Staff Profile Pages

Malevolent app pairs: An android permission overpassing scheme

Authors: Dimitriadis, A., Efraimidis, P.S. and Katos, V.

Journal: 2016 ACM International Conference on Computing Frontiers - Proceedings

Pages: 431-436

DOI: 10.1145/2903150.2911706

Abstract:

Portable smart devices potentially store a wealth of information of personal data, making them attractive targets for data exfiltration attacks. Permission based schemes are core security controls for reducing privacy and security risks. In this paper we demonstrate that current permission schemes cannot effectively mitigate risks posed by covert channels. We show that a pair of apps with different permission settings may collude in order to effectively create a state where a union of their permissions is obtained, giving opportunities for leaking sensitive data, whilst keeping the leak potentially unnoticed. We then propose a solution for such attacks.

https://eprints.bournemouth.ac.uk/24483/

Source: Scopus

Malevolent App Pairs: An Android Permission Overpassing Scheme

Authors: Dimitriadis, A., Efraimidis, P.S. and Katos, V.

Journal: PROCEEDINGS OF THE ACM INTERNATIONAL CONFERENCE ON COMPUTING FRONTIERS (CF'16)

Pages: 431-436

DOI: 10.1145/2903150.2911706

https://eprints.bournemouth.ac.uk/24483/

Source: Web of Science (Lite)

Malevolent app pairs: An android permission overpassing scheme

Authors: Dimitriadis, A., Efraimidis, P.S. and Katos, V.

Conference: ACM International Conference on Computing Frontiers 2016

Pages: 431-436

Publisher: 2016 ACM International Conference on Computing Frontiers

ISBN: 9781450341288

Abstract:

© 2016 Copyright held by the owner/author(s).Portable smart devices potentially store a wealth of information of personal data, making them attractive targets for data exfiltration attacks. Permission based schemes are core security controls for reducing privacy and security risks. In this paper we demonstrate that current permission schemes cannot effectively mitigate risks posed by covert channels. We show that a pair of apps with different permission settings may collude in order to effectively create a state where a union of their permissions is obtained, giving opportunities for leaking sensitive data, whilst keeping the leak potentially unnoticed. We then propose a solution for such attacks.

https://eprints.bournemouth.ac.uk/24483/

Source: BURO EPrints