期刊名称:Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
印刷版ISSN:2093-5374
电子版ISSN:2093-5382
出版年度:2014
卷号:5
期号:4
页码:103-119
出版社:Innovative Information Science & Technology Research Group
摘要:The success of the mobile application model is mostly due to the ease with which new applications are uploaded by developers, distributed through the application markets (e.g. Google Play), and in- stalled by users. Yet, the very same model is cause of serious security concerns, since users have no or little means to ascertain the trustworthiness of the applications they install on their devices. Such concerns grow up when dealing with professional scenarios like the use of mobile devices within organisations. To protect their customers, Poste Italiane has defined the Mobile Application Verification Cluster (MAVeriC), a process for the systematic security analysis of third-party mobile apps leveraging their online services (e.g. home banking, parcel tracking). MAVeriC is an ongoing project that will be completed in the next few years. At the core of the MAVeriC project lies the Static Analysis Mod- ule (SAM), a toolkit that supports automatic static analysis of mobile applications by automating a number of operations including reverse engineering, privilege analysis and automatic verification of security properties. In this paper we present the SAM that has been fully developed and tested. We introduce the functionalities of SAM through a demonstration of the platform applied to real Android applications
