Search CORE

20,935 research outputs found

ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware

Author: Arzt Steven
Backes Michael
Backes Michael
Dalton Andrew
Enck William
Enck William
Felt Adrienne Porter
Grace Michael
Lam Patrick
McCoy Travis
Milian Mark
Ranger Steve
Shao Yuru
Spahn Riley
Tan Lin
Vallée-Rai Raja
Zhang Xiaolan
Publication venue
Publication date: 01/01/2019
Field of study

Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks. ACMiner combines program and text analysis techniques to generate a rich set of authorization checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks. In doing so, we demonstrate ACMiner's ability to help domain experts process thousands of authorization checks scattered across millions of lines of code

arXiv.org e-Print Archive

Competition Law Enforcement in China: Between Technocracy and Industrial Policy

Author: Svetiev Yane
Wang Lei
Publication venue: Duke University School of Law
Publication date: 01/01/2016
Field of study

The article provides a rare reconstruction of a number of early cases decided under the Chinese Anti-Monopoly Law. In particular, the article seeks to go behind the published decisions of the responsible authorities, to reconstruct their decision-making process in particular by identifying the sources of consultation and the arguments that various stakeholders presented to the authorities about what course of action to follow

Archivio istituzionale della Ricerca - Bocconi

Combining behavioural types with security analysis

Author: Bartoletti Massimo
Castellani Ilaria
Deniélou Pierre-Malo
Dezani-Ciancaglini Mariangiola
Ghilezan Silvia
Pantovic Jovanka
Pérez Jorge A.
Thiemann Peter
Toninho Bernardo
Vieira Hugo Torres
Publication venue: 'Elsevier BV'
Publication date: 01/01/2015
Field of study

Today's software systems are highly distributed and interconnected, and they increasingly rely on communication to achieve their goals; due to their societal importance, security and trustworthiness are crucial aspects for the correctness of these systems. Behavioural types, which extend data types by describing also the structured behaviour of programs, are a widely studied approach to the enforcement of correctness properties in communicating systems. This paper offers a unified overview of proposals based on behavioural types which are aimed at the analysis of security properties

arXiv.org e-Print Archive

Proceedings - University of Groningen

INRIA a CCSD electronic archive server

Dissertations of the University of Groningen