期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2012
卷号:12
期号:8
页码:1-10
出版社:International Journal of Computer Science and Network Security
摘要:The risk of privacy breaches by malicious programs has been increasing, and these programs have used more elaborate techniques to circumvent detection. Attacks using a collaboration of applications are especially difficult to find since distinct applications obtain privacy-sensitive data and send the data to the outside. Current mobile platforms have a security enforcement mechanism based on a sandbox to prevent direct data sharing between applications. Furthermore, several schemes have been proposed to improve the security against the attacks caused by two or more applications that communicate with each other. However, these schemes cannot monitor all the possible data-sharing methods. A security analysis that covers a wider range of possible data-sharing methods between applications is required for protecting leakage of privacy-sensitive information. In this paper, we present a detailed manual analysis regarding a wider range of possible methods for sharing data in the Android OS, and show how to detect actual privacy breaches using existing frameworks. Our analysis contributes to the enhancement for the security of the Android OS.
关键词:Information-flow analysis; Software Verification; System Security; Software Security; Android Security
