Title :
Mining Patterns of Sensitive Data Usage
Author :
Avdiienko, Vitalii
Author_Institution :
Software Eng. Dept., Saarland Univ., Saarbrucken, Germany
Abstract :
When a user downloads an Android application from a market, she does not know much about its actual behavior. A brief description, a set of screenshots, and the list of permissions, which give a high level intuition of what the application might be doing, are all the user sees before installing and running the application on his device. These elements are not enough to decide whether the application is secure, and for sure they do not indicate whether it might violate the user´s privacy by leaking some sensitive data. The goal of my thesis is to employ both static and dynamic taint analyses to gather information on how Android applications use sensitive data. The main hypothesis of this work is that malicious and benign mobile applications differ in how they use sensitive data, and consequently information flow can be used effectively to identify malware.
Keywords :
Android (operating system); data mining; data privacy; invasive software; mobile computing; program diagnostics; Android application; application security; dynamic taint analysis; malware identification; mobile applications; pattern mining; sensitive data usage pattern; static taint analysis; user privacy; Androids; Data mining; Humanoid robots; Malware; Medical services; Software engineering;
Conference_Titel :
Software Engineering (ICSE), 2015 IEEE/ACM 37th IEEE International Conference on
Conference_Location :
Florence
DOI :
10.1109/ICSE.2015.285
