Learn More
Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. While permissions provide an important level of security, for many applications they allow broader access than actually required. In this paper, we introduce a novel framework that addresses this issue by(More)
Apps on Google's Android mobile device platform are written in Java, but are compiled to a special bytecode language called Dalvik. In this paper, we introduce SymDroid, a symbolic executor that operates directly on Dalvik bytecode. SymDroid begins by first translating Dalvik into µ-Dalvik, a simpler language that has only 16 instructions, in contrast to(More)
This paper introduces cooperative caching policies for minimizing electronic content provisioning cost in Social Wireless Networks (SWNET). SWNETs are formed by mobile devices, such as data enabled phones, electronic book readers etc., sharing common interests in electronic content, and physically gathering together in public places. Electronic object(More)
Two new logics for verification of hyperproperties are proposed. Hyperproperties characterize security policies, such as noninter-ference, as a property of sets of computation paths. Standard temporal logics such as LTL, CTL, and CTL * can refer only to a single path at a time, hence cannot express many hyperproperties of interest. The logics proposed here,(More)
Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access , GPS use, and telephony. We have found that Android's current permissions are often overly broad, providing apps with more access than they truly require. This deviation from least privilege increases the threat from(More)
—Location-based apps are popular on Android, but they raise a number of privacy concerns. In this paper, we empirically study how one popular location-privacy enhancing technique, location truncation, affects app utility. That is, we try to answer the question: How much can we truncate the location information given to an app while still preserving the(More)
Mobile apps can access a wide variety of secure information, such as contacts and location. However, current mobile platforms include only coarse access control mechanisms to protect such data. In this paper , we introduce interaction-based declassification policies, in which the user's interactions with the app constrain the release of sensitive(More)
Android and other mobile operating systems ask users for authorization before allowing apps to access sensitive resources such as contacts and location. We hypothesize that such authorization systems could be improved by becoming more integrated with the app's user interface. In this paper, we conduct two studies to test our hypothesis. First, we use(More)
  • 1