Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android

by Alexandre Bartel, Jacques Klein, Martin Monperrus and Yves Le Traon
Abstract: A common security architecture is based on the protection of certain resources by permission checks (used e.g., in Android and Blackberry). It has some limitations, for instance, when applications are granted more permissions than they actually need, which facilitates all kinds of malicious usage (e.g., through code injection). The analysis of permission-based framework requires a precise mapping between API methods of the framework and the permissions they require. In this paper, we show that naive static analysis fails miserably when applied with off-the-shelf components on the Android framework. We then present an advanced class-hierarchy and field-sensitive set of analyses to extract this mapping. Those static analyses are capable of analyzing the Android framework. They use novel domain specific optimizations dedicated to Android.
 View PDF
Open-access (on arXiv.org)
Publisher version (via DOI)
Citations: [citations]
Other publications of Martin Monperrus

Cite it:

Alexandre Bartel, Jacques Klein, Martin Monperrus and Yves Le Traon, "Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android", IEEE Transactions on Software Engineering, Institute of Electrical and Electronics Engineers, volume 40, 2014.
https://doi.org/10.1109/TSE.2014.2322867
Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android
http://arxiv.org/pdf/1408.3976
[Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android](http://arxiv.org/pdf/1408.3976) ([doi:10.1109/TSE.2014.2322867](https://doi.org/10.1109/TSE.2014.2322867))
\href{http://arxiv.org/pdf/1408.3976}{Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android} % \cite{1408.3976}

Bibtex Entry:

@article{1408.3976,
 title = {Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android},
 journal = {IEEE Transactions on Software Engineering, Institute of Electrical
  and Electronics Engineers, volume 40},
 year = {2014},
 doi = {10.1109/TSE.2014.2322867},
 author = {Alexandre Bartel and Jacques Klein and Martin Monperrus and Yves Le Traon},
 url = {http://arxiv.org/pdf/1408.3976},
}
Powered by bibtexbrowser
Tagged as: