Idea: Benchmarking Android Data Leak Detection Tools
Virtual application stores for mobile platforms contain many malign and benign applications that exhibit security issues, such as the leaking of sensitive data. In recent years, researchers have proposed a myriad of techniques and tools to detect such issues automatically. However, it is unclear how...
Saved in:
| Published in | Engineering Secure Software and Systems Vol. 10953; pp. 116 - 123 |
|---|---|
| Main Authors | , , , |
| Format | Book Chapter |
| Language | English |
| Published |
Switzerland
Springer International Publishing AG
2018
Springer International Publishing |
| Series | Lecture Notes in Computer Science |
| Subjects | |
| Online Access | Get full text |
| ISBN | 3319944959 9783319944951 |
| ISSN | 0302-9743 1611-3349 |
| DOI | 10.1007/978-3-319-94496-8_9 |
Cover
| Abstract | Virtual application stores for mobile platforms contain many malign and benign applications that exhibit security issues, such as the leaking of sensitive data. In recent years, researchers have proposed a myriad of techniques and tools to detect such issues automatically. However, it is unclear how these approaches perform compared to each other. The tools are often no longer available, thus comparing different approaches is almost infeasible.
In this work, we propose an approach to execute static analysis tools and collect their output to obtain unified reports in a common format. We review the current state-of-the-art in Android data leak detection tools, and from a list of 87 approaches, of which we were able to obtain and execute five. We compare these using a set of known vulnerabilities and discuss the overall performance of the tools. We further present an approach to compare security analysis tools by normalising their interfaces, which simplifies result reproduction and extension. |
|---|---|
| AbstractList | Virtual application stores for mobile platforms contain many malign and benign applications that exhibit security issues, such as the leaking of sensitive data. In recent years, researchers have proposed a myriad of techniques and tools to detect such issues automatically. However, it is unclear how these approaches perform compared to each other. The tools are often no longer available, thus comparing different approaches is almost infeasible.
In this work, we propose an approach to execute static analysis tools and collect their output to obtain unified reports in a common format. We review the current state-of-the-art in Android data leak detection tools, and from a list of 87 approaches, of which we were able to obtain and execute five. We compare these using a set of known vulnerabilities and discuss the overall performance of the tools. We further present an approach to compare security analysis tools by normalising their interfaces, which simplifies result reproduction and extension. |
| Author | Ghafari, Mohammad Corrodi, Claudio Spring, Timo Nierstrasz, Oscar |
| Author_xml | – sequence: 1 givenname: Claudio surname: Corrodi fullname: Corrodi, Claudio email: corrodi@inf.unibe.ch – sequence: 2 givenname: Timo surname: Spring fullname: Spring, Timo – sequence: 3 givenname: Mohammad surname: Ghafari fullname: Ghafari, Mohammad – sequence: 4 givenname: Oscar surname: Nierstrasz fullname: Nierstrasz, Oscar |
| BookMark | eNpFkMtOwzAQRQ0URFr6BWzyAwaPx092peVRqRKbsracxKGlJQ5x-H_SFonVaObqjGbOmIya2ARCboHdAWP63mpDkSJYaoWwihpnz8gYh8Gx1-ckAwVAEYW9-A-kHZGMIePUaoFXZAxMcKYlAL8m05Q-GWOcoQWwGRHLKviH_DE05ebLd7tt85HPmqqL2ypf-N7nq-B3-SL0oey3scnXMe7TDbms_T6F6V-dkPfnp_X8la7eXpbz2Yq2XPCealMIXQghg0HQKqABXpsgS-1r6bUBxeu6AmErWUjGLfraoxdgUZRYFRInBE57U9sNh4XOFTHukgPmDoLcIMihG952RyFuEDQw4sS0Xfz-Cal34QCVoek7vy83vu1Dl5ziRigDDkA54Ap_AaMTZAg |
| ContentType | Book Chapter |
| Copyright | Springer International Publishing AG, part of Springer Nature 2018 |
| Copyright_xml | – notice: Springer International Publishing AG, part of Springer Nature 2018 |
| DBID | FFUUA |
| DEWEY | 5.8 |
| DOI | 10.1007/978-3-319-94496-8_9 |
| DatabaseName | ProQuest Ebook Central - Book Chapters - Demo use only |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Computer Science |
| EISBN | 3319944967 9783319944968 |
| EISSN | 1611-3349 |
| Editor | Payer, Mathias Such, Jose M Rashid, Awais |
| Editor_xml | – sequence: 1 fullname: Payer, Mathias – sequence: 2 fullname: Such, Jose M – sequence: 3 fullname: Rashid, Awais |
| EndPage | 123 |
| ExternalDocumentID | EBC6284681_116_126 |
| GroupedDBID | 0D6 0DA 38. AABBV ACOUV AEDXK AEJLV AEKFX AEZAY ALMA_UNASSIGNED_HOLDINGS ANXHU BBABE BICGV BJAWL BUBNW CVGDX CZZ EDOXC FFUUA FOYMO I4C IEZ NQNQZ OEBZI SBO TPJZQ TSXQS Z7R Z7S Z7U Z7X Z7Y Z7Z Z81 Z83 Z84 Z85 Z88 -DT -~X 29L 2HA 2HV ACGFS ADCXD EJD F5P LAS LDH P2P RSU ~02 |
| ID | FETCH-LOGICAL-p242t-78b47b445e83176e3812f8e5c7af5a78162ffd149d5b50293afa3a41934c3db53 |
| ISBN | 3319944959 9783319944951 |
| ISSN | 0302-9743 |
| IngestDate | Tue Jul 29 20:11:05 EDT 2025 Thu May 29 00:54:50 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| LCCallNum | QA76.9.A25 |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-p242t-78b47b445e83176e3812f8e5c7af5a78162ffd149d5b50293afa3a41934c3db53 |
| OCLC | 1042075112 |
| PQID | EBC6284681_116_126 |
| PageCount | 8 |
| ParticipantIDs | springer_books_10_1007_978_3_319_94496_8_9 proquest_ebookcentralchapters_6284681_116_126 |
| PublicationCentury | 2000 |
| PublicationDate | 2018 20180620 |
| PublicationDateYYYYMMDD | 2018-01-01 2018-06-20 |
| PublicationDate_xml | – year: 2018 text: 2018 |
| PublicationDecade | 2010 |
| PublicationPlace | Switzerland |
| PublicationPlace_xml | – name: Switzerland – name: Cham |
| PublicationSeriesSubtitle | Theoretical Computer Science and General Issues |
| PublicationSeriesTitle | Lecture Notes in Computer Science |
| PublicationSeriesTitleAlternate | Lect.Notes Computer |
| PublicationSubtitle | 10th International Symposium, ESSoS 2018, Paris, France, June 26-27, 2018, Proceedings |
| PublicationTitle | Engineering Secure Software and Systems |
| PublicationYear | 2018 |
| Publisher | Springer International Publishing AG Springer International Publishing |
| Publisher_xml | – name: Springer International Publishing AG – name: Springer International Publishing |
| RelatedPersons | Kleinberg, Jon M. Hartmanis, Juris Mattern, Friedemann Goos, Gerhard Steffen, Bernhard Kittler, Josef Weikum, Gerhard Naor, Moni Mitchell, John C. Terzopoulos, Demetri Pandu Rangan, C. Kanade, Takeo Hutchison, David Tygar, Doug |
| RelatedPersons_xml | – sequence: 1 givenname: David surname: Hutchison fullname: Hutchison, David – sequence: 2 givenname: Takeo surname: Kanade fullname: Kanade, Takeo – sequence: 3 givenname: Josef surname: Kittler fullname: Kittler, Josef – sequence: 4 givenname: Jon M. surname: Kleinberg fullname: Kleinberg, Jon M. – sequence: 5 givenname: Friedemann surname: Mattern fullname: Mattern, Friedemann – sequence: 6 givenname: John C. surname: Mitchell fullname: Mitchell, John C. – sequence: 7 givenname: Moni surname: Naor fullname: Naor, Moni – sequence: 8 givenname: C. surname: Pandu Rangan fullname: Pandu Rangan, C. – sequence: 9 givenname: Bernhard surname: Steffen fullname: Steffen, Bernhard – sequence: 10 givenname: Demetri surname: Terzopoulos fullname: Terzopoulos, Demetri – sequence: 11 givenname: Doug surname: Tygar fullname: Tygar, Doug – sequence: 12 givenname: Gerhard surname: Weikum fullname: Weikum, Gerhard – sequence: 13 givenname: Gerhard surname: Goos fullname: Goos, Gerhard – sequence: 14 givenname: Juris surname: Hartmanis fullname: Hartmanis, Juris |
| SSID | ssj0002039119 ssj0002792 |
| Score | 1.9124957 |
| Snippet | Virtual application stores for mobile platforms contain many malign and benign applications that exhibit security issues, such as the leaking of sensitive... |
| SourceID | springer proquest |
| SourceType | Publisher |
| StartPage | 116 |
| SubjectTerms | Android Benchmarking Data leak |
| Title | Idea: Benchmarking Android Data Leak Detection Tools |
| URI | http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=6284681&ppg=126 http://link.springer.com/10.1007/978-3-319-94496-8_9 |
| Volume | 10953 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV07T8MwELagLMDCU5SXMjCBjJrYjh22ggpVBSwUxGbZiSMQ0CIahMSv5-w8mkQssESRlUb2fY19953vM0JHRqlYc22wH0YGU-3HWMPChqGVKsaIFtTWO9_chsN7Onpkj_OzOV11SaZP4-9f60r-gyq0Aa62SvYPyFYvhQa4B3zhCgjDteX8NmnWIp1fKQnmrLk5uYM59UsVGYG6Fnm5Xz0x7iiecxjE05tyNLnb0jh9TgD_TFm51ReYgzKTnyA-nk5fG8SAL1rEQEkMtqjFGrvVv2oEk4RYnWAImPzG7GgF6X6da-vbK2wplP1tiIWM5ktLmU73g5bctVtAB-cXIayOofAhDgklPLSIFrmgHbTUH4yuHyquLLAy9n5kS3PKPka5eNK8z5WiVC4a3OpSI35opbydJzFeQ6u2usSzZR_QyXW0YCYbaKWG5SaiFqYzrw6SV4DkWZA8C5JXgeQ5kLbQ_eVgfDHExeEW-B28ogxzoSnXlDIjwIULDXhOQSoMi7lKmeLCD4M0TSB-TZhmPXDKVKqIouBv05gkmpFt1JlMJ2YHeQnnjAmikl5MaMC1YgFNdNSL4OuMmEm7CJeDly4FX-z7jfOhzmQLhS46Li0k7eMzWWpbg2UlkWBZ6SwrwbK7f3z5Hlqe_1n3USf7-DQH4Ndl-rCA_QeSGEdH |
| linkProvider | Library Specific Holdings |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Engineering+Secure+Software+and+Systems&rft.atitle=Idea%3A+Benchmarking+Android+Data+Leak+Detection+Tools&rft.date=2018-01-01&rft.pub=Springer+International+Publishing+AG&rft.isbn=9783319944951&rft.volume=10953&rft_id=info:doi/10.1007%2F978-3-319-94496-8_9&rft.externalDBID=126&rft.externalDocID=EBC6284681_116_126 |
| thumbnail_s | http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F6284681-l.jpg |