The role of the adversary model in applied security research

Q Do, B Martini, KKR Choo - Computers & Security, 2019 - Elsevier
Adversary models have been integral to the design of provably-secure cryptographic
schemes or protocols. However, their use in other computer science research disciplines is …

[PDF][PDF] What Mobile Ads Know About Mobile Users.

S Son, D Kim, V Shmatikov - Ndss, 2016 - ndss-symposium.org
We analyze the software stack of popular mobile advertising libraries on Android and
investigate how they protect the users of advertising-supported apps from malicious …

[PDF][PDF] Automated generation of event-oriented exploits in android hybrid apps

G Yang, J Huang - Proc. of the Network and Distributed System Security …, 2018 - par.nsf.gov
Recently more and more Android apps integrate the embedded browser, known as
“WebView”, to render web pages and run JavaScript code without leaving these apps …

Study and mitigation of origin stripping vulnerabilities in hybrid-postmessage enabled mobile applications

G Yang, J Huang, G Gu… - 2018 IEEE Symposium on …, 2018 - ieeexplore.ieee.org
PostMessage is popular in HTML5 based web apps to allow the communication between
different origins. With the increasing popularity of the embedded browser (ie, WebView) in …

Understanding open ports in Android applications: Discovery, diagnosis, and security assessment

D Wu, D Gao, RKC Chang, E He, EKT Cheng… - 2019 - ink.library.smu.edu.sg
Open TCP/UDP ports are traditionally used by servers to provide application services, but
they are also found in many Android apps. In this paper, we present the first open-port …

Component Security Ten Years Later: An Empirical Study of Cross-Layer Threats in Real-World Mobile Applications

K Lian, L Zhang, G Yang, S Mao, X Wang… - Proceedings of the …, 2024 - dl.acm.org
Nowadays, mobile apps have greatly facilitated our daily work and lives. They are often
designed to work closely and interact with each other through app components for data and …

Towards understanding Android system vulnerabilities: techniques and insights

D Wu, D Gao, EKT Cheng, Y Cao, J Jiang… - Proceedings of the 2019 …, 2019 - dl.acm.org
As a common platform for pervasive devices, Android has been targeted by numerous
attacks that exploit vulnerabilities in its apps and the operating system. Compared to app …

Precisely and scalably vetting javascript bridge in android hybrid apps

G Yang, A Mendoza, J Zhang, G Gu - … Atlanta, GA, USA, September 18–20 …, 2017 - Springer
In this paper, we propose a novel system, named BridgeScope, for precise and scalable
vetting of JavaScript Bridge security issues in Android hybrid apps. BridgeScope is flexible …

On the usability (in) security of in-app browsing interfaces in mobile apps

Z Zhang - Proceedings of the 24th international symposium on …, 2021 - dl.acm.org
Due to the frequent encountering of web URLs in various application scenarios (eg, chatting
and email reading), many mobile apps build their in-app browsing interfaces (IABIs) to …

When program analysis meets bytecode search: Targeted and efficient inter-procedural analysis of modern Android apps in BackDroid

D Wu, D Gao, RH Deng, CR KC - 2021 51st Annual IEEE/IFIP …, 2021 - ieeexplore.ieee.org
Widely-used Android static program analysis tools, eg, Amandroid and FlowDroid, perform
the whole-app inter-procedural analysis that is comprehensive but fundamentally difficult to …