• Publications
  • Influence
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
TLDR
TaintDroid is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data and enabling realtime analysis by leveraging Android’s virtualized execution environment.
On lightweight mobile phone application certification
TLDR
The Kirin security service for Android is proposed, which performs lightweight certification of applications to mitigate malware at install time and indicates that security configuration bundled with Android applications provides practical means of detecting malware.
A Study of Android Application Security
TLDR
A horizontal study of popular free Android applications uncovered pervasive use/misuse of personal/ phone identifiers, and deep penetration of advertising and analytics networks, but did not find evidence of malware or exploitable vulnerabilities in the studied applications.
WHYPER: Towards Automating Risk Assessment of Mobile Applications
TLDR
WHYPER, a framework using Natural Language Processing (NLP) techniques to identify sentences that describe the need for a given permission in an application description, demonstrates great promise in using NLP techniques to bridge the semantic gap between user expectations and application functionality, further aiding the risk assessment of mobile applications.
Understanding Android Security
TLDR
Android's security model is described and attempts to unmask the complexity of secure application development, identifying lessons and opportunities for future enhancements.
AppsPlayground: automatic security analysis of smartphone applications
TLDR
This paper proposes AppsPlayground for Android, a framework that automates the analysis smartphone applications and shows that the system is quite effective at automatically detecting privacy leaks and malicious functionality in applications.
TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones
TLDR
Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, this work found 68 instances of misappropriation of users' location and device identification information across 20 applications.
AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context
TLDR
This work introduces AppContext, an approach of static program analysis that extracts the contexts of security-sensitive behaviors to assist app analysis in differentiating between malicious and benign behaviors.
HideM: Protecting the Contents of Userspace Memory in the Face of Disclosure Vulnerabilities
TLDR
HideM is a practical system for protecting vulnerable applications which leak executable data and uses the split-TLB architecture, commonly found in CPUs, to enable fine-grained execute and read permission on memory, thus enabling protection of Commercial-Off-The-Shelf (COTS) binaries.
ASM: A Programmable Interface for Extending Android Security
TLDR
The Android Security Modules (ASM) framework is proposed, which provides a programmable interface for defining new reference monitors for Android and envision ASM enabling in-the-field security enhancement of Android devices without requiring root access, a significant limitation of existing bring-your-own-device solutions.
...
1
2
3
4
5
...