potential responsiveness defects in seven open source Android applications. ![]() |
|
Roychoudhury, Abhik |
![]() Abhijeet Banerjee and Abhik Roychoudhury (National University of Singapore, Singapore) Developing energy-efficient application is crucial for mobile platforms such as smartphone and tablets, since such devices operate on a limited amount of battery power. However, until recently most of the smartphone applications have been developed in an energy-oblivious fashion. This is increasingly becoming a concern due to the fact that smartphone applications are progressively becoming complex and energy-intensive, whereas the battery technology is unable to keep up. Existing studies have proposed a number of testing and re-factoring techniques that can be used to increase the energy-efficiency of such applications, after the development has been completed. However, we feel that maximum level of energy-efficiency can be achieved only if energy-efficient design practices are used in the software development process. In this study, we propose a set of energy-aware design patterns, specifically targeted at smartphone applications. These design patterns can be applied to huge number of real-life scenarios for energy-efficient information gathering and processing, within the smartphone application. We also present some examples of design patterns for application development for the Android platform. ![]() |
|
Sadeghi, Alireza |
![]() Sam Malek, Hamid Bagheri, and Alireza Sadeghi (George Mason University, USA) Android is the most popular platform for mobile devices. It facilitates sharing data and services between applications by providing a rich inter-application communication system. While such sharing can be controlled by the Android permission system, enforcing permissions is not sufficient to prevent security violations, since permissions may be mismanaged, intentionally or unintentionally, which can compromise user privacy. In this paper, we provide an overview of a novel approach for compositional analysis of Android inter-application vulnerabilities, entitled COVERT. Our analysis is modular to enable incremental analysis of applications as they are installed on an Android device. It extracts security specifications from application packages, captures them in an analyzable formal specification language, and checks whether it is safe for a combination of applications - holding certain permissions and potentially interacting with each other - to install simultaneously. To our knowledge, our work is the first formally-precise analysis tool for automated compositional analysis of Android applications. ![]() |
|
Sherman, Mark |
![]() Mark Sherman (SEI, USA) Mobile platforms represent an increasing valuable target for adversaries. This paper discusses attack surfaces – points of attack – that mobile devices present. Several important mobile device capabilities in communication, computation and sensors enable attack surfaces not usually seen in desktop or server systems. These attack surfaces are not generally considered in recommendations from current secure software development lifecycles. Mitigation of the threats or reduction of the attack surfaces is needed when constructing secure mobile software. ![]() |
|
Takada, Shingo |
![]() Thanaporn Ongkosit and Shingo Takada (Keio University, Japan) Responsiveness is an important type of quality factor in Android application because it directly affects user experience. When the user interface thread performs lengthy operations, the user may feel that the application has become sluggish or frozen. This may lead to a negative user experience, poor review, and loss in market success. This paper proposes a static responsiveness analysis tool for Android applications to find potentially poor responsiveness defects which are difficult to detect by conventional testing methods as they are sensitive to the user environment. This tool finds responsiveness defects by discovering operations invoked in the user interface thread that may block the execution of other operations. We collect these operations according to Android developer guideline and previous related work. The proposed tool successfully found 45 potential responsiveness defects in seven open source Android applications. ![]() |
14 authors
proc time: 0.63