Results 1 -
2 of
2
Draft CFL-Reachability and Context-sensitive Integrity Types
"... Integrity types can help detect information flow vulnerabilities in web applications and Android apps. We study DFlow, a context-sensitive integrity type system and we give an interpretation of DFlow in terms of CFL-reachability. We propose DFlowCFL, a new, more precise integrity type system, and DF ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Integrity types can help detect information flow vulnerabilities in web applications and Android apps. We study DFlow, a context-sensitive integrity type system and we give an interpretation of DFlow in terms of CFL-reachability. We propose DFlowCFL, a new, more precise integrity type system, and DFlowCFL-Infer, the corresponding type inference analysis, which is equivalent to CFL-reachability. DFlowCFL-Infer is an effective taint analysis for Android. It scales well and detects numerous privacy leaks in popular Android apps.
Scalable and Precise Taint Analysis for Android
"... We propose a type-based taint analysis for Android. Con-cretely, we present DFlow, a context-sensitive information flow type system, and DroidInfer, the corresponding type in-ference analysis for detecting privacy leaks in Android apps. We present novel techniques for error reporting based on CFL-re ..."
Abstract
- Add to MetaCart
(Show Context)
We propose a type-based taint analysis for Android. Con-cretely, we present DFlow, a context-sensitive information flow type system, and DroidInfer, the corresponding type in-ference analysis for detecting privacy leaks in Android apps. We present novel techniques for error reporting based on CFL-reachability, as well as novel techniques for handling of Android-specific features, including libraries, multiple entry points and callbacks, and inter-component communication. Empirical results show that our approach is scalable and precise. DroidInfer scales well in terms of time and memory and has false-positive rate of 15.7%. It detects privacy leaks in apps from the Google Play Store and in known malware. 1.
