{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T20:25:45Z","timestamp":1770323145318,"version":"3.49.0"},"reference-count":26,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2019,4,15]],"date-time":"2019-04-15T00:00:00Z","timestamp":1555286400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100000266","name":"Engineering and Physical Sciences Research Council","doi-asserted-by":"publisher","award":["EP\/M029263\/1"],"award-info":[{"award-number":["EP\/M029263\/1"]}],"id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecur"],"published-print":{"date-parts":[[2019,12]]},"DOI":"10.1186\/s42400-019-0031-1","type":"journal-article","created":{"date-parts":[[2019,4,16]],"date-time":"2019-04-16T11:03:07Z","timestamp":1555412587000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Creeper: a tool for detecting permission creep in file system access controls"],"prefix":"10.1186","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1747-9914","authenticated-orcid":false,"given":"Simon","family":"Parkinson","sequence":"first","affiliation":[]},{"given":"Saad","family":"Khan","sequence":"additional","affiliation":[]},{"given":"James","family":"Bray","sequence":"additional","affiliation":[]},{"given":"Daiyaan","family":"Shreef","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,4,15]]},"reference":[{"key":"31_CR1","unstructured":"Aas, K., Eikvil L. (1999) Text categorisation: A survey. Technical Report 941, Norwegian Computing Center."},{"key":"31_CR2","unstructured":"Agarwal, B., Bhagwan R., Das T., Eswaran S., Padmanabhan V. N., Voelker G. M. (2009) Netprints: Diagnosing home network misconfigurations using shared knowledge In: Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2009, 16.. USENIX Association 2009."},{"key":"31_CR3","volume-title":"Chi-squared Goodness of Fit Tests with Applications","author":"N. Balakrishnan","year":"2013","unstructured":"Balakrishnan, N., Voinov V., Nikulin M. S. (2013) Chi-squared Goodness of Fit Tests with Applications. Elsevier Science, Amsterdam."},{"issue":"6","key":"31_CR4","doi-asserted-by":"publisher","first-page":"617","DOI":"10.1109\/TSE.2014.2322867","volume":"40","author":"A. Bartel","year":"2014","unstructured":"Bartel, A., Klein J., Monperrus M., Le Traon Y. (2014) Static analysis for extracting permission checks of a large scale framework: The challenges and solutions for analyzing android. IEEE Trans Softw Eng 40(6):617\u2013632.","journal-title":"IEEE Trans Softw Eng"},{"issue":"1","key":"31_CR5","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1145\/1952982.1952984","volume":"14","author":"L. Bauer","year":"2011","unstructured":"Bauer, L., Garriss S., Reiter M. K. (2011) Detecting and resolving policy misconfigurations in access-control systems. ACM Trans Inf Syst Secur (TISSEC) 14(1):2.","journal-title":"ACM Trans Inf Syst Secur (TISSEC)"},{"key":"31_CR6","volume-title":"Access Control Systems: Security, Identity Management and Trust Models","author":"M. Benantar","year":"2006","unstructured":"Benantar, M. (2006) Access Control Systems: Security, Identity Management and Trust Models. 1st edn. Springer, Cham."},{"key":"31_CR7","first-page":"161","volume-title":"USENIX Security Symposium","author":"T. Das","year":"2010","unstructured":"Das, T., Bhagwan R., Naldurg P. (2010) Baaz: A system for detecting access control misconfigurations In: USENIX Security Symposium, 161\u2013176.. USENIX Association, Washington DC."},{"issue":"5","key":"31_CR8","doi-asserted-by":"publisher","first-page":"397","DOI":"10.1002\/spe.513","volume":"33","author":"S. De Capitani di Vimercati","year":"2003","unstructured":"De Capitani di Vimercati, S., Paraboschi S., Samarati P. (2003) Access control: principles and solutions. Softw: Pract Experience 33(5):397\u2013421. https:\/\/doi.org\/10.1002\/spe.513 .","journal-title":"Softw: Pract Experience"},{"key":"31_CR9","doi-asserted-by":"publisher","first-page":"205","DOI":"10.1016\/j.cose.2014.02.007","volume":"43","author":"Z. Fang","year":"2014","unstructured":"Fang, Z., Han W., Li Y. (2014) Permission based android security: Issues and countermeasures. Comput Secur 43:205\u2013218.","journal-title":"Comput Secur"},{"key":"31_CR10","volume-title":"A Guide to Chi-squared Testing, vol 280","author":"P. E. Greenwood","year":"1996","unstructured":"Greenwood, P. E. (1996) A Guide to Chi-squared Testing, vol 280. Wiley, Hoboken."},{"issue":"1","key":"31_CR11","first-page":"186","volume":"7","author":"G. F. Jenks","year":"1967","unstructured":"Jenks, G. F. (1967) The data model concept in statistical mapping. Int Yearb Cartogr 7(1):186\u2013190.","journal-title":"Int Yearb Cartogr"},{"key":"31_CR12","doi-asserted-by":"crossref","unstructured":"Noseevich, G., Petukhov A. (2011) Detecting insufficient access control in web applications In: SysSec Workshop (SysSec), 2011 First, 11\u201318.. IEEE.","DOI":"10.1109\/SysSec.2011.28"},{"key":"31_CR13","first-page":"8","volume-title":"USENIX Security Symposium","author":"X. Ou","year":"2005","unstructured":"Ou, X., Govindavajhala S., Appel A. W. (2005) Mulval: A logic-based network security analyzer In: USENIX Security Symposium, 8\u20138.. USENIX Association is the Advanced Computing Systems Association, Baltimore."},{"issue":"7","key":"31_CR14","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1016\/S1353-4858(17)30069-7","volume":"2017","author":"S. Parkinson","year":"2017","unstructured":"Parkinson, S. (2017) Use of access control to minimise ransomware impact. Netw Secur 2017(7):5\u20138.","journal-title":"Netw Secur"},{"key":"31_CR15","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1016\/j.jisa.2016.04.004","volume":"30","author":"S. Parkinson","year":"2016","unstructured":"Parkinson, S., Crampton A. (2016) Identification of irregularities and allocation suggestion of relative file system permissions. J Inf Secur Appl 30:27\u201339. https:\/\/doi.org\/10.1016\/j.jisa.2016.04.004 .","journal-title":"J Inf Secur Appl"},{"key":"31_CR16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-92624-7","volume-title":"Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. Computer Communications and Networks","author":"S. Parkinson","year":"2018","unstructured":"Parkinson, S., Crampton A., Hill R. (2018) Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. Computer Communications and Networks. Springer, Cham. https:\/\/doi.org\/10.1007\/978-3-319-92624-7 ."},{"key":"31_CR17","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1016\/j.eswa.2016.02.027","volume":"55","author":"S. Parkinson","year":"2016","unstructured":"Parkinson, S., Somaraki V., Ward R. (2016) Auditing file system permissions using association rule mining. Expert Syst Appl 55:274\u2013283. https:\/\/doi.org\/10.1016\/j.eswa.2016.02.027 .","journal-title":"Expert Syst Appl"},{"key":"31_CR18","volume-title":"Security in Computing","author":"C. P. Pfleeger","year":"2002","unstructured":"Pfleeger, C. P., Pfleeger S. L. (2002) Security in Computing. 4th edn.. Prentice Hall Professional Technical Reference, Upper Saddle River."},{"issue":"2","key":"31_CR19","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1109\/2.485845","volume":"29","author":"R. S. Sandhu","year":"1996","unstructured":"Sandhu, R. S., Coyne E. J., Feinstein H. L., Youman C. E. (1996) Role-based access control models. Computer 29(2):38\u201347.","journal-title":"Computer"},{"issue":"6","key":"31_CR20","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1147\/JRD.2013.2284403","volume":"57","author":"D. Sb\u00eerlea","year":"2013","unstructured":"Sb\u00eerlea, D., Burke M. G., Guarnieri S., Pistoia M., Sarkar V. (2013) Automatic detection of inter-application permission leaks in android applications. IBM J Res Dev 57(6):10\u20131.","journal-title":"IBM J Res Dev"},{"issue":"1","key":"31_CR21","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1007\/s10207-016-0317-1","volume":"16","author":"R. A. Shaikh","year":"2017","unstructured":"Shaikh, R. A., Adi K., Logrippo L. (2017) A data classification method for inconsistency and incompleteness detection in access control policy sets. Int J Inf Secur 16(1):91\u2013113.","journal-title":"Int J Inf Secur"},{"key":"31_CR22","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1145\/2884781.2884855","volume-title":"Proceedings of the 38th International Conference on Software Engineering","author":"R. Slavin","year":"2016","unstructured":"Slavin, R., Wang X., Hosseini M. B., Hester J., Krishnan R., Bhatia J., Breaux T. D., Niu J. (2016) Toward a framework for detecting privacy policy violations in android application code In: Proceedings of the 38th International Conference on Software Engineering, 25\u201336.. ACM, New York."},{"key":"31_CR23","first-page":"91","volume":"2","author":"T. Vidas","year":"2011","unstructured":"Vidas, T., Christin N., Cranor L. (2011) Curbing android permission creep. Proc Web 2:91\u201396.","journal-title":"Proc Web"},{"key":"31_CR24","unstructured":"Yang, Y., Pedersen J. O. (1997) A comparative study on feature selection in text categorization In: International Conference on Machine Learning (ICML), 412\u2013420."},{"issue":"2","key":"31_CR25","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1002\/qre.392","volume":"17","author":"N. Ye","year":"2001","unstructured":"Ye, N., Chen Q. (2001) An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems. Qual Reliab Eng Int 17(2):105\u2013112. https:\/\/doi.org\/10.1002\/qre.392 .","journal-title":"Qual Reliab Eng Int"},{"key":"31_CR26","doi-asserted-by":"crossref","first-page":"370","DOI":"10.1007\/11538059_39","volume":"3644","author":"Y. Yuan","year":"2005","unstructured":"Yuan, Y., Huang T. (2005) A matrix algorithm for mining association rules. Adv Intell Comput 3644:370\u2013379.","journal-title":"Adv Intell Comput"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-019-0031-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s42400-019-0031-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-019-0031-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,16]],"date-time":"2022-09-16T02:05:00Z","timestamp":1663293900000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-019-0031-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,4,15]]},"references-count":26,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,12]]}},"alternative-id":["31"],"URL":"https:\/\/doi.org\/10.1186\/s42400-019-0031-1","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,4,15]]},"assertion":[{"value":"11 May 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 March 2019","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 April 2019","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that they have no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}},{"value":"Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Publisher\u2019s Note"}}],"article-number":"14"}}