Jinseong Jeon

Learn More
Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. While permissions provide an important level of security, for many applications they allow broader access than actually required. In this paper, we introduce a novel framework that addresses this issue by(More)
Google’s Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. We have found that Android’s current permissions are often overly broad, providing apps with more access than they truly require. This deviation from least privilege increases the threat from vulnerabilities(More)
Google’s Android platform uses a fairly standard resource-centric permission model to protect resources such as the camera, GPS, and Internet connection. We claim that a much better permission model for developers and users would be application-centric, with a vocabulary that directly relates to application-level functionality, e.g., one permission could(More)
Apps on Google’s Android mobile device platform are written in Java, but are compiled to a special bytecode language called Dalvik. In this paper, we introduce SymDroid, a symbolic executor that operates directly on Dalvik bytecode. SymDroid begins by first translating Dalvik into μ-Dalvik, a simpler language that has only 16 instructions, in contrast to(More)
We present an app automation tool called Brahmastra for helping app stores and security researchers to test thirdparty components in mobile apps at runtime. The main challenge is that call sites that invoke third-party code may be deeply embedded in the app, beyond the reach of traditional GUI testing tools. Our approach uses static analysis to construct a(More)
Symbolic execution is a powerful program analysis technique, but it is difficult to apply to programs built using frameworks such as Swing and Android, because the framework code itself is hard to symbolically execute. The standard solution is to manually create a framework <i>model</i> that can be symbolically executed, but developing and maintaining a(More)
Mobile apps can access a wide variety of secure information, such as contacts and location. However, current mobile platforms include only coarse access control mechanisms to protect such data. In this paper, we introduce interaction-based declassification policies, in which the user’s interactions with the app constrain the release of sensitive(More)
We introduce Troyd, a new integration testing framework for Android apps. Troyd allows testers to write high-level scripts to drive the app under test as desired, e.g., clicking buttons on the screen, checking the contents of a text box, and so on. Troyd also provides a convenient recording mode, in which users construct Troyd scripts as the app is running;(More)
Staphylococcus aureus is an important pathogenic bacterium that causes various infectious diseases. Extracellular vesicles (EVs) released from S. aureus contain bacterial proteins, nucleic acids, and lipids. These EVs can induce immune responses leading to similar symptoms as during staphylococcal infection condition and have the potential as vaccination(More)
Program synthesis tools work by searching for an implementation that satisfies a given specification. Two popular search strategies are symbolic search, which reduces synthesis to a formula passed to a SAT solver, and explicit search, which uses brute force or random search to find a solution. In this paper, we propose adaptive concretization, a novel(More)