Welcome to the InfoSci Platform
Jif-Based Verification of Information Flow Policies for Android Apps

Jif-Based Verification of Information Flow Policies for Android Apps

Lina M. Jimenez, Martin Ochoa, Sandra J. Rueda
Copyright: © 2017 |Volume: 8 |Issue: 1 |Pages: 15
ISSN: 1947-3036|EISSN: 1947-3044|EISBN13: 9781522513858|DOI: 10.4018/IJSSE.2017010102
Cite Article Cite Article

MLA

Jimenez, Lina M., et al. "Jif-Based Verification of Information Flow Policies for Android Apps." IJSSE vol.8, no.1 2017: pp.28-42. http://doi.org/10.4018/IJSSE.2017010102

APA

Jimenez, L. M., Ochoa, M., & Rueda, S. J. (2017). Jif-Based Verification of Information Flow Policies for Android Apps. International Journal of Secure Software Engineering (IJSSE), 8(1), 28-42. http://doi.org/10.4018/IJSSE.2017010102

Chicago

Jimenez, Lina M., Martin Ochoa, and Sandra J. Rueda. "Jif-Based Verification of Information Flow Policies for Android Apps," International Journal of Secure Software Engineering (IJSSE) 8, no.1: 28-42. http://doi.org/10.4018/IJSSE.2017010102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Android stores and users need mechanisms to evaluate whether their applications are secure or not. Although various previous works use data and control flow techniques to evaluate security features of Android applications, this paper extends those works by using Jif to verify compliance of information flow policies. To do so, the authors addressed some challenges that emerge in Android environments, like automatizing generation of Jif labels for Android applications, and defining translations for Java instructions that are not currently supported by the Jif compiler. Results show that a Jif-based analysis is faster and has a better recall than other available mechanisms, but it also has a slightly lower precision. Jif also provides an open source compiler, generates executable code for an application only if such application meets a defined policy, and checks implicit flows which may be relevant for highly sensitive applications.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.