We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
ASCAA: API‐level security certification of android applications.
- Authors
Pei, Wengang; Li, Jingtao; Li, Hengyu; Gao, Hang; Wang, Peizan
- Abstract
Android provides a permission declaration and a certification mechanism to detect and report potential security threats of applications. Normally, an application is certified based on its declared permissions, but declared permissions are often coarse‐grained or inconsistent with those actually used in the program code. The authors propose application programming interface (API)‐level security certification of android applications (ASCAA), a cloud‐based framework, which employs a systematic method to identify and analyse security threats at API level. To certify an application, ASCAA examines all permission labels in its manifest and API invocations extracted from its decompiled code based on a set of requirement‐dependent security rules. In addition, the authors provide ASCAA Security Language to formalise security rules and the certification process, which makes ASCAA general and scalable. Since it is a cloud‐based framework, any potential user could easily make ASCAA work for them, and ASCAA has also been proved to gain high performance. Hitherto, they have analysed over 200 applications with an automated tool based on ASCAA, and discovered that about one‐eighth failed to pass part of our sample rules. We find evidence that ASCAA can identify risk factors in a fine‐grained way, for example, applications' being over privileged or the use of some dangerous APIs require no permission declaration.
- Publication
IET Software (Wiley-Blackwell), 2017, Vol 11, Issue 2, p55
- ISSN
1751-8806
- Publication type
Article
- DOI
10.1049/iet-sen.2015.0040