{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,2]],"date-time":"2025-05-02T04:10:12Z","timestamp":1746159012678,"version":"3.40.4"},"publisher-location":"Berlin, Heidelberg","reference-count":46,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642545672"},{"type":"electronic","value":"9783642545689"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-642-54568-9_14","type":"book-chapter","created":{"date-parts":[[2014,3,20]],"date-time":"2014-03-20T14:31:35Z","timestamp":1395325895000},"page":"213-231","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":24,"title":["AppGuard \u2013 Fine-Grained Policy Enforcement for Untrusted Android Applications"],"prefix":"10.1007","author":[{"given":"Michael","family":"Backes","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sebastian","family":"Gerling","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christian","family":"Hammer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Matteo","family":"Maffei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Philipp","family":"von Styp-Rekowsky","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2014,3,21]]},"reference":[{"key":"14_CR1","unstructured":"Android.com: Security and permissions. http:\/\/developer.android.com\/guide\/topics\/security\/security.html (2012)"},{"key":"14_CR2","doi-asserted-by":"crossref","unstructured":"Backes, M., Gerling, S., Hammer, C., Maffei, M., von Styp-Rekowsky, P.: AppGuard - Fine-Grained Policy Enforcement for Untrusted Android Applications. Technical Report A\/02\/2013, Saarland University (April 2013)","DOI":"10.1007\/978-3-642-54568-9_14"},{"key":"14_CR3","series-title":"LNCS","first-page":"543","volume-title":"TACAS 2013","author":"M Backes","year":"2013","unstructured":"Backes, M., Gerling, S., Hammer, C., Maffei, M., von Styp-Rekowsky, P.: AppGuard - enforcing user requirements on Android apps. In: Piterman, N., Smolka, S. (eds.) TACAS 2013. LNCS, vol. 7795, pp. 543\u2013548. Springer, Heidelberg (2013)"},{"key":"14_CR4","unstructured":"Backes, M., Gerling, S., von Styp-Rekowsky, P.: A Local Cross-Site Scripting Attack Against Android Phones. http:\/\/www.infsec.cs.uni-saarland.de\/projects\/android-vuln\/android_xss.pdf (2011)"},{"key":"14_CR5","unstructured":"Backes SRT: SRT AppGuard : mobile Android security solution. http:\/\/www.srt-appguard.com\/en\/"},{"key":"14_CR6","doi-asserted-by":"crossref","unstructured":"Barrera, D., Kayac\u0131k, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communication Security (CCS 2010), pp. 73\u201384 (2010)","DOI":"10.1145\/1866307.1866317"},{"key":"14_CR7","doi-asserted-by":"crossref","unstructured":"Bauer, L., Ligatti, J., Walker, D.: A Language and System for Composing Security Policies. Technical Report TR-699-04, Princeton University (January 2004)","DOI":"10.1145\/1065010.1065047"},{"key":"14_CR8","doi-asserted-by":"crossref","unstructured":"Bauer, L., Ligatti, J., Walker, D.: Composing security policies with polymer. In: Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation (PLDI 2005), pp. 305\u2013314 (2005)","DOI":"10.1145\/1065010.1065047"},{"key":"14_CR9","unstructured":"Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R., Shastry, B.: Towards taming privilege-escalation attacks on android. In: Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS 2012) (2012)"},{"key":"14_CR10","unstructured":"Chaudhuri, A., Fuchs, A., Foster, J.: SCanDroid: Automated Security Certification of Android Applications. Technical Report CS-TR-4991, University of Maryland. http:\/\/www.cs.umd.edu\/avik\/papers\/scandroidascaa.pdf (2009)"},{"key":"14_CR11","series-title":"LNCS","first-page":"546","volume-title":"TACAS 2005","author":"F Chen","year":"2005","unstructured":"Chen, F., Ro\u015fu, G.: Java-MOP: a monitoring oriented programming environment for Java. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 546\u2013550. Springer, Heidelberg (2005)"},{"key":"14_CR12","unstructured":"Chip: SRT AppGuard. http:\/\/www.chip.de\/downloads\/SRT-AppGuard-Android-App_56552141.html"},{"key":"14_CR13","series-title":"LNCS","first-page":"331","volume-title":"ISC 2010","author":"M Conti","year":"2011","unstructured":"Conti, M., Nguyen, V.T.N., Crispo, B.: CRePE: context-related policy enforcement for Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ili\u0107, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 331\u2013345. Springer, Heidelberg (2011)"},{"key":"14_CR14","volume-title":"In: Mathematical Structures in Computer Science","author":"M Dam","year":"2011","unstructured":"Dam, M., Jacobs, B., Lundblad, A.: Security monitor inlining and certification for multithreaded Java. In: Mathematical Structures in Computer Science. Cambridge University Press, New York (2011)"},{"key":"14_CR15","unstructured":"Davis, B., Sanders, B., Khodaverdian, A., Chen, H.: I-ARM-Droid: A rewriting framework for in-app reference monitors for Android applications. In: Mobile Security Technologies 2012 (MoST 12) (2012)"},{"issue":"5","key":"14_CR16","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1016\/j.entcs.2009.11.021","volume":"253","author":"L Desmet","year":"2009","unstructured":"Desmet, L., Joosen, W., Massacci, F., Naliuka, K., Philippaerts, P., Piessens, F., Vanoverberghe, D.: The S3MS.NET run time monitor. Electron. Notes Theor. Comput. Sci. 253(5), 153\u2013159 (2009)","journal-title":"Electron. Notes Theor. Comput. Sci."},{"key":"14_CR17","unstructured":"von Eitzen, C.: Apple: future iOS release will require user permission for apps to access address book. http:\/\/h-online.com\/-1435404 (February 2012)"},{"key":"14_CR18","unstructured":"Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th Usenix Symposium on Operating Systems Design and Implementation (OSDI 2010), pp. 393\u2013407 (2010)"},{"key":"14_CR19","unstructured":"Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of Android application security. In: Proceedings of the 20th Usenix Security Symposium (2011)"},{"key":"14_CR20","doi-asserted-by":"crossref","unstructured":"Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communication Security (CCS 2009), pp. 235\u2013245 (2009)","DOI":"10.1145\/1653662.1653691"},{"key":"14_CR21","doi-asserted-by":"crossref","unstructured":"Erlingsson, \u00da., Schneider, F.B.: IRM enforcement of Java stack inspection. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (Oakland 2002), pp. 246\u2013255 (2000)","DOI":"10.1109\/SECPRI.2000.848461"},{"key":"14_CR22","doi-asserted-by":"crossref","unstructured":"Erlingsson, U., Schneider, F.B.: SASI enforcement of security policies: a retrospective. In: Proceedings of the 1999 Workshop on New Security Paradigms (NSPW 1999), pp. 87\u201395 (2000)","DOI":"10.1145\/335169.335201"},{"key":"14_CR23","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communication Security (CCS 2011) (2011)","DOI":"10.1145\/2046707.2046779"},{"key":"14_CR24","unstructured":"Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Proceedings of the 2nd Usenix Conference on Web Application Development (WebApps 2011) (2011)"},{"key":"14_CR25","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-33167-1_1","volume-title":"ESORICS 2012","author":"E Fragkaki","year":"2012","unstructured":"Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing Android\u2019s permission system. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 1\u201318. Springer, Heidelberg (2012)"},{"key":"14_CR26","unstructured":"Gibler, C., Crussel, J., Erickson, J., Chen, H.: AndroidLeaks: Detecting Privacy Leaks in Android Applications. Technical Report CSE-2011-10, University of California, Davis (2011)"},{"key":"14_CR27","doi-asserted-by":"crossref","unstructured":"Gilbert, P., Chun, B.G., Cox, L.P., Jung, J.: Vision: automated security validation of mobile apps at app markets. In: Proceedings of the 2nd International Workshop on Mobile Cloud Computing and Services (MCS 2011) (2011)","DOI":"10.1145\/1999732.1999740"},{"key":"14_CR28","unstructured":"Google Play. https:\/\/play.google.com\/store (2012)"},{"key":"14_CR29","unstructured":"Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock Android smartphones. In: Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS 2012) (2012)"},{"key":"14_CR30","unstructured":"Gruver, B.: Smali: a assembler\/disassembler for Android\u2019s dex format. http:\/\/code.google.com\/p\/smali\/"},{"key":"14_CR31","doi-asserted-by":"crossref","unstructured":"Hamlen, K.W., Jones, M.: Aspect-oriented in-lined reference monitors. In: Proceedings of the 3rd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS 2008), pp. 11\u201320 (2008)","DOI":"10.1145\/1375696.1375699"},{"key":"14_CR32","unstructured":"Hamlen, K.W., Jones, M.M., Sridhar, M.: Chekov: Aspect-Oriented Runtime Monitor Certification via Model-Checking. Technical Report UTDCS-16-11, University of Texas at Dallas (May 2011)"},{"key":"14_CR33","doi-asserted-by":"crossref","unstructured":"Hamlen, K.W., Morrisett, G., Schneider, F.B.: Certified in-lined reference monitoring on.NET. In: Proceedings of the 1st ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS 2006), pp. 7\u201316 (2006)","DOI":"10.1145\/1134744.1134748"},{"key":"14_CR34","unstructured":"Heise: SRT AppGuard. http:\/\/www.heise.de\/download\/srt-appguard-pro-1187469.html"},{"key":"14_CR35","doi-asserted-by":"crossref","unstructured":"Jeon, J., Micinski, K.K., Vaughan, J.A., Reddy, N., Zhu, Y., Foster, J.S., Millstein, T.: Dr. Android and Mr. Hide: Fine-Grained Security Policies on Unmodified Android. Technical Report CS-TR-5006, University of Maryland (December 2011)","DOI":"10.1145\/2381934.2381938"},{"key":"14_CR36","unstructured":"K\u00f6nings, B., Nickels, J., Schaub, F.: Catching AuthTokens in the Wild - The Insecurity of Google\u2019s ClientLogin Protocol. Technical Report, Ulm University. http:\/\/www.uni-ulm.de\/in\/mi\/mi-mitarbeiter\/koenings\/catching-authtokens.html (2011)"},{"issue":"1\u20132","key":"14_CR37","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1007\/s10207-004-0046-8","volume":"4","author":"J Ligatti","year":"2005","unstructured":"Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Secur. 4(1\u20132), 2\u201316 (2005)","journal-title":"Int. J. Inf. Secur."},{"key":"14_CR38","doi-asserted-by":"crossref","unstructured":"Nauman, M., Khan, S., Zhang, X.: Apex: extending Android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communication Security (ASIACCS 2010), pp. 328\u2013332 (2010)","DOI":"10.1145\/1755688.1755732"},{"key":"14_CR39","doi-asserted-by":"crossref","unstructured":"Ongtang, M., Butler, K.R.B., McDaniel, P.D.: Porscha: policy oriented secure content handling in Android. In: Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC 2010), pp. 221\u2013230 (2010)","DOI":"10.1145\/1920261.1920295"},{"key":"14_CR40","doi-asserted-by":"crossref","unstructured":"Ongtang, M., McLaughlin, S.E., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. In: Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC 2009), pp. 340\u2013349 (2009)","DOI":"10.1109\/ACSAC.2009.39"},{"key":"14_CR41","doi-asserted-by":"crossref","unstructured":"Portokalidis, G., Homburg, P., Anagnostakis, K., Bos, H.: Paranoid Andoird: versatile protection for smartphones. In: Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC 2010), pp. 347\u2013356 (2010)","DOI":"10.1145\/1920261.1920313"},{"key":"14_CR42","unstructured":"Sarno, D.: Twitter stores full iPhone contact list for 18 months, after scan. http:\/\/articles.latimes.com\/2012\/feb\/14\/business\/la-fi-tn-twitter-contacts-20120214 (February 2012)"},{"issue":"1","key":"14_CR43","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1145\/353323.353382","volume":"3","author":"FB Schneider","year":"2000","unstructured":"Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30\u201350 (2000)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"14_CR44","series-title":"LNCS","first-page":"33","volume-title":"ESSoS 2013","author":"P von Styp-Rekowsky","year":"2013","unstructured":"von Styp-Rekowsky, P., Gerling, S., Backes, M., Hammer, C.: Idea: callee-site rewriting of sealed system libraries. In: J\u00fcrjens, J., Livshits, B., Scandariato, R. (eds.) ESSoS 2013. LNCS, vol. 7781, pp. 33\u201341. Springer, Heidelberg (2013)"},{"key":"14_CR45","unstructured":"Xu, R., Sa\u00efdi, H., Anderson, R.: Aurasium - practical policy enforcement for Android applications. In: Proceedings of the 21st Usenix Security Symposium (2012)"},{"key":"14_CR46","unstructured":"Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets. In: Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS 2012) (February 2012)"}],"container-title":["Lecture Notes in Computer Science","Data Privacy Management and Autonomous Spontaneous Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-54568-9_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,2]],"date-time":"2025-05-02T03:30:34Z","timestamp":1746156634000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-642-54568-9_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783642545672","9783642545689"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-54568-9_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]},"assertion":[{"value":"21 March 2014","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}