Skip to main content

Malevolent app pairs: An android permission overpassing scheme.

Tools

Dimitriadis, A., Efraimidis, P.S. and Katos, V., 2016. Malevolent app pairs: An android permission overpassing scheme. In: ACM International Conference on Computing Frontiers 2016, 16-18 May 2016, Como, Italy, 431 - 436.

Full text available as:

[img]
Preview
 PDF (© ACM, 2016. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution)
p431-dimitriadis.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.
409kB

Copyright to original material in this document is with the original owner(s). Access to this content through BURO is granted on condition that you use it only for research, scholarly or other non-commercial purposes. If you wish to use it for any other purposes, you must contact BU via BURO@bournemouth.ac.uk.

Any third party copyright material in this document remains the property of its respective owner(s). BU grants no licence for further use of that third party material.

DOI: 10.1145/2903150.2911706

Abstract

© 2016 Copyright held by the owner/author(s).Portable smart devices potentially store a wealth of information of personal data, making them attractive targets for data exfiltration attacks. Permission based schemes are core security controls for reducing privacy and security risks. In this paper we demonstrate that current permission schemes cannot effectively mitigate risks posed by covert channels. We show that a pair of apps with different permission settings may collude in order to effectively create a state where a union of their permissions is obtained, giving opportunities for leaking sensitive data, whilst keeping the leak potentially unnoticed. We then propose a solution for such attacks.

Item Type:Conference or Workshop Item (Paper)
Additional Information:© ACM, 2016. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in 2016 ACM International Conference on Computing Frontiers, Proceedings p 431-436
Uncontrolled Keywords:Android smartphones, privacy, data exltration, malevolent applications, covert channel
Group:Faculty of Science & Technology
ID Code:24483
Deposited By: Symplectic RT2
Deposited On:08 Aug 2016 14:20
Last Modified:14 Mar 2022 13:57

Downloads

Downloads per month over past year

More statistics for this item...
Repository Staff Only -