nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

DroidTest: Testing Android Applications for Leakage of Private Information

verfasst von : Sarker T. Ahmed Rumee, Donggang Liu

Erschienen in: Information Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Smartphones have become a basic necessity in recent years, and a large portion of users are using them for storing private data such as personal contacts and performing sensitive operations such as financial transactions. As a result, there is a high incentive for attackers to compromise these devices. Researchers have also found that there are indeed many malicious applications on official or unofficial Android markets, and a large fraction of them steal private user data once they are installed on smartphones. In this paper, we propose a novel method to test Android applications for the leakage of private data. Our method reuses existing test cases, produced either manually or automatically, and converts each of them into a set of new correlated test cases. The property of these correlated test cases is such that- they will trigger the same result in our system if there is no leakage of private data. As a result, the leakage of information can be detected if we observe different outputs from executions under correlated inputs. We have evaluated our system on an Android malware dataset and the top 50 free applications on official Android market. The result shows that our tool can effectively and efficiently detect leakage of private data.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel CrowdFlow: Efficient Information Flow Security

Nächstes Kapitel A Dangerous Mix: Large-Scale Analysis of Mixed-Content Websites

Analysis of appverification tool from google. http://www.csc.ncsu.edu/faculty/jiang/appverify/

Contagio mobile malware mini dump. http://contagiominidump.blogspot.com/

Junit. http://junit.sourceforge.net/

Malware data set. http://www.malgenomeproject.org/policy.html

Official android marketplace: Google play. https://play.google.com/

Robotium. http://code.google.com/p/robotium/

Survey on smartphone users. http://www.engadget.com/2012/05/07/nielsen-smartphone-share-march-2012/

Beresford, A., Rice, A., Skehin, N., Sohan, R.: Mockdroid: trading privacy for application functionality on smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, pp. 49–54. ACM (2011)

Egele, M., Kruegel, C., Kirda, E., Vigna, G.: Pios: detecting privacy leaks in ios applications. In: Proceedings of the Network and Distributed System Security Symposium (2011)

10.

Enck, W., Gilbert, P., Chun, B., Cox, L., Jung, J., McDaniel, P., Sheth, A.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, pp. 1–6 (2010)

11.

Felt, A., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)

12.

Felt, A., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14. ACM (2011)

13.

Felt, A., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)

14.

Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Procedings of the USENIX Conference on Web Application Development (2011)

15.

Fuchs, A., Chaudhuri, A., Foster, J.: Scandroid: automated security certification of android applications. Manuscript, Univ. of Maryland (2009). http://www.cs.umd.edu/~avik/projects/scandroidascaa

16.

Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012) CrossRef

17.

Godefroid, P., Klarlund, N., Sen, K.: Dart: directed automated random testing. In: ACM Sigplan Notices, vol. 40, pp. 213–223. ACM (2005)

18.

Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 639–652. ACM (2011)

19.

Hu, C., Neamtiu, I.: Automating gui testing for android applications. In: Proceedings of the 6th International Workshop on Automation of Software Test, pp. 77–83. ACM (2011)

20.

Kim, J., Yoon, Y., Yi, K., Shin, J., Center, S.: Scandal: static analyzer for detecting privacy leaks in android applications. In Proc. of the MoST (2012)

21.

K. Sen, D. Marinov, G. Agha.: CUTE: a concolic unit testing engine for C. In: Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, vol. 30, pp. 263-272 (2005)

22.

Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE (2012)

23.

Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011) CrossRef

Titel: DroidTest: Testing Android Applications for Leakage of Private Information
verfasst von: Sarker T. Ahmed Rumee
Donggang Liu
Verlag: Springer International Publishing
Buch: Information Security
Print ISBN: 978-3-319-27658-8

Electronic ISBN: 978-3-319-27659-5

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-27659-5_24

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner