research-article

Language-based security on Android

Author:

Avik ChaudhuriAuthors Info & Claims

PLAS '09: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security

Pages 1 - 7

https://doi.org/10.1145/1554339.1554341

Published: 15 June 2009 Publication History

Get Access

Abstract

In this paper, we initiate a formal study of security on Android: Google's new open-source platform for mobile devices. Specifically, we present a core typed language to describe Android applications, and to reason about their data-flow security properties. Our operational semantics and type system provide some necessary foundations to help both users and developers of Android applications deal with their security concerns.

References

[1]

Android developers. http://developer.android.com/index.html.

Google Scholar

[2]

Android market. http://www.android.com/market/.

Google Scholar

[3]

Android project. http://source.android.com/.

Google Scholar

[4]

The Jif project. http://www.cs.cornell.edu/jif/.

Google Scholar

[5]

The Mobius project. http://mobius.inria.fr/twiki/bin/view/Mobius.

Google Scholar

[6]

The S3MS project. http://www.s3ms.org/index.jsp.

Google Scholar

[7]

WALA. http://wala.sourceforge.net/wiki/index.php/Main_Page.

Google Scholar

[8]

A. Chaudhuri, P. Naldurg, and S. Rajamani. A type system for data-flow integrity on Windows Vista. In PLAS'08: Programming Languages and Analysis for Security, pages 89--100. ACM, 2008.

Digital Library

Google Scholar

[9]

W. Enck, M. Ongtang, and P. McDaniel. Understanding Android security. IEEE Security & Privacy Magazine, 7(1):10--17, 2009.

Digital Library

Google Scholar

[10]

C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In PLDI'02: Programming Language Design and Implementation, pages 234--245. ACM, 2002.

Digital Library

Google Scholar

[11]

G. C. Necula. Proof-carrying code. In POPL'97: Principles of Programming Langauges, pages 106--119. ACM, 1997.

Digital Library

Google Scholar

[12]

R. V. Rai. Soot: A Java bytecode optimization framework. Master's thesis, McGill University, 2000.

Google Scholar

Cited By

View all

Hu X(2024)TPAM: Timed-Permission based Access Control Analysis and Modeling Method for Android AppsProceedings of the 2024 6th International Conference on Software Engineering and Development10.1145/3686614.3686618(30-38)Online publication date: 29-May-2024
https://dl.acm.org/doi/10.1145/3686614.3686618
Hu X(2024)TySA: Enforcing Security Policies for Safeguarding Against Permission-Induced Attacks in Android ApplicationsIEEE Access10.1109/ACCESS.2024.348785212(165026-165041)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3487852
Liang DShen LChen ZMa CFeng J(2022)A Formal Method for Description and Decision of Android Apps Behavior Based on Process AlgebraIEEE Access10.1109/ACCESS.2022.321038610(108668-108683)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3210386
Show More Cited By

Index Terms

Language-based security on Android
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features
        Control structures

Recommendations

Language-based security on Android (abstract only)

In this paper, we initiate a formal study of security on Android: Google's new open-source platform for mobile devices. Specifically, we present a core typed language to describe Android applications, and to reason about their data-flow security ...
Android: Changing the Mobile Landscape

The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...
Pro Android 2

Comments

Information & Contributors

Information

Published In

PLAS '09: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security

June 2009

130 pages

ISBN:9781605586458

DOI:10.1145/1554339

Conference Chairs:
Stephen Chong
Harvard University
,
David Naumann
Stevens Institute of Technology

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 June 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Defense Advanced Research Projects Agency

Conference

PLDI '09

Sponsor:

SIGPLAN

PLDI '09: ACM SIGPLAN Conference on Programming Language Design and Implementation

June 15 - 21, 2009

Dublin, Ireland

Acceptance Rates

PLAS '09 Paper Acceptance Rate 8 of 19 submissions, 42%;

Overall Acceptance Rate 43 of 77 submissions, 56%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

72
Total Citations
View Citations
2,170
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)1

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Hu X(2024)TPAM: Timed-Permission based Access Control Analysis and Modeling Method for Android AppsProceedings of the 2024 6th International Conference on Software Engineering and Development10.1145/3686614.3686618(30-38)Online publication date: 29-May-2024
https://dl.acm.org/doi/10.1145/3686614.3686618
Hu X(2024)TySA: Enforcing Security Policies for Safeguarding Against Permission-Induced Attacks in Android ApplicationsIEEE Access10.1109/ACCESS.2024.348785212(165026-165041)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3487852
Liang DShen LChen ZMa CFeng J(2022)A Formal Method for Description and Decision of Android Apps Behavior Based on Process AlgebraIEEE Access10.1109/ACCESS.2022.321038610(108668-108683)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3210386
Omar MMohammed DNguyen VDawson MBanisakher M(2021)Android Application SecurityResearch Anthology on Securing Mobile Technologies and Applications10.4018/978-1-7998-8545-0.ch034(610-625)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-8545-0.ch034
Xu ZChen HTiu ALiu YSareen K(2021)A permission-dependent type system for secure information flow analysisJournal of Computer Security10.3233/JCS-200036(1-68)Online publication date: 17-Feb-2021
https://doi.org/10.3233/JCS-200036
Bagheri HWang JAerts JGhorbani NMalek S(2021)Flair: efficient analysis of Android inter-component vulnerabilities in response to incremental changesEmpirical Software Engineering10.1007/s10664-020-09932-626:3Online publication date: 9-Apr-2021
https://doi.org/10.1007/s10664-020-09932-6
Ziadia MFattahi JMejri MPricop E(2020)Smali+: An Operational Semantics for Low-Level Code Generated from Reverse Engineering Android ApplicationsInformation10.3390/info1103013011:3(130)Online publication date: 27-Feb-2020
https://doi.org/10.3390/info11030130
Luo L(2020)Heap Memory Snapshot Assisted Program Analysis for Android Permission Specification2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER48275.2020.9054795(435-446)Online publication date: Feb-2020
https://doi.org/10.1109/SANER48275.2020.9054795
Omar MMohammed DNguyen VDawson MBanisakher M(2019)Android Application SecurityApplying Methods of Scientific Inquiry Into Intelligence, Security, and Counterterrorism10.4018/978-1-5225-8976-1.ch002(46-67)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-8976-1.ch002
Khan WKamran MAhmad AKhan FDerhab A(2019)Formal Analysis of Language-Based Android Security Using Theorem Proving ApproachIEEE Access10.1109/ACCESS.2019.28952617(16550-16560)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2895261
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations