Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android

Abstract : A common security architecture, called the permission-based security model (used e.g. in Android and Blackberry), entails intrinsic risks. For instance, applications can be granted more permissions than they actually need, what we call a "permission gap". Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Our prototype implementation in the context of Android shows that the static analysis must take into account a significant amount of platform-specific knowledge. Using our tool on two datasets of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare.
Document type :
Reports
Complete list of metadatas

Cited literature [27 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-00700074
Contributor : Alexandre Bartel <>
Submitted on : Wednesday, March 20, 2013 - 6:31:47 PM
Last modification on : Thursday, February 21, 2019 - 10:52:48 AM
Long-term archiving on: Friday, June 21, 2013 - 4:17:09 AM

Files

article.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00700074, version 2
  • ARXIV : 1206.5829

Collections

Citation

Alexandre Bartel, Jacques Klein, Martin Monperrus, Yves Le Traon. Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android. [Research Report] hal-00700074, SnT. 2012. ⟨hal-00700074v2⟩

Share

Metrics

Record views

476

Files downloads

501