码迷,mamicode.com
首页 > 其他好文 > 详细

WiSec session 2: DroidJust

时间:2015-06-25 06:44:47      阅读:118      评论:0      收藏:0      [点我收藏+]

标签:

tasks:

T1. discover sensitive info transmission

T2. detect privacy leakage : distinguish malicious or benign use

challenges:

c1. fuzzy nature of privacy leakage detection pro: some info transmission is not explicit  -> sensitive info justification 

c2. larege no. of smartphone apps (need to be automated scalable)

c3. no server side logic available

Related work:

sensitive info flow tracking: taintDroid, PiOS, androidLeaks, FlowDroid

Event chain ana: appIntent (sensitive data transmission identification, but not scalable, need human efforts)

Statistical efforts: Bayesian

sensitive info usage: local use or transmit to netowrk

eg. weathre forcate app: send user‘s location to a remote server; app will receive weather info from the server; display the weather info

ways to get and transmit sensitive data:

1) framework apis

2) privileged intent actions: need to find the broadcast receiver

3)  uri fields and strings: need to resolve

sensible phone states

=PScout permission specifications.

=SuSi do not need to require permission.

unique identifier to link the data medium: context; filename

sensitive info transmission--- socket httpclient; domain IP address -- sensible data reception

 

WiSec session 2: DroidJust

标签:

原文地址:http://www.cnblogs.com/CarrieCui/p/4599077.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!