FlowSlicer - A Hybrid Approach to Detect and Avoid Sensitive Information Leaks in Android Applications using Program Slicing and Instrumentation

Luis Menezes, Roland Wismüller

Abstract

With the increasingly amount of private information stored in mobile devices, the need for more secure ways to detect, control and avoid malicious behaviors has become higher. The too coarse-grained permission system implemented in the Android platform does not cover problems regarding the flow of the data acquired by the apps. In order to enhance detection, awareness and avoidance of such unwanted information flows, we propose a hybrid information flow analysis that mixes the benefits of static and dynamic analysis, using slicing and instrumentation. Our results indicate a precise detection and only a small overhead while running the application. The validation of our method has been done by creating a tool called FLOWSLICER and using the category AndroidSpecific from the DROIDBENCH repository of applications with known information leaks.

Download


Paper Citation


in Harvard Style

Menezes L. and Wismüller R. (2017). FlowSlicer - A Hybrid Approach to Detect and Avoid Sensitive Information Leaks in Android Applications using Program Slicing and Instrumentation . In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017) ISBN 978-989-758-259-2, pages 450-455. DOI: 10.5220/0006428604500455


in Bibtex Style

@conference{secrypt17,
author={Luis Menezes and Roland Wismüller},
title={FlowSlicer - A Hybrid Approach to Detect and Avoid Sensitive Information Leaks in Android Applications using Program Slicing and Instrumentation},
booktitle={Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)},
year={2017},
pages={450-455},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006428604500455},
isbn={978-989-758-259-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)
TI - FlowSlicer - A Hybrid Approach to Detect and Avoid Sensitive Information Leaks in Android Applications using Program Slicing and Instrumentation
SN - 978-989-758-259-2
AU - Menezes L.
AU - Wismüller R.
PY - 2017
SP - 450
EP - 455
DO - 10.5220/0006428604500455