{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:17:56Z","timestamp":1763468276002,"version":"3.40.3"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319205496"},{"type":"electronic","value":"9783319205502"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-20550-2_15","type":"book-chapter","created":{"date-parts":[[2015,6,22]],"date-time":"2015-06-22T01:55:06Z","timestamp":1434938106000},"page":"282-303","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users"],"prefix":"10.1007","author":[{"given":"Yanick","family":"Fratantonio","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Antonio","family":"Bianchi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"William","family":"Robertson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Manuel","family":"Egele","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Engin","family":"Kirda","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,6,23]]},"reference":[{"key":"15_CR1","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., Malte, H., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS) (2014)","DOI":"10.14722\/ndss.2014.23247"},{"key":"15_CR2","doi-asserted-by":"crossref","unstructured":"Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) (2014)","DOI":"10.1145\/2594291.2594299"},{"key":"15_CR3","doi-asserted-by":"crossref","unstructured":"Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the android permission specification. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2012)","DOI":"10.1145\/2382196.2382222"},{"key":"15_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"543","DOI":"10.1007\/978-3-642-36742-7_39","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"M Backes","year":"2013","unstructured":"Backes, M., Gerling, S., Hammer, C., Maffei, M., von Styp-Rekowsky, P.: AppGuard \u2013 enforcing user requirements on android apps. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013 (ETAPS 2013). LNCS, vol. 7795, pp. 543\u2013548. Springer, Heidelberg (2013)"},{"key":"15_CR5","doi-asserted-by":"crossref","unstructured":"Barrera, D., Kayacik, H.G., Oorschot, P.V., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2010)","DOI":"10.1145\/1866307.1866317"},{"key":"15_CR6","doi-asserted-by":"crossref","unstructured":"B\u00f6hme, R., Grossklags, J.: The security cost of cheap user interaction. In: Proceedings of the Workshop on New Security Paradigms Workshop (NSPW) (2011)","DOI":"10.1145\/2073276.2073284"},{"key":"15_CR7","doi-asserted-by":"crossref","unstructured":"Cao, Y., Fratantonio, Y., Bianchi, A., Egele, M., Kruegel, C., Vigna, G., Chen, Y.: EdgeMiner: automatically detecting implicit control flow transitions through the android framework. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS) (2015)","DOI":"10.14722\/ndss.2015.23140"},{"key":"15_CR8","doi-asserted-by":"crossref","unstructured":"Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys) (2011)","DOI":"10.1145\/1999995.2000018"},{"key":"15_CR9","doi-asserted-by":"crossref","unstructured":"Davis, B., Chen, H.: RetroSkeleton: retrofitting android apps. In: Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys) (2013)","DOI":"10.1145\/2462456.2464462"},{"key":"15_CR10","unstructured":"Davis, B., Sanders, B., Khodaverdian, A., Chen, H.: I-ARM-Droid: a rewriting framework for in-app reference monitors for android applications. In: IEEE Mobile Security Technologies (MoST) (2012)"},{"key":"15_CR11","doi-asserted-by":"crossref","unstructured":"Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2009)","DOI":"10.1145\/1653662.1653691"},{"key":"15_CR12","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2011)","DOI":"10.1145\/2046707.2046779"},{"key":"15_CR13","unstructured":"Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Proceedings of the USENIX Conference on Web Application Development (WebApps) (2011)"},{"key":"15_CR14","unstructured":"Felt, A.P., Wang, H.J., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: attacks and defenses. In: Proceedings of the USENIX Security Symposium (USENIX Security) (2011)"},{"key":"15_CR15","unstructured":"Google: UI\/Application Exerciser Monkey. http:\/\/developer.android.com\/tools\/help\/monkey.html"},{"key":"15_CR16","unstructured":"Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS) (2012)"},{"key":"15_CR17","doi-asserted-by":"crossref","unstructured":"Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: RiskRanker: scalable and accurate zero-day android malware detection. In: Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys) (2012)","DOI":"10.1145\/2307636.2307663"},{"key":"15_CR18","unstructured":"Heuser, S., Nadkarni, A., Enck, W., Sadeghi, A.R.: ASM: a programmable interface for extending android security. In: Proceedings of the USENIX Security Symposium (USENIX Security) (2014)"},{"key":"15_CR19","doi-asserted-by":"crossref","unstructured":"Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren\u2019t the droids you\u2019re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2011)","DOI":"10.1145\/2046707.2046780"},{"key":"15_CR20","unstructured":"Jeon, J., Micinski, K.K., Foster, J.S.: SymDroid: symbolic execution for dalvik bytecode. Technical report CS-TR-5022, University of Maryland, College Park (2012)"},{"key":"15_CR21","doi-asserted-by":"crossref","unstructured":"Jeon, J., Micinski, K.K., Vaughan, J.A., Fogel, A., Reddy, N., Foster, J.S., Millstein, T.: Dr. Android and Mr. Hide: fine-grained permissions in android applications. In: Proceedings of the ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2012)","DOI":"10.1145\/2381934.2381938"},{"key":"15_CR22","unstructured":"Lookout: 2014 Mobile Threat Report ((2014)). https:\/\/www.lookout.com\/resources\/reports\/mobile-threat-report"},{"key":"15_CR23","doi-asserted-by":"crossref","unstructured":"Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: CHEX: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2012)","DOI":"10.1145\/2382196.2382223"},{"key":"15_CR24","doi-asserted-by":"crossref","unstructured":"Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the ACM Symposium on Information, Computer and Communication Security (AsiaCCS) (2010)","DOI":"10.1145\/1755688.1755732"},{"key":"15_CR25","doi-asserted-by":"crossref","unstructured":"Rasthofer, S., Arzt, S., Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS) (2014)","DOI":"10.14722\/ndss.2014.23039"},{"key":"15_CR26","doi-asserted-by":"crossref","unstructured":"Rastogi, V., Chen, Y., Enck, W.: AppsPlayground: automatic security analysis of smartphone applications. In: Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY) (2013)","DOI":"10.1145\/2435349.2435379"},{"key":"15_CR27","doi-asserted-by":"crossref","unstructured":"Russello, G., Jimenez, A.B., Naderi, H., van der Mark, W.: FireDroid: hardening security in almost-stock android. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC) (2013)","DOI":"10.1145\/2523649.2523678"},{"issue":"9","key":"15_CR28","doi-asserted-by":"publisher","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","volume":"63","author":"J Saltzer","year":"1975","unstructured":"Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proc. IEEE 63(9), 1278\u20131308 (1975)","journal-title":"Proc. IEEE"},{"key":"15_CR29","unstructured":"Smalley, S., Craig, R.: Security enhanced (SE) android: bringing flexible MAC to android. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS) (2013)"},{"key":"15_CR30","doi-asserted-by":"crossref","unstructured":"Smaragdakis, Y., Bravenboer, M., Lhot\u00e1k, O.: Pick your contexts well: understanding object-sensitivity. In: Proceedings of the ACM Symposium on Principles of Programming Languages (POPL) (2011)","DOI":"10.1145\/1926385.1926390"},{"key":"15_CR31","doi-asserted-by":"crossref","unstructured":"Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of android malware behaviors. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS) (2015)","DOI":"10.14722\/ndss.2015.23145"},{"key":"15_CR32","doi-asserted-by":"crossref","unstructured":"Viennot, N., Garcia, E., Nieh, J.: A measurement study of Google play. In: Proceedings of the ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS) (2014)","DOI":"10.1145\/2591971.2592003"},{"key":"15_CR33","doi-asserted-by":"crossref","unstructured":"Wang, X., Sun, K., Wang, Y., Jing, J.: DeepDroid: dynamically enforcing enterprise policy on android devices. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS) (2015)","DOI":"10.14722\/ndss.2015.23263"},{"key":"15_CR34","unstructured":"Xu, R., Saidi, H., Anderson, R.: Aurasium: Practical policy enforcement for android applications. In: Proceedings of the USENIX Security Symposium (USENIX Security) (2012)"},{"key":"15_CR35","doi-asserted-by":"crossref","unstructured":"Zheng, C., Zhu, S., Dai, S., Gu, G., Gong, X.: SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications. In: Proceedings of the ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2012)","DOI":"10.1145\/2381934.2381950"},{"key":"15_CR36","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Proceedings of IEEE Symposium on Security and Privacy (S&P) (2012)","DOI":"10.1109\/SP.2012.16"},{"key":"15_CR37","unstructured":"Zhou, Y., Jiang, X.: Detecting passive content leaks and pollution in android applications. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS) (2013)"},{"key":"15_CR38","unstructured":"Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS) (2012)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-20550-2_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,2,21]],"date-time":"2023-02-21T02:04:58Z","timestamp":1676945098000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-20550-2_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319205496","9783319205502"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-20550-2_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"23 June 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}