| 465 |
@InProceedings{2016:Schmerl:Raindroid,
AUTHOR = {Schmerl, Bradley and Gennari, Jeffrey and C\'{a}mara, Javier and Garlan, David},
TITLE = {Raindroid - A System for Run-time Mitigation of Android Intent Vulnerabilities (Poster)},
YEAR = {2016},
MONTH = {19-21 April},
BOOKTITLE = {Symposium and Bootcamp on the Science of Security},
ADDRESS = {Pittsburgh, PA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/raindroid-poster.pdf},
ABSTRACT = {Modern frameworks are required to be extendable as well
as secure. However, these two qualities are often at odds.
In this poster we describe an approach that uses a combination of static analysis and run-time management, based
on software architecture models, that can improve security
while maintaining framework extendability. We implement
a prototype of the approach for the Android platform. Static
analysis identifi�es the architecture and communication patterns among the collection of apps on an Android device
and which communications might be vulnerable to attack.
Run-time mechanisms monitor these potentially vulnerable
communication patterns, and adapt the system to either
deny them, request explicit approval from the user, or allow them.},
KEYWORDS = {Human-in-the-loop, Rainbow, Science of Security}
}
|
|
