The role of the adversary model in applied security research
Q Do, B Martini, KKR Choo - Computers & Security, 2019 - Elsevier
Adversary models have been integral to the design of provably-secure cryptographic
schemes or protocols. However, their use in other computer science research disciplines is …
schemes or protocols. However, their use in other computer science research disciplines is …
[PDF][PDF] What Mobile Ads Know About Mobile Users.
We analyze the software stack of popular mobile advertising libraries on Android and
investigate how they protect the users of advertising-supported apps from malicious …
investigate how they protect the users of advertising-supported apps from malicious …
[PDF][PDF] Automated generation of event-oriented exploits in android hybrid apps
Recently more and more Android apps integrate the embedded browser, known as
“WebView”, to render web pages and run JavaScript code without leaving these apps …
“WebView”, to render web pages and run JavaScript code without leaving these apps …
Study and mitigation of origin stripping vulnerabilities in hybrid-postmessage enabled mobile applications
PostMessage is popular in HTML5 based web apps to allow the communication between
different origins. With the increasing popularity of the embedded browser (ie, WebView) in …
different origins. With the increasing popularity of the embedded browser (ie, WebView) in …
Understanding open ports in Android applications: Discovery, diagnosis, and security assessment
Open TCP/UDP ports are traditionally used by servers to provide application services, but
they are also found in many Android apps. In this paper, we present the first open-port …
they are also found in many Android apps. In this paper, we present the first open-port …
Component Security Ten Years Later: An Empirical Study of Cross-Layer Threats in Real-World Mobile Applications
Nowadays, mobile apps have greatly facilitated our daily work and lives. They are often
designed to work closely and interact with each other through app components for data and …
designed to work closely and interact with each other through app components for data and …
Towards understanding Android system vulnerabilities: techniques and insights
As a common platform for pervasive devices, Android has been targeted by numerous
attacks that exploit vulnerabilities in its apps and the operating system. Compared to app …
attacks that exploit vulnerabilities in its apps and the operating system. Compared to app …
Precisely and scalably vetting javascript bridge in android hybrid apps
In this paper, we propose a novel system, named BridgeScope, for precise and scalable
vetting of JavaScript Bridge security issues in Android hybrid apps. BridgeScope is flexible …
vetting of JavaScript Bridge security issues in Android hybrid apps. BridgeScope is flexible …
On the usability (in) security of in-app browsing interfaces in mobile apps
Z Zhang - Proceedings of the 24th international symposium on …, 2021 - dl.acm.org
Due to the frequent encountering of web URLs in various application scenarios (eg, chatting
and email reading), many mobile apps build their in-app browsing interfaces (IABIs) to …
and email reading), many mobile apps build their in-app browsing interfaces (IABIs) to …
When program analysis meets bytecode search: Targeted and efficient inter-procedural analysis of modern Android apps in BackDroid
Widely-used Android static program analysis tools, eg, Amandroid and FlowDroid, perform
the whole-app inter-procedural analysis that is comprehensive but fundamentally difficult to …
the whole-app inter-procedural analysis that is comprehensive but fundamentally difficult to …