{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T03:52:06Z","timestamp":1760586726960},"reference-count":38,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2014,9,12]],"date-time":"2014-09-12T00:00:00Z","timestamp":1410480000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Autom Softw Eng"],"published-print":{"date-parts":[[2015,9]]},"DOI":"10.1007\/s10515-014-0166-y","type":"journal-article","created":{"date-parts":[[2014,9,11]],"date-time":"2014-09-11T13:45:51Z","timestamp":1410443151000},"page":"333-366","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["User-aware privacy control via extended static-information-flow analysis"],"prefix":"10.1007","volume":"22","author":[{"given":"Xusheng","family":"Xiao","sequence":"first","affiliation":[]},{"given":"Nikolai","family":"Tillmann","sequence":"additional","affiliation":[]},{"given":"Manuel","family":"Fahndrich","sequence":"additional","affiliation":[]},{"given":"Jonathan","family":"de Halleux","sequence":"additional","affiliation":[]},{"given":"Michal","family":"Moskal","sequence":"additional","affiliation":[]},{"given":"Tao","family":"Xie","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2014,9,12]]},"reference":[{"key":"166_CR1","doi-asserted-by":"crossref","unstructured":"Askarov, A., Myers, A.: A semantic framework for declassification and endorsement. Programming Languages and Systems. LNCS, vol. 6012, pp. 64\u201384. Springer, Heidelberg (2010)","DOI":"10.1007\/978-3-642-11957-6_5"},{"key":"166_CR2","doi-asserted-by":"crossref","unstructured":"Budi, A., Lo, D., Jiang, L., Lucia: Kb-anonymity: a model for anonymized behaviour-preserving test and debugging data. In: Proceedings of PLDI, pp. 447\u2013457 (2011)","DOI":"10.1145\/1993316.1993551"},{"key":"166_CR3","doi-asserted-by":"crossref","unstructured":"Castro, M., Costa, M., Martin, J.-P.: Better bug reporting with better privacy. In: Proceedings of ASPLOS, pp. 319\u2013328 (2008)","DOI":"10.1145\/1346281.1346322"},{"key":"166_CR4","doi-asserted-by":"crossref","unstructured":"Clause, J., Orso, A.: Camouflage: automated anonymization of field data. In: Proceedings of ICSE, pp. 21\u201330 (2011)","DOI":"10.1145\/1985793.1985797"},{"key":"166_CR5","doi-asserted-by":"crossref","unstructured":"Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238\u2013252 (1977)","DOI":"10.1145\/512950.512973"},{"key":"166_CR6","doi-asserted-by":"crossref","first-page":"236","DOI":"10.1145\/360051.360056","volume":"19","author":"DE Denning","year":"1976","unstructured":"Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19, 236\u2013243 (1976)","journal-title":"Commun. ACM"},{"key":"166_CR7","doi-asserted-by":"crossref","first-page":"504","DOI":"10.1145\/359636.359712","volume":"20","author":"DE Denning","year":"1977","unstructured":"Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20, 504\u2013513 (1977)","journal-title":"Commun. ACM"},{"key":"166_CR8","unstructured":"Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS: detecting privacy leaks in iOS applications. In: Proceedings of NDSS (2011)"},{"key":"166_CR9","doi-asserted-by":"crossref","unstructured":"Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of OSDI, pp. 1\u20136 (2010)","DOI":"10.1145\/2619091"},{"key":"166_CR10","unstructured":"Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of USENIX Security Symposium (2011)"},{"key":"166_CR11","doi-asserted-by":"crossref","unstructured":"Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of CCS, pp. 235\u2013245 (2009)","DOI":"10.1145\/1653662.1653691"},{"key":"166_CR12","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of CCS (2011)","DOI":"10.1145\/2046707.2046779"},{"key":"166_CR13","doi-asserted-by":"crossref","unstructured":"Felt, A. P., Finifter, M., Chin, E., Hanna, S., and Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of SPSM, pp. 3\u201314 (2011)","DOI":"10.1145\/2046614.2046618"},{"key":"166_CR14","unstructured":"Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Proceedings of WebApps (2011)"},{"key":"166_CR15","doi-asserted-by":"crossref","first-page":"319","DOI":"10.1145\/24039.24041","volume":"9","author":"J Ferrante","year":"1987","unstructured":"Ferrante, J., Ottenstein, K.J.: The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst. 9, 319\u2013349 (1987)","journal-title":"ACM Trans. Program. Lang. Syst."},{"key":"166_CR16","doi-asserted-by":"crossref","unstructured":"Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J.: Vision: automated security validation of mobile apps at app markets. In: Proceedings of MCS, pp. 21\u201326 (2011)","DOI":"10.1145\/1999732.1999740"},{"key":"166_CR17","doi-asserted-by":"crossref","unstructured":"Grechanik, M., Csallner, C., Fu, C., Xie, Q.: Is data privacy always good for software testing? In: Proceedings of ISSRE, pp. 368\u2013377 (2010)","DOI":"10.1109\/ISSRE.2010.13"},{"key":"166_CR18","doi-asserted-by":"crossref","unstructured":"Heintze, N., Riecke, J.G.: The SLam calculus: Programming with secrecy and integrity. In: Proceedings of POPL, pp. 365\u2013377 (1998)","DOI":"10.1145\/268946.268976"},{"key":"166_CR19","doi-asserted-by":"crossref","unstructured":"Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren\u2019t the droids you\u2019re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of CCS, pp. 639\u2013652 (2011)","DOI":"10.1145\/2046707.2046780"},{"key":"166_CR20","unstructured":"Howard, F.: Malware with your mocha: obfuscation and anti-emulation tricks inmalicious javascript. http:\/\/www.sophos.com\/security\/technical-papers\/malware_with_your_mocha.pdf . Accessed Sept 2011"},{"key":"166_CR21","unstructured":"Kang, M.G., McCamant, S., Poosankam, P., Song, D.: DTA++: Dynamic taint analysis with targeted control-flow propagation. In: Proceedings of NDSS, San Diego, CA, February (2011)"},{"key":"166_CR22","doi-asserted-by":"crossref","unstructured":"Li, S., Xie, T., Tillmann, N.: A comprehensive field study of end-user programming on mobile devices. In: Proceedings of VL\/HCC (2013)","DOI":"10.1109\/VLHCC.2013.6645242"},{"key":"166_CR23","unstructured":"MICROSOFT: What is user account control? http:\/\/windows.microsoft.com\/en-US\/windows-vista\/What-is-User-Account-Control (2011)"},{"key":"166_CR24","doi-asserted-by":"crossref","unstructured":"Myers, A.C.: JFlow: practical mostly-static information flow control. In: Proceedings of POPL, pp. 228\u2013241 (1999)","DOI":"10.1145\/292540.292561"},{"issue":"4","key":"166_CR25","doi-asserted-by":"crossref","first-page":"410","DOI":"10.1145\/363516.363526","volume":"9","author":"AC Myers","year":"2000","unstructured":"Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol. 9(4), 410\u2013442 (2000)","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"166_CR26","doi-asserted-by":"crossref","unstructured":"Roesner, F.: User-driven access control: a new model for granting permissions in modern operating systems. Qualifying Examination Project, University of Washington, June (2011)","DOI":"10.1109\/SP.2012.24"},{"key":"166_CR27","doi-asserted-by":"crossref","unstructured":"Roy, I., Porter, D.E., Bond, M.D., Mckinley, K.S., Witchel, E.: Laminar: practical fine-grained decentralized information flow control. In: Proceedings of PLDI, pp. 63\u201374 (2009)","DOI":"10.1145\/1542476.1542484"},{"key":"166_CR28","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/JSAC.2002.806121","volume":"21","author":"A Sabelfeld","year":"2002","unstructured":"Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Select. Areas Commun. 21, 5\u201319 (2002)","journal-title":"IEEE J. Select. Areas Commun."},{"key":"166_CR29","doi-asserted-by":"crossref","unstructured":"Saltzer, J. H., Schroeder, M. D.: The protection of information in computer systems. In: Proceedings of the IEEE, pp. 1278\u20131308 (1975)","DOI":"10.1109\/PROC.1975.9939"},{"key":"166_CR30","doi-asserted-by":"crossref","unstructured":"Shieh, S.-P., Gligor, V. D.: Auditing the use of covert storage channels in secure systems. In: Proceedings of Oakland, pp. 285\u2013295 (1990)","DOI":"10.1109\/RISP.1990.63858"},{"key":"166_CR31","doi-asserted-by":"crossref","unstructured":"Taneja, K., Grechanik, M., Ghani, R., Xie, T.: Testing software in age of data privacy: a balancing act. In: Proceedings of ESEC\/FSE, pp. 201\u2013211 (2011)","DOI":"10.1145\/2025113.2025143"},{"key":"166_CR32","doi-asserted-by":"crossref","unstructured":"Tillmann, N., Moskal, M., de Halleux, J.: Touchdevelop - programming cloud-connected mobile devices via touchscreen. Microsoft Technical Report MSR-TR-2011-49 (2011)","DOI":"10.1145\/2048237.2048245"},{"key":"166_CR33","unstructured":"TouchDevelop. http:\/\/research.microsoft.com\/en-us\/projects\/touchdevelop\/ (2011). Accessed 21 Aug 2014"},{"key":"166_CR34","unstructured":"Vidas, T., Christin, N., Cranor, L.: Curbing Android permission creep. In: Proceedings of W2SP, Oakland, CA, May (2011)"},{"key":"166_CR35","unstructured":"Wetherall, D., Choffnes, D., Greenstein, B., Han, S., Hornyack, P., Jung, J., Schechter, S., Wang, X.: Privacy revelations for web and mobile apps. In: Proceedings of HotOS, pp. 21\u201321, Berkeley, CA, USA (2011). USENIX Association."},{"key":"166_CR36","doi-asserted-by":"crossref","unstructured":"Xiao, X., Tillmann, N., F\u00e4hndrich, M., de Halleux, J., Moskal, M.: User-aware privacy control via extended static-information-flow analysis. In: Proceedings of ASE, pp. 80\u201389 (2012)","DOI":"10.1145\/2351676.2351689"},{"key":"166_CR37","unstructured":"Xie, Y., Aiken, A.: Static detection of security vulnerabilities in scripting languages. In: Proceedings of USENIX Security (2006)"},{"key":"166_CR38","doi-asserted-by":"crossref","unstructured":"Zhu, D.Y., Jung, J., Song, D., Kohno, T., Wetherall, D.: TaintEraser: Protecting sensitive data leaks using application-level taint tracking, pp. 142\u2013154. SIGOPS Operating Systems Review (2011)","DOI":"10.1145\/1945023.1945039"}],"container-title":["Automated Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10515-014-0166-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10515-014-0166-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10515-014-0166-y","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,16]],"date-time":"2022-04-16T22:06:58Z","timestamp":1650146818000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10515-014-0166-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,9,12]]},"references-count":38,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2015,9]]}},"alternative-id":["166"],"URL":"https:\/\/doi.org\/10.1007\/s10515-014-0166-y","relation":{},"ISSN":["0928-8910","1573-7535"],"issn-type":[{"value":"0928-8910","type":"print"},{"value":"1573-7535","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,9,12]]}}}