English
Related papers

Related papers: CrySL: Validating Correct Usage of Cryptographic A…

200 papers

Android filesystem access control provides a foundation for Android system integrity. Android utilizes a combination of mandatory (e.g., SEAndroid) and discretionary (e.g., UNIX permissions) access control, both to protect the Android…

Cryptography and Security · Computer Science 2020-08-11 Yu-Tsung Lee , William Enck , Haining Chen , Hayawardh Vijayakumar , Ninghui Li , Daimeng Wang , Zhiyun Qian , Giuseppe Petracca , Trent Jaeger

Security of mobile apps affects the security of their users. This has fueled the development of techniques to automatically detect vulnerabilities in mobile apps and help developers secure their apps; specifically, in the context of Android…

Cryptography and Security · Computer Science 2017-11-09 Joydeep Mitra , Venkatesh-Prasad Ranganath

Problem: We address the challenge in responsible computing where an exploitable mobile app is misused by one app user (an abuser) against another user or bystander (victim). We introduce the idea of a misuse audit of apps as a way of…

Cryptography and Security · Computer Science 2024-11-11 Vaibhav Garg , Hui Guo , Nirav Ajmeri , Saikath Bhattacharya , Munindar P. Singh

Cryptographic libraries, an essential part of cybersecurity, are shown to be susceptible to different types of attacks, including side-channel and memory-corruption attacks. In this article, we examine popular cryptographic libraries in…

Cryptography and Security · Computer Science 2026-05-21 Rodothea Myrsini Tsoupidi , Elena Troubitsyna , Panos Papadimitratos

Despite being one of the largest and most popular projects, the official Android framework has only provided test cases for less than 30% of its APIs. Such a poor test case coverage rate has led to many compatibility issues that can cause…

Software Engineering · Computer Science 2022-08-30 Xiaoyu Sun , Xiao Chen , Yanjie Zhao , Pei Liu , John Grundy , Li Li

Scripting languages are continuously gaining popularity due to their ease of use and the flourishing software ecosystems that surround them. These languages offer crash and memory safety by design, thus, developers do not need to understand…

Cryptography and Security · Computer Science 2023-02-06 Cristian-Alexandru Staicu , Sazzadur Rahaman , Ágnes Kiss , Michael Backes

With over 500,000 commits and more than 700 contributors, the Android platform is undoubtedly one of the largest industrial-scale software projects. This project provides the Android API, and developers heavily rely on this API to develop…

Software Engineering · Computer Science 2022-06-01 Pei Liu , Li Li , Yichun Yan , Mattia Fazzini , John Grundy

Developers usually use TPLs to facilitate the development of the projects to avoid reinventing the wheels, however, the vulnerable TPLs indeed cause severe security threats. The majority of existing research only considered whether projects…

Software Engineering · Computer Science 2024-09-05 Fangyuan Zhang , Lingling Fan , Sen Chen , Miaoying Cai , Sihan Xu , Lida Zhao

The application layer of Bluetooth Low Energy (BLE) is a growing source of security vulnerabilities, as developers often neglect to implement critical protections such as encryption, authentication, and freshness. While formal verification…

Cryptography and Security · Computer Science 2025-09-12 Biwei Yan , Yue Zhang , Minghui Xu , Runyu Pan , Jinku Li , Xiuzhen Cheng

While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a…

Cryptography and Security · Computer Science 2022-01-19 Xiaoyu Sun , Xiao Chen , Kui Liu , Sheng Wen , Li Li , John Grundy

Internet of Things is growing rapidly, with many connected devices now available to consumers. With this growth, the IoT apps that manage the devices from smartphones raise significant security concerns. Typically, these apps are secured…

Cryptography and Security · Computer Science 2018-11-06 Davino Mauro Junior , Kiev Gama , Atul Prakash

Data science libraries, such as scikit-learn and pandas, specialize in processing and manipulating data. The data-centric nature of these libraries makes the detection of API misuse in them more challenging. This paper introduces DSCHECKER,…

Software Engineering · Computer Science 2025-10-01 Akalanka Galappaththi , Francisco Ribeiro , Sarah Nadi

Static program analysis development is a non-trivial and time-consuming task. We present a framework through which developers can define static program analyses in natural language. We show the application of this framework to identify…

Programming Languages · Computer Science 2023-01-13 Mohammad Mehdi Pourhashem Kallehbasti , Mohammad Ghafari

Currently, Application Programming Interfaces (APIs) are becoming increasingly popular to facilitate data transfer in a variety of mobile applications. These APIs often process sensitive user information through their endpoints, which are…

Cryptography and Security · Computer Science 2023-10-24 Nate Haris , Kendree Chen , Ann Song , Benjamin Pou

The security of Android has been recently challenged by the discovery of a number of vulnerabilities involving different layers of the Android stack. We argue that such vulnerabilities are largely related to the interplay among layers…

Cryptography and Security · Computer Science 2012-09-05 Alessandro Armando , Alessio Merlo , Luca Verderame

Secret-dependent timing behavior in cryptographic implementations has resulted in exploitable vulnerabilities, undermining their security. Over the years, numerous tools to automatically detect timing leakage or even to prove their absence…

Cryptography and Security · Computer Science 2023-04-25 Jan Wichelmann , Florian Sieck , Anna Pätschke , Thomas Eisenbarth

Many Android applications collect data from users. The European Union's General Data Protection Regulation (GDPR) requires vendors to faithfully disclose which data their apps collect. This task is complicated because many apps use…

Cryptography and Security · Computer Science 2024-09-09 Mugdha Khedkar , Ambuj Kumar Mondal , Eric Bodden

Despite recent research efforts, the vision of automatic code generation through API recommendation has not been realized. Accuracy and expressiveness challenges of API recommendation needs to be systematically addressed. We present a new…

Software Engineering · Computer Science 2021-03-19 Ya Xiao , Salman Ahmed , Wenjia Song , Xinyang Ge , Bimal Viswanath , Danfeng Yao

Numerous exploits of client-server protocols and applications involve modifying clients to behave in ways that untampered clients would not, such as crafting malicious packets. In this paper, we demonstrate practical verification of a…

Cryptography and Security · Computer Science 2016-03-15 Andrew Chi , Robert Cochran , Marie Nesfield , Michael K. Reiter , Cynthia Sturton

Android's filesystem access control is a crucial aspect of its system integrity. It utilizes a combination of mandatory access controls, such as SELinux, and discretionary access controls, like Unix permissions, along with specialized…

Cryptography and Security · Computer Science 2023-03-01 Yu-Tsung Lee , Haining Chen , William Enck , Hayawardh Vijayakumar , Ninghui Li , Zhiyun Qian , Giuseppe Petracca , Trent Jaeger