{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T18:03:13Z","timestamp":1769104993702,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":64,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,11,3]],"date-time":"2014-11-03T00:00:00Z","timestamp":1414972800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["FA8750-12-2-0107"],"award-info":[{"award-number":["FA8750-12-2-0107"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,11,3]]},"DOI":"10.1145\/2660267.2660343","type":"proceedings-article","created":{"date-parts":[[2014,11,11]],"date-time":"2014-11-11T13:40:05Z","timestamp":1415713205000},"page":"1092-1104","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":60,"title":["Collaborative Verification of Information Flow for a High-Assurance App Store"],"prefix":"10.1145","author":[{"given":"Michael D.","family":"Ernst","sequence":"first","affiliation":[{"name":"University of Washington, Seattle, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ren\u00e9","family":"Just","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Suzanne","family":"Millstein","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Werner","family":"Dietl","sequence":"additional","affiliation":[{"name":"University of Waterloo, Waterloo, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stuart","family":"Pernsteiner","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Franziska","family":"Roesner","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Karl","family":"Koscher","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paulo Barros","family":"Barros","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ravi","family":"Bhoraskar","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Seungyeop","family":"Han","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paul","family":"Vines","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Edward X.","family":"Wu","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2014,11,3]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2462456.2464460"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.22"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382222"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.20"},{"key":"e_1_3_2_1_6_1","volume-title":"First instance of iOS app store malware detected, removed","author":"Bonnington C.","year":"2012","unstructured":"C. Bonnington . First instance of iOS app store malware detected, removed , 2012 . http:\/\/www.wired.com\/gadgetlab\/2012\/07\/firstios-malware-found\/. C. Bonnington. First instance of iOS app store malware detected, removed, 2012. http:\/\/www.wired.com\/gadgetlab\/2012\/07\/firstios-malware-found\/."},{"key":"e_1_3_2_1_7_1","volume-title":"The Mythical Man-Month: Essays on Software Engineering","author":"Brooks F. P.","year":"1975","unstructured":"F. P. Brooks , Jr. The Mythical Man-Month: Essays on Software Engineering . Addison-Wesley , Boston, MA, USA , 1975 . F. P. Brooks, Jr. The Mythical Man-Month: Essays on Software Engineering. Addison-Wesley, Boston, MA, USA, 1975."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"e_1_3_2_1_9_1","volume-title":"USENIX Security","author":"Chong S.","year":"2007","unstructured":"S. Chong , K. Vikram , and A. C. Myers . SIF: Enforcing confidentiality and integrity in web applications . In USENIX Security , 2007 . S. Chong, K. Vikram, and A. C. Myers. SIF: Enforcing confidentiality and integrity in web applications. In USENIX Security, 2007."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/360051.360056"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/359636.359712"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985889"},{"key":"e_1_3_2_1_13_1","volume-title":"NDSS","author":"Egele M.","year":"2011","unstructured":"M. Egele , C. Kruegel , E. Kirdaz , and G. Vigna . PiOS: Detecting privacy leaks in iOS applications . In NDSS , 2011 . M. Egele, C. Kruegel, E. Kirdaz, and G. Vigna. PiOS: Detecting privacy leaks in iOS applications. In NDSS, 2011."},{"key":"e_1_3_2_1_14_1","volume-title":"OSDI","author":"Enck W.","year":"2010","unstructured":"W. Enck , P. Gilbert , B.-G. Chun , L. P. Cox , J. Jung , P. McDaniel , and A. N. Sheth . TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones . In OSDI , 2010 . W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI, 2010."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382288"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046618"},{"key":"e_1_3_2_1_18_1","first-page":"130","volume-title":"Providing flexibility in information flow control for object-oriented systems","author":"Ferrari E.","year":"1997","unstructured":"E. Ferrari , P. Samarati , E. Bertino , and S. Jajodia . Providing flexibility in information flow control for object-oriented systems . In IEEE S &P, pages 130 -- 140 , 1997 . E. Ferrari, P. Samarati, E. Bertino, and S. Jajodia. Providing flexibility in information flow control for object-oriented systems. In IEEE S&P, pages 130--140, 1997."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30921-2_17"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568276"},{"key":"e_1_3_2_1_21_1","volume-title":"NDSS","author":"Grace M.","year":"2012","unstructured":"M. Grace , Y. Zhou , Z. Wang , and X. Jiang . Systematic detection of capability leaks in stock Android smartphones . In NDSS , 2012 . M. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic detection of capability leaks in stock Android smartphones. In NDSS, 2012."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2307636.2307663"},{"key":"e_1_3_2_1_23_1","unstructured":"A. Greenberg. iPhone security bug lets innocent-looking apps go bad. http:\/\/www.forbes.com\/sites\/andygreenberg\/2011\/11\/07\/iphone-security-bug-lets-innocentlooking-apps-go-bad\/ 2011.  A. Greenberg. iPhone security bug lets innocent-looking apps go bad. http:\/\/www.forbes.com\/sites\/andygreenberg\/2011\/11\/07\/iphone-security-bug-lets-innocentlooking-apps-go-bad\/ 2011."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.36"},{"key":"e_1_3_2_1_25_1","first-page":"87","volume-title":"ISSSE","author":"Hammer C.","year":"2006","unstructured":"C. Hammer , J. Krinke , and G. Snelting . Information flow control for java based on path conditions in dependence graphs . In ISSSE , pages 87 -- 96 , 2006 . C. Hammer, J. Krinke, and G. Snelting. Information flow control for java based on path conditions in dependence graphs. In ISSSE, pages 87--96, 2006."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046780"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988679"},{"key":"e_1_3_2_1_28_1","unstructured":"M. Isaac. Android malware found in angry birds add-on apps. http:\/\/www.wired.com\/2011\/06\/android-malwareangry-birds\/ 2011.  M. Isaac. Android malware found in angry birds add-on apps. http:\/\/www.wired.com\/2011\/06\/android-malwareangry-birds\/ 2011."},{"key":"e_1_3_2_1_29_1","volume-title":"Addison-Wesley","author":"Jones C.","year":"2011","unstructured":"C. Jones . The Economics of Software Quality . Addison-Wesley , 2011 . C. Jones. The Economics of Software Quality. Addison-Wesley, 2011."},{"key":"e_1_3_2_1_30_1","volume-title":"NDSS","author":"Kang M. G.","year":"2011","unstructured":"M. G. Kang , S. McCamant , P. Poosankam , and D. Song . DTA++: Dynamic taint analysis with targeted control-flow propagation . In NDSS , 2011 . M. G. Kang, S. McCamant, P. Poosankam, and D. Song. DTA++: Dynamic taint analysis with targeted control-flow propagation. In NDSS, 2011."},{"key":"e_1_3_2_1_31_1","unstructured":"M. Kassner. Google Play: Android's Bouncer can be pwned. http:\/\/www.techrepublic.com\/blog\/it-security\/- google-play-androids-bouncer-can-be-pwned\/ 2012.  M. Kassner. Google Play: Android's Bouncer can be pwned. http:\/\/www.techrepublic.com\/blog\/it-security\/- google-play-androids-bouncer-can-be-pwned\/ 2012."},{"key":"e_1_3_2_1_32_1","unstructured":"C. Kitching and L. McVoy. BK2CVS problem. http:\/\/lkml.indiana.edu\/hypermail\/linux\/kernel\/ 0311.0\/0635.html 2003.  C. Kitching and L. McVoy. BK2CVS problem. http:\/\/lkml.indiana.edu\/hypermail\/linux\/kernel\/ 0311.0\/0635.html 2003."},{"key":"e_1_3_2_1_33_1","unstructured":"D. Kravets. Android market apps hit with malware. http:\/\/www.wired.com\/2011\/03\/android-malware-2\/ 2011.  D. Kravets. Android market apps hit with malware. http:\/\/www.wired.com\/2011\/03\/android-malware-2\/ 2011."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_4"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.2006.13"},{"key":"e_1_3_2_1_37_1","volume-title":"NDSS","author":"Liu L.","year":"2012","unstructured":"L. Liu , X. Zhang , G. Yan , and S. Chen . Chrome extensions: Threat analysis and countermeasures . In NDSS , 2012 . L. Liu, X. Zhang, G. Yan, and S. Chen. Chrome extensions: Threat analysis and countermeasures. In NDSS, 2012."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2245276.2232009"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2004.17"},{"key":"e_1_3_2_1_40_1","volume-title":"Software Estimation: Demystifying the Black Art","author":"McConnell S.","year":"2006","unstructured":"S. McConnell . Software Estimation: Demystifying the Black Art . Microsoft Press , 2006 . S. McConnell. Software Estimation: Demystifying the Black Art. Microsoft Press, 2006."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2489804.2489809"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/292540.292561"},{"key":"e_1_3_2_1_43_1","unstructured":"A. C. Myers L. Zheng S. Zdancewic S. Chong and N. Nystrom. Jif: Java + information flow. http:\/\/www.cs.cornell.edu\/jif.  A. C. Myers L. Zheng S. Zdancewic S. Chong and N. Nystrom. Jif: Java + information flow. http:\/\/www.cs.cornell.edu\/jif."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/11863908_18"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.39"},{"key":"e_1_3_2_1_46_1","first-page":"527","volume-title":"USENIX Security","author":"Pandita R.","year":"2013","unstructured":"R. Pandita , X. Xiao , W. Yang , W. Enck , and T. Xie . WHYPER: Towards automating risk assessment of mobile applications . In USENIX Security , pages 527 -- 542 , 2013 . R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie. WHYPER: Towards automating risk assessment of mobile applications. In USENIX Security, pages 527--542, 2013."},{"key":"e_1_3_2_1_47_1","volume-title":"Black Hat USA","author":"Peroco N. J.","year":"2012","unstructured":"N. J. Peroco and S. Schulte . Adventures in BouncerLand . In Black Hat USA , 2012 . N. J. Peroco and S. Schulte. Adventures in BouncerLand. In Black Hat USA, 2012."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/503272.503302"},{"key":"e_1_3_2_1_49_1","volume-title":"https:\/\/www.appthority.com\/news\/androidmalware- makes-up-this-weeks-dangerous-apps-list","author":"Rashid F.","year":"2013","unstructured":"F. Rashid . Android malware makes up this week's dangerous apps list. https:\/\/www.appthority.com\/news\/androidmalware- makes-up-this-weeks-dangerous-apps-list , 2013 . F. Rashid. Android malware makes up this week's dangerous apps list. https:\/\/www.appthority.com\/news\/androidmalware- makes-up-this-weeks-dangerous-apps-list, 2013."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23039"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"key":"e_1_3_2_1_52_1","volume-title":"Malware in the amazon app store. https:\/\/www.securelist.com\/en\/blog\/208194054\/Malware_in_the_Amazon_App_Store","author":"Schouwenberg R.","year":"2012","unstructured":"R. Schouwenberg . Malware in the amazon app store. https:\/\/www.securelist.com\/en\/blog\/208194054\/Malware_in_the_Amazon_App_Store , 2012 . R. Schouwenberg. Malware in the amazon app store. https:\/\/www.securelist.com\/en\/blog\/208194054\/Malware_in_the_Amazon_App_Store, 2012."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1134744.1134758"},{"key":"e_1_3_2_1_54_1","volume-title":"http:\/\/blogs.msdn.com\/b\/philipsu\/archive\/2006\/06\/14\/631438.aspx","author":"Broken P. Su.","year":"2006","unstructured":"P. Su. Broken Windows theory. http:\/\/blogs.msdn.com\/b\/philipsu\/archive\/2006\/06\/14\/631438.aspx , 2006 . P. Su. Broken Windows theory. http:\/\/blogs.msdn.com\/b\/philipsu\/archive\/2006\/06\/14\/631438.aspx, 2006."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-27864-1_9"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1007\/11547662_24"},{"key":"e_1_3_2_1_57_1","volume-title":"W2SP","author":"Vidas T.","year":"2011","unstructured":"T. Vidas , N. Christin , and L. Cranor . Curbing Android permission creep . In W2SP , 2011 . T. Vidas, N. Christin, and L. Cranor. Curbing Android permission creep. In W2SP, 2011."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-1996-42-304"},{"key":"e_1_3_2_1_59_1","first-page":"559","volume-title":"USENIX Security","author":"Wang T.","year":"2013","unstructured":"T. Wang , K. Lu , L. Lu , S. Chung , and W. Lee . Jekyll on iOS: When benign apps become evil . In USENIX Security , pages 559 -- 572 , 2013 . T. Wang, K. Lu, L. Lu, S. Chung, and W. Lee. Jekyll on iOS: When benign apps become evil. In USENIX Security, pages 559--572, 2013."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2351676.2351689"},{"key":"e_1_3_2_1_61_1","volume-title":"USENIX Security","author":"Xu R.","year":"2012","unstructured":"R. Xu , H. Sa\u00efdi , and R. Anderson . Aurasium: Practical policy enforcement for Android applications . In USENIX Security , 2012 . R. Xu, H. Sa\u00efdi, and R. Anderson. Aurasium: Practical policy enforcement for Android applications. In USENIX Security, 2012."},{"key":"e_1_3_2_1_62_1","volume-title":"USENIX Security","author":"Yan L. K.","year":"2012","unstructured":"L. K. Yan and H. Yin . DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis . In USENIX Security , 2012 . L. K. Yan and H. Yin. DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In USENIX Security, 2012."},{"key":"e_1_3_2_1_63_1","first-page":"236","volume-title":"Using replication and partitioning to build secure distributed systems","author":"Zheng L.","year":"2003","unstructured":"L. Zheng , S. Chong , A. C. Myers , and S. Zdancewic . Using replication and partitioning to build secure distributed systems . In IEEE S &P, pages 236 -- 250 , 2003 . L. Zheng, S. Chong, A. C. Myers, and S. Zdancewic. Using replication and partitioning to build secure distributed systems. In IEEE S&P, pages 236--250, 2003."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.16"},{"key":"e_1_3_2_1_65_1","volume-title":"NDSS","author":"Zhou Y.","year":"2012","unstructured":"Y. Zhou , Z. Wang , W. Zhou , and X. Jiang . Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets . In NDSS , 2012 . Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets. In NDSS, 2012."}],"event":{"name":"CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security","location":"Scottsdale Arizona USA","acronym":"CCS'14","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660267.2660343","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2660267.2660343","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:56:10Z","timestamp":1750229770000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660267.2660343"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,11,3]]},"references-count":64,"alternative-id":["10.1145\/2660267.2660343","10.1145\/2660267"],"URL":"https:\/\/doi.org\/10.1145\/2660267.2660343","relation":{},"subject":[],"published":{"date-parts":[[2014,11,3]]},"assertion":[{"value":"2014-11-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}