• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Software, IET >ASCAA: API-level security certification of android applications
【24h】

ASCAA: API-level security certification of android applications

机译:ASCAA:Android应用程序的API级安全性认证

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Android provides a permission declaration and a certification mechanism to detect and report potential security threats of applications. Normally, an application is certified based on its declared permissions, but declared permissions are often coarse-grained or inconsistent with those actually used in the program code. The authors propose application programming interface (API)-level security certification of android applications (ASCAA), a cloud-based framework, which employs a systematic method to identify and analyse security threats at API level. To certify an application, ASCAA examines all permission labels in its manifest and API invocations extracted from its decompiled code based on a set of requirement-dependent security rules. In addition, the authors provide ASCAA Security Language to formalise security rules and the certification process, which makes ASCAA general and scalable. Since it is a cloud-based framework, any potential user could easily make ASCAA work for them, and ASCAA has also been proved to gain high performance. Hitherto, they have analysed over 200 applications with an automated tool based on ASCAA, and discovered that about one-eighth failed to pass part of our sample rules. We find evidence that ASCAA can identify risk factors in a fine-grained way, for example, applications' being over privileged or the use of some dangerous APIs require no permission declaration.
机译:Android提供了权限声明和认证机制来检测和报告应用程序的潜在安全威胁。通常,应用程序是根据其声明的权限进行认证的,但是声明的权限通常是粗粒度的,或者与程序代码中实际使用的权限不一致。作者提出了基于云的框架android应用程序(ASCAA)的应用程序编程接口(API)级安全认证,该认证采用了系统的方法来识别和分析API级别的安全威胁。为了对应用程序进行认证,ASCAA会根据一组与需求相关的安全规则,检查其清单和从反编译代码中提取的API调用中的所有权限标签。此外,作者提供了ASCAA安全语言来规范安全规则和认证过程,这使ASCAA具有通用性和可扩展性。由于它是基于云的框架,因此任何潜在的用户都可以轻松地使ASCAA为他们工作,并且ASCAA也被证明具有很高的性能。迄今为止,他们已经使用基于ASCAA的自动化工具分析了200多个应用程序,发现大约八分之一的应用程序未能通过我们的示例规则。我们发现有证据表明ASCAA可以细粒度地识别风险因素,例如,应用程序具有超权限或使用某些危险API不需要权限声明。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号