User-Intention Based Program Analysis for Android Security

• Software security, malware analysis and detection, smartphone security and privacy, using program analysis and machine learning for security and privacy • Software refactoring, software quality predictive models, empirical software engineering EDUCATION

[1]  Shivakant Mishra,et al.  Location based power analysis to detect malicious code in smartphones , 2011, SPSM '11.

[2]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[3]  Isil Dillig,et al.  Apposcopy: semantics-based detection of Android malware through static analysis , 2014, SIGSOFT FSE.

[4]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .

[5]  Christopher Krügel,et al.  PiOS: Detecting Privacy Leaks in iOS Applications , 2011, NDSS.

[6]  Heng Yin,et al.  Attacks on WebView in the Android system , 2011, ACSAC '11.

[7]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[8]  Yuan Zhang,et al.  AppIntent: analyzing sensitive data transmission in android for privacy leakage detection , 2013, CCS.

[9]  Mu Zhang,et al.  Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs , 2014, CCS.

[10]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[11]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[12]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[13]  Barbara G. Ryder,et al.  Exploring the impact of context sensitivity on blended analysis , 2010, 2010 IEEE International Conference on Software Maintenance.

[14]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[15]  Shashi Shekhar,et al.  QUIRE: Lightweight Provenance for Smart Phone Operating Systems , 2011, USENIX Security Symposium.

[16]  Tao Xie,et al.  AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[17]  Yin Liu,et al.  Static Information Flow Analysis with Handling of Implicit Flows and a Study on Effects of Implicit Flows vs Explicit Flows , 2010, 2010 14th European Conference on Software Maintenance and Reengineering.

[18]  K. Yi,et al.  Static Analyzer for Detecting Privacy Leaks in Android Applications , 2012 .

[19]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1990, TOPL.

[20]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[21]  William Enck,et al.  AppsPlayground: automatic security analysis of smartphone applications , 2013, CODASPY.

[22]  Ahmad-Reza Sadeghi,et al.  Towards Taming Privilege-Escalation Attacks on Android , 2012, NDSS.

[23]  Barbara G. Ryder,et al.  User-Centric Dependence Analysis For Identifying Malicious Mobile Apps , 2012 .

[24]  R. Sekar,et al.  Dataflow anomaly detection , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[25]  Siu-Ming Yiu,et al.  DroidChecker: analyzing android applications for capability leak , 2012, WISEC '12.

[26]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[27]  Ninghui Li,et al.  Using probabilistic generative models for ranking risks of Android apps , 2012, CCS.

[28]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[29]  Jules White,et al.  Applying machine learning classifiers to dynamic Android malware detection at scale , 2013, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC).

[30]  Gonzalo Álvarez,et al.  PUMA: Permission Usage to Detect Malware in Android , 2012, CISIS/ICEUTE/SOCO Special Sessions.

[31]  Dan Arp,et al.  Drebin : � Efficient and Explainable Detection of Android Malware in Your Pocket , 2014 .

[32]  Dawn Xiaodong Song,et al.  Contextual Policy Enforcement in Android Applications with Permission Event Graphs , 2013, NDSS.

[33]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[34]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[35]  Lucas C.K. Hui,et al.  A privilege escalation vulnerability checking system for android applications , 2011, 2011 IEEE 13th International Conference on Communication Technology.

[36]  Heng Yin,et al.  Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.

[37]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[38]  Lei Liu,et al.  VirusMeter: Preventing Your Cellphone from Spies , 2009, RAID.

[39]  Jeff H. Perkins,et al.  Information Flow Analysis of Android Applications in DroidSafe , 2015, NDSS.

[40]  Barbara G. Ryder,et al.  A scalable technique for characterizing the usage of temporaries in framework-intensive Java applications , 2008, SIGSOFT '08/FSE-16.

[41]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[42]  Somesh Jha,et al.  Formalizing sensitivity in static analysis for intrusion detection , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[43]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[44]  Yajin Zhou,et al.  The impact of vendor customizations on android security , 2013, CCS.

[45]  Kun Yang,et al.  IntentFuzzer: detecting capability leaks of android applications , 2014, AsiaCCS.

[46]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[47]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[48]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[49]  Karim O. Elish,et al.  Device-based Isolation for Securing Cryptographic Keys , 2013, ANT/SEIT.

[50]  Xuxian Jiang,et al.  Profiling user-trigger dependence for Android malware detection , 2015, Comput. Secur..

[51]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[52]  Daniel T. Larose,et al.  Discovering Knowledge in Data: An Introduction to Data Mining , 2005 .

[53]  Yuan Zhang,et al.  Vetting undesirable behaviors in android apps with permission use analysis , 2013, CCS.

[54]  Barbara G. Ryder,et al.  Annotated inclusion constraints for precise flow analysis , 2005, 21st IEEE International Conference on Software Maintenance (ICSM'05).

[55]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[56]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[57]  Naren Ramakrishnan,et al.  Detection of stealthy malware activities with traffic causality and scalable triggering relation discovery , 2014, AsiaCCS.

[58]  Aaron Tomb,et al.  Multi-App Security Analysis with FUSE: Statically Detecting Android App Collusion , 2014, PPREW-4.

[59]  David A. Wagner,et al.  Intrusion detection via static analysis , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[60]  Abhinav Srivastava,et al.  Database Intrusion Detection using Weighted Sequence Mining , 2006, J. Comput..

[61]  David A. Wagner,et al.  Reducing attack surfaces for intra-application communication in android , 2012, SPSM '12.

[62]  Ahmad-Reza Sadeghi,et al.  Privilege Escalation Attacks on Android , 2010, ISC.

[63]  Karim O. Elish,et al.  High Precision Screening for Android Malware with Dimensionality Reduction , 2014, 2014 13th International Conference on Machine Learning and Applications.

[64]  Mohammad Alshayeb,et al.  A Classification of Refactoring Methods Based on Software Quality Attributes , 2011 .

[65]  Mu Zhang,et al.  AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications , 2014, NDSS.

[66]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[67]  Wei You,et al.  Android Implicit Information Flow Demystified , 2015, AsiaCCS.

[68]  Xuxian Jiang,et al.  A Static Assurance Analysis of Android Applications , 2013 .

[69]  Christopher Krügel,et al.  Detection and analysis of drive-by-download attacks and malicious JavaScript code , 2010, WWW '10.

[70]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[71]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[72]  Somesh Jha,et al.  Efficient Context-Sensitive Intrusion Detection , 2004, NDSS.

[73]  Helen J. Wang,et al.  User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems , 2012, 2012 IEEE Symposium on Security and Privacy.

[74]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[75]  David A. Wagner,et al.  AdDroid: privilege separation for applications and advertisers in Android , 2012, ASIACCS '12.

[76]  Micah Sherr,et al.  $100,000 prize jackpot. call now!: identifying the pertinent features of SMS spam , 2012, SIGIR '12.

[77]  Karim O. Elish,et al.  On the Need of Precise Inter-App ICC Classification for Detecting Android , 2015 .

[78]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[79]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[80]  Michael D. Ernst,et al.  Collaborative Verification of Information Flow for a High-Assurance App Store , 2014, Software Engineering & Management.

[81]  Guofei Gu,et al.  SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications , 2012, SPSM '12.

[82]  Karim O. Elish,et al.  Comprehensive Behavior Profiling for Proactive Android Malware Detection , 2014, ISC.

[83]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.

[84]  Hao Chen,et al.  Attack of the Clones: Detecting Cloned Applications on Android Markets , 2012, ESORICS.

[85]  Somesh Jha,et al.  Retargeting Android applications to Java bytecode , 2012, SIGSOFT FSE.

[86]  Xuxian Jiang,et al.  AppInk: watermarking android apps for repackaging deterrence , 2013, ASIA CCS '13.

[87]  Alessandra Gorla,et al.  Mining Apps for Abnormal Usage of Sensitive Data , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[88]  Peng Liu,et al.  Using Bayesian networks for cyber security analysis , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[89]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[90]  Mohammad Alshayeb,et al.  Using Software Quality Attributes to Classify Refactoring to Patterns , 2012, J. Softw..

[91]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[92]  Yin Liu,et al.  Practical static analysis for inference of security-related program properties , 2009, 2009 IEEE 17th International Conference on Program Comprehension.

[93]  Jacques Klein,et al.  Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis , 2013 .

[94]  Sam Blackshear,et al.  Android apps consistency scrutinized , 2014, CHI Extended Abstracts.

[95]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[96]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[97]  Shashi Shekhar,et al.  AdSplit: Separating Smartphone Advertising from Applications , 2012, USENIX Security Symposium.

[98]  Lujo Bauer,et al.  Android taint flow analysis for app sets , 2014, SOAP '14.

[99]  Hubert Ritzdorf,et al.  Analysis of the communication between colluding applications on modern smartphones , 2012, ACSAC '12.

[100]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[101]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[102]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[103]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[104]  Barbara G. Ryder,et al.  Blended analysis for performance understanding of framework-based applications , 2007, ISSTA '07.

[105]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.