Bibliography for Tightening the Android Mobile Platformcecs.wright.edu/~pmateti/Research/android-bib.pdf · Bibliography for Tightening the Android Mobile Platform Prabhaker Mateti

Bibliography for Tightening the Android Mobile Platform

Prabhaker Matetiwww.wright.edu/~pmateti

Wright State University, Dayton, OH 45435, USA

Jan 2016

This is a personal collection of Android securityresearch papers. Obviously, not exhaustive. Needslot more curating! I have many more refs still in theplain text form. Annotations are not mine. [This pdfis produced via pdflatex and \nocite{*}. Due tosome bugs in the bst I use, this is not always sortedaplhabetically.]

If you wish to contribute, please send me your .bibfile.

References

Mladen A Vouk. 2008. Cloud Computing – Is-sues, Research and Implementations. CIT. Jour-nal of Computing and Information Technology 16,4 (2008), 235–246. http://hrcak.srce.hr/file/69202.

Yousra Aafer, Wenliang Du, and Heng Yin. 2013.DroidAPIMiner: Mining API-level features for ro-bust malware detection in Android. In Security andPrivacy in Communication Networks. Springer,86–103.

Zair Abdelouahab, Cláudio Aroucha, DenivaldoLopes, Jonathan Santos, Willian Ribeiro, andHigo Pires. 2015. Adaptive Security Mechanism:a study on the different approaches to mobiledevices. Journal of Information Sciences andComputing Technologies 2, 2 (2015), 147–153.http://www.scitecresearch.com/journals/

index.php/jisct/article/viewFile/70/38.

Yoshihisa Abe and Garth Gibson. 2010. pWalrus:Towards better integration of parallel file systemsinto cloud storage. In Cluster Computing Work-shops and Posters (CLUSTER WORKSHOPS),2010 IEEE International Conference on. IEEE, 1–7.

Jagdish Prasad Achara, Gergely Acs, and ClaudeCastelluccia. 2015. On the unicity of smart-phone applications. In Proceedings of the 14thACM Workshop on Privacy in the Electronic Soci-ety. ACM, 27–36. http://arxiv.org/pdf/1507.07851.pdf.:: Jagdish Prasad Achara [email protected] Gergely Acs [email protected] Claude Castelluccia [email protected] ABSTRACT Priorworks have shown that the list of apps installedby a user reveal a lot about user interests andbehavior. These works rely on the semantics of theinstalled apps and show that various user traitscould be learnt automatically using off-the-shelfmachine-learning techniques. In this work, wefocus on the re-identifiability issue and thoroughlystudy the unicity of smartphone apps on a datasetcontaining 54,893 Android users collected over aperiod of 7 months. Our study finds that any 4apps installed by a user are enough (more than95re-identification of the user in our dataset. Asthe complete list of installed apps is unique for99easily used to track/profile the users by a servicesuch as Twitter that has access to the whole listof installed apps of users. As our analyzed datasetis small as compared to the total population of

1

www.wright.edu/~pmatetihttp://hrcak.srce.hr/file/69202http://hrcak.srce.hr/file/69202http://www.scitecresearch.com/journals/index.php/jisct/article/viewFile/70/38http://www.scitecresearch.com/journals/index.php/jisct/article/viewFile/70/38http://arxiv.org/pdf/1507.07851.pdfhttp://arxiv.org/pdf/1507.07851.pdf

REFERENCES REFERENCES

Android users, we also study how unicity wouldvary with larger datasets. This work emphasizesthe need of better privacy guards against collec-tion, use and release of the list of installed apps.Categories and Subject Descriptors: K.4 [PublicPolicy Issues]: Privacy ;;

Carlisle Adams. 2013. Have Money, Will Travel: ABrief Survey of the Mobile Payments Landscape.(2013).

Christoffer Quist Adamsen, Gianluca Mezzetti, andAnders Møller. 2015. Systematic execution of An-droid test suites in adverse conditions. In Proceed-ings of the 2015 International Symposium on Soft-ware Testing and Analysis. ACM, 83–93.

Yuvraj Agarwal and Malcolm Hall. 2013. Protect-MyPrivacy: detecting and mitigating privacy leakson iOS devices using crowdsourcing. In Proceed-ing of the 11th annual international conference onMobile systems, applications, and services. ACM,97–110.

Farhan Habib Ahmad, Komal Batool, and AzharJaved. 2016. Detection of Privacy Threat by Pe-culiar Feature Extraction in Malwares to Com-bat Targeted Cyber Attacks. In Advanced Com-puter and Communication Engineering Technol-ogy. Springer, 1237–1247.

Masab Ahmad, Syed Kamran Haider, Farrukh Hi-jaz, Marten van Dijk, and Omer Khan. 2015. Ex-ploring the performance implications of memorysafety primitives in many-core processors execut-ing multi-threaded workloads. In Proceedings of theFourth Workshop on Hardware and ArchitecturalSupport for Security and Privacy. ACM, 6.

PS Aiyyappan. 2015. Android Forensic Sup-port Framework. Master’s thesis. AmritaVishwa Vidyapeetham, Ettimadai, TamilNadu 641112, India. Advisor: PrabhakerMateti, http://cecs.wright.edu/~pmateti/GradStudents/index.html.

Devdatta Akhawe and Adrienne Porter Felt. 2013.Alice in Warningland: A Large-Scale Field

Study of Browser Security Warning Effectiveness(USENIX Security Symposium 2013).

Md Mozammil Alam, Sourav Hati, Debashis De, andSamiran Chattopadhyay. 2014. SeCure Sharing OfMobile Device Data Using Public Cloud. In Con-fluence The Next Generation Information Technol-ogy Summit (Confluence), 2014 5th InternationalConference-. IEEE, 149–154.

Bas Alberts and Massimiliano Oldani. 2011. Beatingup on Android. http://titanium.immunityinc.com/(2011). http://titanium.immunityinc.com/infiltrate/archives.html.

Ahmad-Reza Sadeghi Alexandra Dmitrienko,Christopher Liebchen, Christian Rossow. 2014.On the (In)Security of Mobile Two-Factor Au-thentication. In Financial Cryptography andData Security (FC’14). http://www.icri-sc.org/fileadmin/user_upload/Group_TRUST/

PubsPDF/Dmitrienko-127-camera-ready.pdf.:: Abstract: Two-factor authentication (2FA)schemes aim at strengthening the security of loginpassword-based authentication by deploying sec-ondary authentication tokens. In this context, mo-bile 2FA schemes require no additional hardware(e.g., a smartcard) to store and handle the sec-ondary authentication token, and hence are con-sidered as a reasonable trade-off between security,usability and costs. They are widely used in on-line banking and increasingly deployed by Inter-net service providers. In this paper, we investi-gate 2FA implementations of several well-knownInternet service providers such as Google, Drop-box, Twitter and Facebook. We identify variousweaknesses that allow an attacker to easily by-pass them, even when the secondary authentica-tion token is not under attacker’s control. We thengo a step further and present a more general at-tack against mobile 2FA schemes. Our attack re-lies on cross-platform infection that subverts con-trol over both end points (PC and a mobile device)involved in the authentication protocol. We ap-ply this attack in practice and successfully circum-vent diverse schemes: SMS-based TAN solutionsof four large banks, one instance of a visual TAN

2 Android security .bib A personal collection of www.wright.edu/~pmateti 2016/02/21

http://cecs.wright.edu/~pmateti/GradStudents/index.htmlhttp://cecs.wright.edu/~pmateti/GradStudents/index.htmlhttp://titanium.immunityinc.com/infiltrate/archives.htmlhttp://titanium.immunityinc.com/infiltrate/archives.htmlhttp://www.icri-sc.org/fileadmin/user_upload/Group_TRUST/PubsPDF/Dmitrienko-127-camera-ready.pdfhttp://www.icri-sc.org/fileadmin/user_upload/Group_TRUST/PubsPDF/Dmitrienko-127-camera-ready.pdfhttp://www.icri-sc.org/fileadmin/user_upload/Group_TRUST/PubsPDF/Dmitrienko-127-camera-ready.pdfwww.wright.edu/~pmateti


scheme, 2FA login verification systems of Google,Dropbox, Twitter and Facebook accounts, and theGoogle Authenticator app currently used by 32third-party service providers. Finally, we clusterand analyze hundreds of real-world malicious An-droid apps that target mobile 2FA schemes andshow that banking Trojans already deploy mobilecounterparts that steal 2FA credentials like TANs.;;

Mohammed Alhamed, Khalid Amiri, MansoorOmari, and Wei Le. 2013. Comparing privacy con-trol methods for smartphone platforms. In Engi-neering of Mobile-Enabled Systems (MOBS), 20131st International Workshop on the. IEEE, 36–41.

Shaikh Bushra Almin and Madhumita Chatterjee.2015. A Novel Approach to Detect Android Mal-ware. Procedia Computer Science InternationalConference on Advanced Computing Technologiesand Applications (ICACTA) 45 (2015), 407–417.

H.M.J. Almohri, Danfeng Yao, and D. Kafura.2014a. Process Authentication for High Sys-tem Assurance. Dependable and Secure Com-puting, IEEE Transactions on 11, 2 (March2014), 168–180. DOI:http://dx.doi.org/10.1109/TDSC.2013.29

Hussain MJ Almohri, Danfeng Daphne Yao, andDennis Kafura. 2014b. DroidBarrier: KnowWhat is Executing on Your Android. In Pro-ceedings of the 4th ACM conference on Dataand application security and privacy. ACM, 257–264. http://people.cs.vt.edu/danfeng/papers/spy008-almohri.pdf.:: PhD candidate of Computer Science, VirginiaTech; has URLs to perf measurement sites ;;

Hussain MJ Almohri, Danfeng Daphne Yao, andDennis Kafura. 2014c. DroidBarrier: Know whatis executing on your Android. In Proceedings of the4th ACM conference on Data and Application Se-curity and Privacy. ACM, 257–264.

Cory Altheide and Harlan Carvey. 2011. Dig-ital Forensics with Open Source Tools: Using

Open Source Platform Tools for Performing Com-puter Forensics on TargetSystems: Windows, Mac,Linux, Unix, etc. Elsevier.

Domenico Amalfitano, Anna Rita Fasolino, and Por-firio Tramontana. 2011. A gui crawling-basedtechnique for android mobile application testing.In Software Testing, Verification and ValidationWorkshops (ICSTW), 2011 IEEE Fourth Interna-tional Conference on. IEEE, 252–261.

Domenico Amalfitano, Anna Rita Fasolino, PorfirioTramontana, and Bryan Robbins. 2013. TestingAndroid Mobile Applications: Challenges, Strate-gies, and Approaches. Advances in Computers(2013).:: Abstract Recently, the rise in popularity of mo-bile applications for mobile devices and the growthestimates for this market make mobile applicationdevelopment a strategic business sector. As a vari-ety of new scenarios for mobile devices and applica-tions emerges, users and developers will require im-proved reliability, usability, performance, and secu-rity. In such a context, open platforms for mobileapplication development, such as the Android op-erating system, are assuming a preponderant role.To satisfy this growing request for high quality ap-plications, developers must devote greater effortand attention to software development processes.In particular, testing and its automation play astrategic part for assuring the quality of applica-tions. This chapter analyzes the main challengesand open issues in the field of mobile applicationtesting for the Android platform, with an empha-sis on advances in the field. We present suitableand effective principles, guidelines, models, tech-niques, and technologies for Android applicationtesting and conclude with an outline of future per-spectives. ;;

Domenico Amalfitano, Anna Rita Fasolino, PorfirioTramontana, Bryan Dzung Ta, and Atif M Memon.2015. MobiGUITAR: Automated Model-BasedTesting of Mobile Apps. Software, IEEE 32, 5(2015), 53–59.

anatomyofandroid.com. 2013. Anatomy of Android.http://anatomyofandroid.com.


http://dx.doi.org/10.1109/TDSC.2013.29http://dx.doi.org/10.1109/TDSC.2013.29http://people.cs.vt.edu/danfeng/papers/spy008-almohri.pdfhttp://people.cs.vt.edu/danfeng/papers/spy008-almohri.pdfhttp://anatomyofandroid.comwww.wright.edu/~pmateti


:: a superficial description of internals, often quot-ing Yaghmour and AOSP src code chunks ;;

Mauro Andreolini, Michele Colajanni, and MircoMarchetti. 2015. A collaborative framework for in-trusion detection in mobile networks. InformationSciences (2015).

Andriller. 2015. Andriller Smartphone Forensic De-coder. Technical Report. andriller.com.:: Andriller is collection of forensic tools for smart-phones. It performs read-only, forensically sound,non-destructive acquisition from Android devices.It has other features, such as powerful Lockscreencracking for Pattern, PIN code, or Password; cus-tom decoders for Apps data from Android (andsome Apple iOS) databases for decoding commu-nications. Extraction and decoders produce reportsin HTML and Excel (.xlsx) formats. ;;

Andro AndroRat. 2014. How to Spy Any AndroidDevice with AndroRat. web. (Aug. 2014).

Iosif Androulidakis, Vasileios Vlachos, and PeriklisChatzimisios. 2015. A methodology for testing bat-tery deprivation denial of service attacks in mobilephones. In Information and Digital Technologies(IDT), 2015 International Conference on. IEEE,6–10.

Joseph Annuzzi Jr, Lauren Darcey, and Shane Con-der. 2013. Introduction to Android application de-velopment: Android essentials. Pearson Educa-tion.

R Anusuya. 2016 July. Android Dashboardof Processes Past and Present. Master’sthesis. Amrita Vishwa Vidyapeetham, Etti-madai, Tamil Nadu 641112, India. Advi-sor: Prabhaker Mateti; http://cecs.wright.edu/~pmateti/GradStudents/index.html.

Zahid Anwar and Waqas Ahmad Khan. 2015. Guesswho is listening in to the board meeting: on the useof mobile device applications as roving spy bugs.Security and Communication Networks (2015).:: ... The next entry, AndroRAT, is a fully featuredremote access Trojan for Android devices that lets

hackers remotely control various aspects of a mo-bile device using Internet protocol communicationover a user datagram protocol port. Used togetherwith a binder software, it can be ... ;;

Dimitris Apostolopoulos, Giannis Marinakis,Christoforos Ntantogian, and Christos Xenakis.2013. Discovering Authentication Credentialsin Volatile Memory of Android Mobile Devices.In Collaborative, Trusted and Privacy-Awaree/m-Services. Springer, 178–185.

Axelle Apvrille and Ange Albertini. 2014.Hide Android Applications in Im-ages. blackhat.com. https://www.blackhat.com/docs/eu-14/materials/

eu-14-Apvrille-Hide-Android-Applications-In-Images-wp.

pdf.:: Axelle Apvrille, Fortinet, FortiGuard Labs120, rue Albert Caquot 06410 Biot, [email protected] Ange Albertini, [email protected] September 18, 2014 AbstractWith AngeCryption, [Alb14b] has demonstrated itis possible to encrypt any input into a chosen JPGor PNG image. For a mobile malware author, thisis particularly interesting when applied to Androidpackages (APK). Indeed, in that case, an attackercan craft a seemingly genuine wrapping APK whichcontains a valid image (e.g a logo) as resource orasset. However, the code is able to transform thisunsuspicious image into another APK, carryingthe malicious payload. The attacker installs thatAPK, and performs his/her nefarious deeds. Suchan attack is highly likely to go unnoticed, becausethe wrapping APK hardly has anything suspiciousabout it, and nothing about the payload APK leaksas it is encrypted. Additionally, the attack workswith any payload and currently on any version ofAndroid. In short, what you see is on the left (animage). What there really is on the right (an An-droid application). ;;

Lorenzo Cavallaro Aristide Fattori, Kimberly Tam,Salahuddin J. Khan and Alessandro Reina. 2014.On the Reconstruction of Android Malware Behav-iors. (2014).


http://cecs.wright.edu/~pmateti/GradStudents/index.htmlhttp://cecs.wright.edu/~pmateti/GradStudents/index.htmlhttps://www.blackhat.com/docs/eu-14/materials/eu-14-Apvrille-Hide-Android-Applications-In-Images-wp.pdfhttps://www.blackhat.com/docs/eu-14/materials/eu-14-Apvrille-Hide-Android-Applications-In-Images-wp.pdfhttps://www.blackhat.com/docs/eu-14/materials/eu-14-Apvrille-Hide-Android-Applications-In-Images-wp.pdfhttps://www.blackhat.com/docs/eu-14/materials/eu-14-Apvrille-Hide-Android-Applications-In-Images-wp.pdfwww.wright.edu/~pmateti


:: This is pioneering work which uses Binder as acentral component of an Android malware analysissystem. ;;

Alessandro Armando, Gianluca Bocci, GiantonioChiarelli, Gabriele Costa, Gabriele De Maglie,Rocco Mammoliti, and Alessio Merlo. 2015. SAM:The Static Analysis Module of the MAVERIC Mo-bile App Security Verification Platform. In Toolsand Algorithms for the Construction and Analysisof Systems. Springer, 225–230.:: ... approach was used in [2] where a prototype im-plementation analysed hundreds of Android appli-cations against a ... it is still under development,SAM can be already applied to the security anal-ysis of ... 1. Aktug, I., Naliuka, K.: ConSpec Aformal language for policy specification. ... ;;

Alessandro Armando, Gabriele Costa, and AlessioMerlo. 2013a. Formal modeling and reasoningabout the android security framework. In Trust-worthy Global Computing. Springer, 64–81.

Alessandro Armando, Gabriele Costa, and AlessioMerlo. 2013b. Formal modeling and reasoningabout the Android security framework. In Trust-worthy Global Computing. Springer, 64–81. http://www.csec.it/pubs/tgc2012.pdf.:: Abstract. Android OS is currently the mostwidespread mobile operating system and is verylikely to remain so in the near future. The num-ber of available Android applications will soonreach the staggering figure of 500,000, with an av-erage of 20,000 applications being introduced inthe Android Market over the last 6 months. Sincemany applications (e.g., home banking applica-tions) deal with sensitive data, the security of An-droid is receiving a growing attention by the re-search community. However, most of the work as-sumes that Android meets some given high-levelsecurity goals (e.g. sandboxing of applications).Checking whether these security goals are met istherefore of paramount importance. Unfortunatelythis is also a very difficult task due to the lack ofa detailed security model encompassing not onlythe interaction among applications but also the in-terplay between the applications and the function-

alities offered by Android. To remedy this situa-tion in this paper we propose a formal model ofAndroid OS that allows one to formally state thehigh-level security goals as well as to check whetherthese goals are met or to identify potential securityweaknesses. ;;

Alessandro Armando, Alessio Merlo, MauroMigliardi, and Luca Verderame. 2012. WouldYou Mind Forking This Process? A Denial ofService Attack on Android (and Some Counter-measures). In Information Security and PrivacyResearch. Springer, 13–24.

Alessandro Armandoa, Alessio Merloa, MauroMigliardid, and Luca Verderamea. 2013. Breakingand fixing the Android Launching Flow. Comput-ers & Security Volume 39, Part A (2013), 104–115.:: Abstract The security model of the Android OSis based on the effective combination of a number ofwell-known security mechanisms (e.g. statically de-fined permissions for applications, the isolation of-fered by the Dalvik Virtual Machine, and the well-known Linux discretionary access control model).Although each security mechanism has been ex-tensively tested and proved to be effective in iso-lation, their combination may suffer from unex-pected security flaws. We show that this is actu-ally the case by presenting a severe vulnerability inAndroid related to the application launching flow.This vulnerability is based on a security flaw af-fecting a kernel-level socket (namely, the Zygotesocket). We also present an exploit of the vulnera-bility that allows a malicious application to mounta severe Denial-of-Service attack that makes theAndroid devices become totally unresponsive. Be-sides explaining the vulnerability (which affects allversions of Android up to version 4.0.3) we proposetwo fixes. One of the two fixes has been adopted inthe official release of Android, starting with ver-sion 4.1. We empirically assess the impact of thevulnerability as well as the efficacy of the counter-measures on the end user. We conclude by extend-ing our security analysis to the whole set of sockets,showing that other sockets do not suffer from thesame vulnerability as the Zygote one. ;;


http://www.csec.it/pubs/tgc2012.pdfhttp://www.csec.it/pubs/tgc2012.pdfwww.wright.edu/~pmateti


Frederik Armknecht and Andreas Dewald. 2015.Privacy-preserving email forensics. Digital In-vestigation 14, Supplement 1 (2015), S127– S136. DOI:http://dx.doi.org/10.1016/j.diin.2015.05.003 The Proceedings of the Fif-teenth Annual {DFRWS} Conference.

Daniel Arp, Michael Spreitzenbarth, Malte Hübner,Hugo Gascon, Konrad Rieck, and CERT Siemens.2014. DREBIN: Effective and Explainable Detec-tion of Android Malware in Your Pocket. In Net-work and Distributed System Security Symposium(NDSS).

Nitay Artenstein and Idan Revivo. 2014. Man inthe Binder: He Who Controls IPC, Controls theDroid. (2014). https://www.blackhat.com/docs/eu-14/materials/eu-14-/Artenstein-/

Man-In-The-Binder-/He-Who-Controls-/

IPC-Controls-The-Droid-wp.pdf.

Steven Arzt, Siegfried Rasthofer, and EricBodden. 2013. Instrumenting Androidand Java Applications as Easy as abc. InRuntime Verification. Springer, 364–381.https://www.informatik.tu-darmstadt.de/

fileadmin/user_upload/Group_EC-Spride/

Publikationen/Instrumenting_Android_and_

Java_Applications_as_Easy_as_abc.pdf.

Aswathy Asok. 201x. Mobile Device OS Architecturesfor Privacy. Ph.D. Dissertation. Amrita VishwaVidyapeetham.

N. Asokan, Jan-Erik Ekberg, Kari Kostiainen, AnandRajan, Carlos Rozas, Ahmad-Reza Sadeghi, Stef-fen Schulz, , and Christian Wachsmann. 2014. Mo-bile Trusted Computing. Proc. IEEE 102, 8 (Aug.2014).

Kumaripaba Athukorala, Eemil Lagerspetz, Mariavon Kügelgen, Antti Jylhä, Adam J Oliner, SasuTarkoma, and Giulio Jacucci. 2014. How carat af-fects user behavior: implications for mobile batteryawareness applications. In Proceedings of the 32ndannual ACM conference on Human factors in com-puting systems. ACM, 1029–1038.

Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang,and David Lie. 2012. Pscout: Analyzing the An-droid Permission Specification. In Proceedings ofthe 2012 ACM conference on Computer and com-munications security. ACM, 217–228.

Abhijeet Awade, Amir Talwar, Bhushan Khopade,and Vishal Nande. 2014. WallDroid: Firewallsfor the Android OS. International Journal ofAdvanced Engineering & Innovative Technology 1(2014). Issue 1. http://ijaeit.com/Paper-Pdf/Paper05.pdf.:: Questionable journal, and article. Abhi-jeet Awade,Amir Talwar, Bhushan Khopadeand Vishal Nande B.E Computer Engi-neering, Navsahyadri Education SocietysGroup of Institutions, Pune. For corre-spondence:[email protected],[email protected],[email protected],[email protected] - Security is becoming an increasinglyimportant feature of today’s mobile environmentwhere users download unknown apps and connecttheir smartphones to unknown networks whileroaming. Android has become a very popular op-erating systems for smartphones and tablets but atthe same time threats associated to this platform,like malware or exploits, are also growing. As itis becoming more and more popular to connectmobile phone and other hand held devices to theinternet, the big question is; ”How to protect thosedevices from the perils of the internet?”. Thisproject investigates issues with the implementa-tion of a Firewall system for protecting mobiledevices. To enable an ordinary mobile phone userto setup a Firewall configuration to protect hismobile phone it is important to have a systemthat is easy to understand and warns the userof possible mistakes. This project proposes andvaluates an enhanced security model and architec-ture, WallDroid, enabling virtualized applicationspecifc Firewalls. The WallDroid solution can beconsidered as an Android Firewall Application butwith some extra functionality. Keycomponentsused by the solution include VPN technologies likethe Point to Point Tunneling Protocol (PPTP)


http://dx.doi.org/10.1016/j.diin.2015.05.003http://dx.doi.org/10.1016/j.diin.2015.05.003https://www.blackhat.com/docs/eu-14/materials/eu-14-/Artenstein-/Man-In-The-Binder-/He-Who-Controls- /IPC-Controls-The-Droid-wp.pdfhttps://www.blackhat.com/docs/eu-14/materials/eu-14-/Artenstein-/Man-In-The-Binder-/He-Who-Controls- /IPC-Controls-The-Droid-wp.pdfhttps://www.blackhat.com/docs/eu-14/materials/eu-14-/Artenstein-/Man-In-The-Binder-/He-Who-Controls- /IPC-Controls-The-Droid-wp.pdfhttps://www.blackhat.com/docs/eu-14/materials/eu-14-/Artenstein-/Man-In-The-Binder-/He-Who-Controls- /IPC-Controls-The-Droid-wp.pdfhttps://www.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_EC-Spride/Publikationen/Instrumenting_Android_and_Java_Applications_as_Easy_as_abc.pdfhttps://www.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_EC-Spride/Publikationen/Instrumenting_Android_and_Java_Applications_as_Easy_as_abc.pdfhttps://www.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_EC-Spride/Publikationen/Instrumenting_Android_and_Java_Applications_as_Easy_as_abc.pdfhttps://www.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_EC-Spride/Publikationen/Instrumenting_Android_and_Java_Applications_as_Easy_as_abc.pdfhttp://ijaeit.com/Paper-Pdf/Paper 05.pdfhttp://ijaeit.com/Paper-Pdf/Paper 05.pdfwww.wright.edu/~pmateti


and the android Cloud to Device MessagingFramework (C2DM). Our project is based on thecloud keeping track of millions of applications andtheir reputation (good, bad, or unknown) andcomparing traffic flows of applications with a listof knownmalicious IP servers. ;;

Ahmed Ben Ayed. 2015. A literature Re-view on Android Permission System. In-ternational Journal of Advanced Research inComputer Engineering & Technology (2015).http://ijarcet.org/wp-content/uploads/

IJARCET-VOL-4-ISSUE-4-1520-1523.pdf.:: Ahmed Ben Ayed has received his Bachelor ofScience in Computer Information Systems, Masterof Science in Cyber Security and Information As-surance, and currently pursuing a doctorate degreein Computer Science at Colorado Technical Uni-versity, his research interest are Android Security,Pattern recognition of Malicious Applications, Ma-chine Learning, Cryptography, Information & Sys-tem Security, and Computer networks.;; Abstract -Android uses a permission-based model to protectits users information and system resources. Thispermission-based system has been the center ofmany researchers interest; they have been used toidentify malicious behaviors and ultimately couldhelp identify malicious applications. This study isnot intended to create an anti-malware solution ormethod; instead it offers a literature review on An-droid permissions system and illustrates previouswork that has been studied using permissions toidentify harmful applications. This study could beused as a source to better understand the Androidarchitecture and its permission-based system. In-dex TermsAndroid Security, Permission-based sys-tems, malware detection. ;;

Md Tanzirul Azim, Iulian Neamtiu, and Lisa MMarvel. 2014. Towards Self-Healing SmartphoneSoftware via Automated Patching. In Proceedingsof the 29th ACM/IEEE international conferenceon Automated software engineering. ACM, 623–628. http://www.cs.ucr.edu/~neamtiu/pubs/ase14azim.pdf.

Tanzirul Azim and Iulian Neamtiu. 2013a. Targeted

and depth-first exploration for systematic testingof android apps. ACM SIGPLAN Notices 48, 10(2013), 641–660.

Tanzirul Azim and Iulian Neamtiu. 2013b. Targetedand Depth-first Exploration for Systematic Testingof Android Apps. In OOPSLA 2013. ACM, 641–660. http://www.cs.ucr.edu/~neamtiu/pubs/oopsla13azim.pdf.:: University of California, Riverside;; Experi-ments with using our approach on 25 popularAndroid apps including BBC News, Gas Buddy,Amazon Mobile, YouTube, Shazam Encore, andCNN, show that our exploration techniques achieve59.3964.11% activity coverage and 29.5336.46%method coverage ;;

Francesco Azzola. 2014. Android BoundService: IPC with Messenger. Surviv-ingWithAndroid.com. http://www.survivingwithandroid.com/2014/01/

android-bound-service-ipc-with-messenger.

html.

Michael Backes, Sven Bugiel, Sebastian Gerling,and Philipp von Styp-Rekowsky. 2014. AndroidSecurity Framework: Extensible multi-layeredaccess control on Android. In Proceedings ofthe 30th Annual Computer Security Appli-cations Conference. ACM, 46–55. https://infsec.cs.uni-saarland.de/~bugiel/

publications/pdfs/bugiel14-acsac1.pdf.

Sherenaz Al-Haj Baddar, Alessio Merlo, and MauroMigliardi. 2014. Anomaly Detection in ComputerNetworks: A State-of-the-Art Review. Journalof Wireless Mobile Networks, Ubiquitous Com-puting, and Dependable Applications (JoWUA) 5,4 (2014), 29–64. http://isyou.info/jowua/papers/jowua-v5n4-2.pdf.:: Abstract The ever-lasting challenge of detect-ing and mitigating failures in computer networkshas become more essential than ever; especiallywith the enormous number of smart devices thatget connected to all sorts of network everyday.Whether the root cause of a given anomaly is asecurity breach, a component failure, an environ-mental factor, or even any combination of these


http://ijarcet.org/wp-content/uploads/IJARCET-VOL-4-ISSUE-4-1520-1523.pdfhttp://ijarcet.org/wp-content/uploads/IJARCET-VOL-4-ISSUE-4-1520-1523.pdfhttp://www.cs.ucr.edu/~neamtiu/pubs/ase14azim.pdfhttp://www.cs.ucr.edu/~neamtiu/pubs/ase14azim.pdfhttp://www.cs.ucr.edu/~neamtiu/pubs/oopsla13azim.pdfhttp://www.cs.ucr.edu/~neamtiu/pubs/oopsla13azim.pdfhttp://www.survivingwithandroid.com/2014/01/android-bound-service-ipc-with-messenger.htmlhttp://www.survivingwithandroid.com/2014/01/android-bound-service-ipc-with-messenger.htmlhttp://www.survivingwithandroid.com/2014/01/android-bound-service-ipc-with-messenger.htmlhttp://www.survivingwithandroid.com/2014/01/android-bound-service-ipc-with-messenger.htmlhttps://infsec.cs.uni-saarland.de/~bugiel/publications/pdfs/bugiel14-acsac1.pdfhttps://infsec.cs.uni-saarland.de/~bugiel/publications/pdfs/bugiel14-acsac1.pdfhttps://infsec.cs.uni-saarland.de/~bugiel/publications/pdfs/bugiel14-acsac1.pdfhttp://isyou.info/jowua/papers/jowua-v5n4-2.pdfhttp://isyou.info/jowua/papers/jowua-v5n4-2.pdfwww.wright.edu/~pmateti


reasons, anomalies need to be detected and mit-igated timely and properly. In this paper, we re-view and evaluate the state-of-the-art studies onthe problem of anomaly detection in computer net-works. We provide an elaborate description of theanomaly detection problem, and depict the differ-ent categorizations of its solutions. We also illus-trate some recent state-of-the-art solutions on thenetwork level, and depict current trends in han-dling malware-induced anomalies in smartphonenetworks. Additionally, we evaluate the presentedsolutions and highlight their shortcomings. ;;

Hamid Bagheri, Alireza Sadeghi, Joshua Gar-cia, and Sam Malek. COVERT: CompositionalAnalysis of Android Inter-App Vulnerabilities.(????). http://cs.gmu.edu/~tr-admin/papers/GMU-CS-TR-2015-1.pdf.:: Abstract Android is the most popular plat-form for mobile devices. It facilitates sharing ofdata and services among applications using a richinter-app communication system. While access toresources can be controlled by the Android per-mission system, enforcing permissions is not suffi-cient to prevent security violations, as permissionsmay be mismanaged, intentionally or unintention-ally. Androids enforcement of the permissions is atthe level of individual apps, allowing multiple ma-licious apps to collude and combine their permis-sions or to trick vulnerable apps to perform actionson their behalf that are beyond their individualprivileges. In this paper, we present COVERT, atool for compositional analysis of Android inter-app vulnerabilities. COVERTs analysis is modularto enable incremental analysis of applications asthey are installed, updated, and removed. It stat-ically analyzes the reverse engineered source codeof each individual app, and extracts relevant secu-rity specifications in a format suitable for formalverification. Given a collection of specifications ex-tracted in this way, a formal analysis engine (e.g.,model checker) is then used to verify whether it issafe for a combination of applicationsholding cer-tain permissions and potentially interacting witheach otherto be installed together. Our experiencewith using COVERT to examine over 200 real-

world apps corroborates its ability to find inter-app vulnerabilities in bundles of some of the mostpopular apps on the market. ;;

Hamid Bagheri, Alireza Sadeghi, Reyhaneh Jabbar-vand, and Sam Malek. Automated Dynamic En-forcement of Synthesized Security Policies in An-droid. (????). http://cs.gmu.edu/~tr-admin/papers/GMU-CS-TR-2015-5.pdf.:: Abstract As the dominant mobile computingplatform, Android has become a prime target forcyber-security attacks. Many of these attacks aremanifested at the application level, and throughthe exploitation of vulnerabilities in apps down-loaded from the popular app stores. Increasingly,sophisticated attacks exploit the vulnerabilities inmultiple installed apps, making it extremely dif-ficult to foresee such attacks, as neither the appdevelopers nor the store operators know a prioriwhich apps will be installed together. This pa-per presents an approach that allows the end-usersto safeguard a given bundle of apps installed ontheir device from such attacks. The approach, re-alized in a tool, called DROIDGUARD, combinesstatic code analysis with lightweight formal meth-ods to automatically infer security-relevant proper-ties from a bundle of apps. It then uses a constraintsolver to synthesize possible security exploits, fromwhich fine-grained security policies are derived andautomatically enforced to protect a given device.In our experiments with over 4,000 Android apps,DROIDGUARD has proven to be highly effectiveat detecting previously unknown vulnerabilities aswell as preventing their exploitation. ;;

Rebecca Balebako, Abigail Marsh, Jialiu Lin, JasonHong, and Lorrie Faith Cranor. 2014. The Privacyand Security Behaviors of Smartphone App Devel-opers. In USEC. 23 February 2014, ISBN1-891562-37-1 http://dx.doi.org/10.14722/usec.2014.23006.

Justin R Ball. 2014. Detection and Prevention ofAndroid Malware Attempting to Root the Device.Technical Report. DTIC Document.

Konstantia Barbatsalou, Bruno Sousa, and EdmundoMonteiro1and Paulo Simoes. 2015. Mobile Foren-sics for PPDR Communications: How and why. In


http://cs.gmu.edu/~tr-admin/papers/GMU-CS-TR-2015-1.pdfhttp://cs.gmu.edu/~tr-admin/papers/GMU-CS-TR-2015-1.pdfhttp://cs.gmu.edu/~tr-admin/papers/GMU-CS-TR-2015-5.pdfhttp://cs.gmu.edu/~tr-admin/papers/GMU-CS-TR-2015-5.pdfwww.wright.edu/~pmateti


The Proceedings of the 10th International Confer-ence on Cyber Warfare and Security ICCWS 2015.Academic Conferences Limited, 30.

Adam Bates, Ben Mood, Masoud Valafar, and KevinButler. 2013. Towards secure provenance-based ac-cess control in cloud environments. In Proceedingsof the third ACM conference on Data and applica-tion security and privacy. ACM, 277–284.

Adam Bates, Dave Jing Tian, Kevin RB Butler, andThomas Moyer. 2015. Trustworthy whole-systemprovenance for the Linux kernel. In 24th USENIXSecurity Symposium (USENIX Security 15). 319–334.

Lynn M Batten, Veelasha Moonsamy, and MoutazAlazab. 2016. Smartphone Applications, Mal-ware and Data Theft. In Computational Intelli-gence, Cyber Security and Computational Models.Springer, 15–24.

Andreas Bauer, Jan-Christoph Küster, and Gil Veg-liach. 2012. Runtime Verification Meets An-droid Security. In NASA Formal Methods.Springer, 174–180. http://kuester.multics.org/publications/NFM12.pdf.

Andrew Baumann, Dongyoon Lee, Pedro Fonseca,Lisa Glendenning, Jacob R Lorch, Barry Bond,Reuben Olinsky, and Galen C Hunt. 2013. Com-posing OS extensions safely and efficiently withBascule. In Proceedings of the 8th ACM Euro-pean Conference on Computer Systems. ACM,239–252. http://www.msr-waypoint.net/pubs/180156/bascule_eurosys13.pdf.

Andrew Baumann, Marcus Peinado, and GalenHunt. 2014. Shielding applications from anuntrusted cloud with haven. In USENIXSymposium on Operating Systems Designand Implementation (OSDI). https://www.usenix.org/system/files/conference/

osdi14/osdi14-paper-baumann.pdf.

Michael Beck, Robert Magnus, and Ulrich Kunitz.2002. Linux Kernel Internals. Addison-WesleyLongman Publishing Co., Inc.

Nelson HF Beebe. 2015. A Complete Bibliography ofIEEE Security & Privacy. (2015).

Adam Belay, Andrea Bittau, Ali Mashtizadeh, DavidTerei, David Mazières, and Christos Kozyrakis.2012. Dune: Safe User-Level Access to PrivilegedCPU Features. In 10th USENIX Symposium onOperating Systems Design and Implementation(OSDI 12). USENIX, Hollywood, CA, 335–348.https://www.usenix.org/conference/osdi12/

technical-sessions/presentation/belay

https://www.usenix.org/system/files/

conference/osdi12/osdi12-final-117.pdf.

Adam Belay, George Prekas, Ana Klimovic,Samuel Grossman, Christos Kozyrakis, andEdouard Bugnion. 2014a. IX: A protecteddataplane operating system for high through-put and low latency. In 11th USENIX Sym-posium on Operating Systems Design and Im-plementation (OSDI 14),(Broomfield, CO). 49–65. https://www.usenix.org/system/files/conference/osdi14/osdi14-paper-belay.pdf.

Adam Belay, George Prekas, Ana Klimovic,Samuel Grossman, Christos Kozyrakis, andEdouard Bugnion. 2014b. IX: A protecteddataplane operating system for high through-put and low latency. In 11th USENIX Sym-posium on Operating Systems Design and Im-plementation (OSDI 14),(Broomfield, CO). 49–65. https://www.usenix.org/system/files/conference/osdi14/osdi14-paper-belay.pdf.

Giampaolo Bella and Helge Janicke. 2013. Specialissue on the Security Track at the ACM Sympo-sium on Applied Computing 2013. InternationalJournal of Information Security (2013), 1–2.

Muli Ben-Yehuda, Omer Peleg, Orna AgmonBen-Yehuda, Igor Smolyar, and Dan Tsafrir.2013. The nonkernel: a Kernel Designedfor the Cloud. In Proceedings of the 4thAsia-Pacific Workshop on Systems. ACM, 7.http://www.hypervisorconsulting.com/pubs/

nom/nonkernel-apsys13.pdf.


http://kuester.multics.org/publications/NFM12.pdfhttp://kuester.multics.org/publications/NFM12.pdfhttp://www.msr-waypoint.net/pubs/180156/bascule_eurosys13.pdfhttp://www.msr-waypoint.net/pubs/180156/bascule_eurosys13.pdfhttps://www.usenix.org/system/files/conference/osdi14/osdi14-paper-baumann.pdfhttps://www.usenix.org/system/files/conference/osdi14/osdi14-paper-baumann.pdfhttps://www.usenix.org/system/files/conference/osdi14/osdi14-paper-baumann.pdfhttps://www.usenix.org/conference/osdi12/technical-sessions/presentation/belayhttps://www.usenix.org/conference/osdi12/technical-sessions/presentation/belayhttps://www.usenix.org/system/files/conference/osdi12/osdi12-final-117.pdfhttps://www.usenix.org/system/files/conference/osdi12/osdi12-final-117.pdfhttps://www.usenix.org/system/files/conference/osdi14/osdi14-paper-belay.pdfhttps://www.usenix.org/system/files/conference/osdi14/osdi14-paper-belay.pdfhttps://www.usenix.org/system/files/conference/osdi14/osdi14-paper-belay.pdfhttps://www.usenix.org/system/files/conference/osdi14/osdi14-paper-belay.pdfhttp://www.hypervisorconsulting.com/pubs/nom/nonkernel-apsys13.pdfhttp://www.hypervisorconsulting.com/pubs/nom/nonkernel-apsys13.pdfwww.wright.edu/~pmateti


Ryad Benadjila, Olivier Billet, Shay Gueron, andMatt JB Robshaw. 2009. The Intel AES instruc-tions set and the SHA-3 candidates. In Advancesin Cryptology–ASIACRYPT 2009. Springer, 162–178.:: Abstract. The search for SHA-3 is now well-underway and the 51 accepted submissions reflecta wide variety of design approaches. A significantnumber are built around Rijndael/AES-based op-erations and, in some cases, the AES round func-tion itself. Many of the design teams have pointedto the forthcoming Intel AES instructions set, toappear on Westmere chips during 2010, when mak-ing a variety of performance claims. In this paperwe study, for the first time, the likely impact of thenew AES instructions set on all the SHA-3 candi-dates that might benefit. As well as distinguishingbetween those algorithms that are AES-based andthose that might be described as AES-inspired, wehave developed optimised code for all the former.Since Westmere processors are not yet available, wehave developed a novel software technique basedon publicly available information that allows us toaccurately emulate the performance of these algo-rithms on the currently available Nehalem proces-sor. This gives us the most accurate insight to-dateof the potential performance of SHA-3 candidatesusing the Intel AES instructions set ;;

Christian Benvenuti. 2006. Understanding Linux net-work internals. O’Reilly Media, Inc.

Mateusz Berezecki. 2014. Managing overhead asso-ciated with service requests via software generatedinterrupts. (May 20 2014). US Patent 8,732,371.

Bernhard J Berger, Michaela Bunke, and KarstenSohr. 2011. An Android security case study withbauhaus. In Reverse Engineering (WCRE), 201118th Working Conference on. IEEE, 179–183.

Emery D Berger and Benjamin G Zorn. 2006.DieHard: Probabilistic Memory Safety forUnsafe Languages. In ACM SIGPLAN No-tices, Vol. 41. ACM, 158–168. http://scholarworks.umass.edu/cgi/viewcontent.

cgi?article=1086&context=cs_faculty_pubs.

Shweta Bhandari, Rishabh Gupta, Vijay Laxmi,Manoj Singh Gaur, Akka Zemmari, and MaximAnikeev. 2015. DRACO: DRoid analyst combo anandroid malware analysis framework. In Proceed-ings of the 8th International Conference on Secu-rity of Information and Networks. ACM, 283–289.

Wasim Ahmad Bhat and SMK Quadri. 2012. OpenSource Code Doesnt Always Help: Case of File Sys-tem Development. Trends in Information Manage-ment (TRIM) 7, 2 (2012).

Suparna Bhattacharya, Steven Pratt, BadariPulavarty, and Janet Morgan. 2003. Asyn-chronous I/O support in Linux 2.5. In Proceedingsof the Linux Symposium. 371–386.

Michael Bierma, Eric Gustafson, Jeremy Er-ickson, David Fritz, and Yung Ryn Choe.2014. Andlantis: Large-scale Android Dy-namic Analysis. http://arxiv.org/. (2014).http://arxiv.org/pdf/1410.7751.pdf.:: Sandia National Laboratories, University of Cal-ifornia, Davis;; Abstract Analyzing Android appli-cations for malicious behavior is an important areaof research, and is made difficult, in part, by theincreasingly large number of applications availablefor the platform. While techniques exist to per-form static analysis on a large number of appli-cations, dynamic analysis techniques are relativelylimited in scale due to the computational resourcesrequired to emulate the full Android system toachieve accurate execution. We present Andlantis,a scalable dynamic analysis system capable of pro-cessing over 3000 Android applications per hour.During this processing, the system is able to col-lect valuable forensic data, which helps reverse-engineers and malware researchers identify and un-derstand anomalous application behavior. We dis-cuss the results of running 1261 malware samplesthrough the system, and provide examples of mal-ware analysis performed with the resulting data.;;

Walter Binder. 2015. Analyzing Distributed Multi-platform Java and Android Applications with


http://scholarworks.umass.edu/cgi/viewcontent.cgi?article=1086&context=cs_faculty_pubshttp://scholarworks.umass.edu/cgi/viewcontent.cgi?article=1086&context=cs_faculty_pubshttp://scholarworks.umass.edu/cgi/viewcontent.cgi?article=1086&context=cs_faculty_pubswww.wright.edu/~pmateti


ShadowVM. In Programming Languages and Sys-tems: 13th Asian Symposium, APLAS 2015, Po-hang, South Korea, November 30-December 2,2015, Proceedings, Vol. 9458. Springer, 356.

W. Black and K. PRICE. 2014. Systemsand methods for transparent per-file encryp-tion and decryption via metadata identifica-tion. (Sept. 11 2014). https://www.google.com/patents/US20140258720 US Patent App.14/203,974.

Cedric Van Bockhaven and Jochem van Kerk-wijk. 2014. Android Patching. Master’s the-sis. https://www.os3.nl/_media/2013-2014/courses/rp2/p40_report.pdf Supervisor:Jochem van Kerkwijk.

Andrey Bogdanov, Florian Mendel, Francesco Regaz-zoni, Vincent Rijmen, and Elmar Tischhauser.2014. ALE: AES-based lightweight authenticatedencryption. In Fast Software Encryption. Springer,447–466.

Hristo Bojinov, Dan Boneh, Rich Cannings, andIliyan Malchev. 2011. Address space random-ization for mobile devices. In Proceedings of thefourth ACM conference on Wireless network secu-rity. ACM, 127–138.

Gianluca Borello. 2014. Sysdig Cloud -Hiding Linux Processes For Fun AndProfit. (2014). https://sysdig.com/hiding-linux-processes-for-fun-and-profit/.

Francisco Borrego-Jaraba, Gonzalo Cerruela Garćıa,Irene Luque Ruiz, and Miguel Ángel Gómez-Nieto.2013. An NFC based context-aware solution for ac-cess to bibliographic sources in university environ-ments. Journal of Ambient Intelligence and SmartEnvironments 5, 1 (2013), 105–118.

Daniel P Bovet and Marco Cesati. 2005. Understand-ing the Linux Kernel. O’Reilly Media, Inc.

Stefan Brahler. 2010a. Analysis of the an-droid architecture. Master’s thesis. Karl-sruhe institute for technology. https:

//os.itec.kit.edu/downloads/sa_2010_

braehler-stefan_android-architecture.pdf.:: Erstgutachter: Prof. Dr. Frank Bellosa Be-treuende Mitarbeiter: Dr. Jan Sto, Dipl.-Inform.Konrad Miller Bearbeitungszeit: 2. Juni 2010 6.Oktober 2010 ;;

Stefan Brahler. 2010b. Analysis of the an-droid architecture. Karlsruhe institute fortechnology (2010). https://os.itec.kit.edu/downloads/sa_2010_braehler-stefan_

android-architecture.pdf.:: Erstgutachter: Prof. Dr. Frank Bellosa Be-treuende Mitarbeiter: Dr. Jan Sto, Dipl.-Inform.Konrad Miller Bearbeitungszeit: 2. Juni 2010 6.Oktober 2010 ;;

Benjamin Bramble, Michael Swift, Kristine LouiseEmery, Ashley Hofer, Dan Rozumalski, ClayTheiler, Janis Von Ruden, James R Larus,Lesli Scott, Hannah Brown, and others. 2014.Predicting Power Usage of Android Applica-tions. (2014). https://minds.wisconsin.edu/bitstream/handle/1793/69024/TR1808.pdf.:: Benjamin Bramble UW-Madison Michael SwiftUW-Madison May 2014 Abstract Android baseddevices have become increasing important in manypeoples lives. The increasing number of device com-ponents like cameras, WIFI, and multicore proces-sors as well as increasingly complex applicationsdrain the battery leading to frustrated users whodepend on non-stop access to their device. We pro-pose a solution named SApp that will educate theuser on the impact of their applications by provid-ing an opportunity to reduce the battery consump-tion through smarter user decisions and prioritiza-tion. This is a three step process: test the impact ofthe specific device components, then measure theperformance of applications, and combine heuris-tics with the measurements to predict future ap-plication impacts. The end result is an educateduser capable of extending the life of their devicethrough informed decisions. ;;

Uri Braun, Simson Garfinkel, David A Holland,Kiran-Kumar Muniswamy-Reddy, and Margo ISeltzer. 2006. Issues in automatic provenance col-


https://www.google.com/patents/US20140258720https://www.google.com/patents/US20140258720https://www.os3.nl/_media/2013-2014/courses/rp2/p40_report.pdfhttps://www.os3.nl/_media/2013-2014/courses/rp2/p40_report.pdfhttps://sysdig.com/hiding-linux-processes-for-fun-and-profit/https://sysdig.com/hiding-linux-processes-for-fun-and-profit/https://os.itec.kit.edu/downloads/sa_2010_braehler-stefan_android-architecture.pdfhttps://os.itec.kit.edu/downloads/sa_2010_braehler-stefan_android-architecture.pdfhttps://os.itec.kit.edu/downloads/sa_2010_braehler-stefan_android-architecture.pdfhttps://os.itec.kit.edu/downloads/sa_2010_braehler-stefan_android-architecture.pdfhttps://os.itec.kit.edu/downloads/sa_2010_braehler-stefan_android-architecture.pdfhttps://os.itec.kit.edu/downloads/sa_2010_braehler-stefan_android-architecture.pdfhttps://minds.wisconsin.edu/bitstream/handle/1793/69024/TR1808.pdfhttps://minds.wisconsin.edu/bitstream/handle/1793/69024/TR1808.pdfwww.wright.edu/~pmateti


lection. In Provenance and annotation of data.Springer, 171–183.

Uri Braun, Avraham Shinnar, and Margo I Seltzer.2008. Securing Provenance.. In HotSec.

Kerry D Brown and Ronald P Knapp. 2015.MOBILE-TO-MOBILE TRANSACTIONS.(Jan. 15 2015). US Patent 20,150,019,441.

Dominic Bucerzan and Crina Raţiu. 2016. ImageProcessing with Android Steganography. In SoftComputing Applications. Springer, 27–36.

Tomasz Buchert, Lucas Nussbaum, and Jens Gust-edt. 2015. Towards Complete Tracking of Prove-nance in Experimental Distributed Systems Re-search. In Euro-Par 2015: Parallel ProcessingWorkshops. Springer, 604–616.

Sven Bugiel, Lucas Davi, Alexandra Dmitrienko,Thomas Fischer, and Ahmad-Reza Sadeghi. 2011.Xmandroid: A new android evolution to mitigateprivilege escalation attacks. Technische UniversitätDarmstadt, Technical Report TR-2011-04 (2011).

Sven Bugiel, Lucas Davi, Alexandra Dmitrienko,Thomas Fischer, Ahmad-Reza Sadeghi, andBhargava Shastry. 2012. Towards TamingPrivilege-Escalation Attacks on Android. In NDSS.18. http://core.ac.uk/download/files/544/18286747.pdf.

Sven Bugiel, Lucas Davi, Alexandra Dmitrienko,Stephan Heuser, Ahmad-Reza Sadeghi, and Bhar-gava Shastry. 2011. Practical and Lightweight Do-main Isolation on Android. In Proceedings of the1st ACM workshop on Security and privacy insmartphones and mobile devices. ACM, 51–62.

Sven Bugiel, Stephan Heuser, and Ahmad-RezaSadeghi. 2013. Flexible and fine-grained manda-tory access control on Android for diverse secu-rity and privacy policies. In 22nd USENIX SecuritySymposium (USENIX Security’13). USENIX.

Iker Burguera, Urko Zurutuza, and Simin Nadjm-Tehrani. 2011. Crowdroid: behavior-based mal-ware detection system for android. In Proceedings

of the 1st ACM workshop on Security and privacyin smartphones and mobile devices. ACM, 15–26.

Ivan Burke and Heloise Pieterse. 2015. How to TameYour Android Malware. In The Proceedings of the10th International Conference on Cyber Warfareand Security ICCWS 2015. Academic ConferencesLimited, 54. https://www.researchgate.net/profile/Ivan_Burke/publication/274255324_

How_to_Tame_Your_Android_Malware/links/

551a4b050cf2f51a6fea2f7c.pdf.

Johnathon Burket, Lori Flynn, Will Klieber,Jonathan Lim, and William Snavely. 2015a. Mak-ing DidFail Succeed: Enhancing the CERT StaticTaint Analyzer for Android App Sets. (2015).

Johnathon Burket, Lori Flynn, Will Klieber,Jonathan Lim, and William Snavely. 2015b.Making DidFail Succeed: Enhancing the CERTStatic Taint Analyzer for Android App Sets.(2015). http://repository.cmu.edu/cgi/viewcontent.cgi?article=1825&context=sei.

Miao Cai, Qinsheng Hou, Fangfang Jing, and QiaoDing. 2013. Research of Cloud Security Commu-nication Firewall Based on Android Platform. InProceedings of the 2nd International Conferenceon Computer Science and Electronics Engineering.Atlantis Press.

Jennifer Campbell and Anya Tafliovich. 2015. AnExperience Report: Using Mobile Development ToTeach Software Design. In Proceedings of the 46thACM Technical Symposium on Computer ScienceEducation. ACM, 506–511.:: ... In future, the instructors will plan a formaltraining session on Android and will aim to identifyTAs who are more expert in this area to becomethe go-to for this type of consultation. ... Learningmobile security with android security labware. ... ;;

Yinzhi Cao, Yanick Fratantonio, Antonio Bianchi,Manuel Egele, Christopher Kruegel, Giovanni Vi-gna, and Yan Chen. 2015. EdgeMiner: Automat-ically Detecting Implicit Control Flow Transitionsthrough the Android Framework. In Network andDistributed System Security Symposium (NDSS).


http://core.ac.uk/download/files/544/18286747.pdf http://core.ac.uk/download/files/544/18286747.pdfhttps://www.researchgate.net/profile/Ivan_Burke/publication/274255324_How_to_Tame_Your_Android_Malware/links/551a4b050cf2f51a6fea2f7c.pdfhttps://www.researchgate.net/profile/Ivan_Burke/publication/274255324_How_to_Tame_Your_Android_Malware/links/551a4b050cf2f51a6fea2f7c.pdfhttps://www.researchgate.net/profile/Ivan_Burke/publication/274255324_How_to_Tame_Your_Android_Malware/links/551a4b050cf2f51a6fea2f7c.pdfhttps://www.researchgate.net/profile/Ivan_Burke/publication/274255324_How_to_Tame_Your_Android_Malware/links/551a4b050cf2f51a6fea2f7c.pdfhttp://repository.cmu.edu/cgi/viewcontent.cgi?article=1825&context=seihttp://repository.cmu.edu/cgi/viewcontent.cgi?article=1825&context=seiwww.wright.edu/~pmateti


San Diego, CA, USA. http://cs.northwestern.edu/~ychen/Papers/NDSS15_edgeMinder.pdf.

Lucian Carata, Sherif Akoush, Nikilesh Balakrish-nan, Thomas Bytheway, Ripduman Sohan, MargoSelter, and Andy Hopper. 2014. A Primer onProvenance. Commun. ACM 57, 5 (2014), 52–60. https://www.cl.cam.ac.uk/~sa497/pop_cacm.pdf.

Nicholas Carlini, Adrienne Porter Felt, and DavidWagner. 2012. An Evaluation of the GoogleChrome Extension Security Architecture (USENIXSecurity Symposium 2012).

Nicholas Carlini and David Wagner. 2014. ROPis still dangerous: Breaking modern defenses.In USENIX Security Symposium. https://www.usenix.org/system/files/conference/

usenixsecurity14/sec14-paper-carlini.pdf.

Aaron Carroll and Gernot Heiser. 2010a. An Anal-ysis of Power Consumption in a Smartphone.. InUSENIX annual technical conference. 271–285.

Aaron Carroll and Gernot Heiser. 2010b.An Analysis of Power Consumption ina Smartphone.. In USENIX annual tech-nical conference, Vol. 14. Boston, MA.https://www.usenix.org/legacy/event/

usenix10/tech/full_papers/Carroll.pdf.:: NICTA and University of New SouthWales [email protected] Gernot HeiserNICTA, University of New South Wales and OpenKernel Labs [email protected] Abstract Mobileconsumer-electronics devices, especially phones,are powered from batteries which are limited insize and therefore capacity. This implies that man-aging energy well is paramount in such devices.Good energy management requires a good under-standing of where and how the energy is used. Tothis end we present a detailed analysis of the powerconsumption of a recent mobile phone, the Open-moko Neo Freerunner. We measure not only overallsystem power, but the exact breakdown of powerconsumption by the devices main hardware compo-nents. We present this power breakdown for micro-benchmarks as well as for a number of realistic us-

age scenarios. These results are validated by over-all power measurements of two other devices: theHTC Dream and Google Nexus One. We develop apower model of the Freerunner device and analysethe energy usage and battery lifetime under a num-ber of usage patterns. We discuss the significanceof the power drawn by various components, andidentify the most promising areas to focus on forfurther improvements of power management. Wealso analyse the energy impact of dynamic volt-age and frequency scaling of the devices applicationprocessor. ;;

Giuseppe Cattaneo, Luigi Catuogno, AnielloDel Sorbo, and Pino Persiano. 2001. The Designand Implementation of a Transparent Cryp-tographic File System for UNIX.. In USENIXAnnual Technical Conference, FREENIX Track.10–3.

Luca Caviglione, Mauro Gaggero, Jean-François La-lande, Wojciech Mazurczyk, and Marcin Urban-ski. 2016. Seeing the Unseen: Revealing Mo-bile Malware Hidden Communications via EnergyConsumption and Artificial Intelligence. IEEETransactions on Information Forensics and Secu-rity (2016).

Davide Ceolin, Paul T Groth, Willem Robert VanHage, Archana Nottamkandath, and Wan Fokkink.2012. Trust Evaluation through User Reputationand Provenance Analysis. URSW 900 (2012), 15–26. http://ceur-ws.org/Vol-900/paper2.pdf.

Subhamoy Chakraborti, DP Acharjya, and SugataSanyal. 2015. Application Security frameworkfor Mobile App Development in Enterprise setup.arXiv preprint arXiv:1503.05992 (2015). http://arxiv.org/pdf/1503.05992.pdf.:: *Subhamoy Chakraborti Magma Fin-corp Limited, India Email: [email protected] D. P. Acharjya School ofComputing Science and Engineering, VIT Univer-sity, Vellore, India E mail: [email protected] Sanyal Corporate Technology Office, TataConsultancy Services, Mumbai, India Email:[email protected] *Corresponding author ;;


http://cs.northwestern.edu/~ychen/Papers/NDSS15_edgeMinder.pdfhttp://cs.northwestern.edu/~ychen/Papers/NDSS15_edgeMinder.pdf https://www.cl.cam.ac.uk/~sa497/pop_cacm.pdf https://www.cl.cam.ac.uk/~sa497/pop_cacm.pdfhttps://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-carlini.pdfhttps://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-carlini.pdfhttps://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-carlini.pdfhttps://www.usenix.org/legacy/event/usenix10/tech/full_papers/Carroll.pdfhttps://www.usenix.org/legacy/event/usenix10/tech/full_papers/Carroll.pdfhttp://ceur-ws.org/Vol-900/paper2.pdfhttp://arxiv.org/pdf/1503.05992.pdfhttp://arxiv.org/pdf/1503.05992.pdfwww.wright.edu/~pmateti


Supriyo Chakraborty, Chenguang Shen, Kas-turi Rangan Raghavan, Yasser Shoukry, MattMillar, and Mani Srivastava. 2014. ipShield: aframework for enforcing context-aware privacy. InProceedings of the 11th USENIX Conference onNetworked Systems Design and Implementation.USENIX Association, 143–156.

Patrick PF Chan, Lucas CK Hui, and Siu-Ming Yiu.2012. Droidchecker: analyzing android applica-tions for capability leak. In Proceedings of the fifthACM conference on Security and Privacy in Wire-less and Mobile Networks. ACM, 125–136.

C Kumar Charliepaul and G Immanual Gnanadu-rai. 2014. EFFICIENT INTEGRITY PROTEC-TION FOR ANDROID MOBILE. InternationalJournal On Engineering Technology and Sciences– IJETS I (Aug. 2014). Issue IV. http://ijets.in/Downloads/Published/E0140104005.pdf.:: Dr.C.Kumar Charliepaul Principal A.S.LPauls College of Engg & Tech, Coimbatore.G.Immanual Gnanadurai Assistant professor /CSE Dhaya College of Engineering, Madurai. [email protected] [email protected]: Currently lot of studies regarding PCviruses and worms but very less effect has beendone regarding the same issues in the mobileatmosphere. But high-speed growth of smartphone users it increasingly become the target ofpropagating viruses through the Bluetooth andWi-Fi and reaches into the mobile networks. Ina mobile viruses and malwares can cause privacyleakage, extra charges, and reduction of batterypower, remote listening and accessing privateshort message and call history logs etc. Addition-ally they can scrape wireless servers by sendinglot of spam messages or track user positions.In proposed system used a two layer networkmodel for spreading virus through both Bluetoothand SMS/MMS. Our work addressed the effectof human behaviors, i.e., Operational behaviorand Mobile behavior on virus propagation. Inaddition observe two strategies for avoid mobilevirus propagation i.e., Pre immunization andAdaptive Dissemination strategies represent on

the methodology of Autonomy-Oriented Com-puting. Here refer to these malware or viruses ascell-phone worms which are malicious codes thatact vulnerability in cell-phone software and spreadin networks through current services such as Blue-tooth and Short / Multimedia Messaging Service(SMS/MMS). A user can be automatically excit-ing for various SPAM messages generated by theworm and the phone battery will be quickly tired.Many studies reported the damages of mobileviruses. Keywords-Autonomy oriented comput-ing,Malwares,Android platform. ;; ... However,Clark-Wilson has the requirement that pro-grams undergo formal semantic verification. ... [4]Enck.W,Ongtang.M,andMcDaniel.P,UnderstandingAndroid Security,IEEE Security and Privacy, vol.7, no. 1, pp. 50-57, Jan.[2009]. ... ;;

Avik Chaudhuri. 2009. Language-based security onAndroid. In Proceedings of the ACM SIGPLANfourth workshop on programming languages andanalysis for security. ACM, 1–7.:: Abstract In this paper, we initiate a formal studyof security on Android: Googles new open-sourceplatform for mobile devices. Specifically, we presenta core typed language to describe Android appli-cations, and to reason about their data- flow se-curity properties. Our operational semantics andtype system provide some necessary foundationsto help both users and developers of Android ap-plications deal with their security concerns. Cat-egories and Subject Descriptors D.4.6 [OperatingSystems]: Security and ProtectionAccess controls,Verifi- cation; D.3.3 [Programming Languages]:Language Constructs and FeaturesControl con-structs General Terms Security, Languages, Veri-fication Keywords data-flow security, hybrid typesystem, mobile code, certified compilation ;;

Rinki R Chauhan and Chirag Gohel. 2015. Near FieldCommunication (NFC): An Emerging ContactlessTechnology. Wireless Communication 7, 1 (2015),15–19.

Stephen Checkoway. 2013. Iago Attacks: Why theSystem Call API is a Bad Untrusted RPC In-


http://ijets.in/Downloads/Published/E0140104005.pdfhttp://ijets.in/Downloads/Published/E0140104005.pdfwww.wright.edu/~pmateti


terface. (2013). https://www.cs.jhu.edu/~s/papers/iago2013/iago2013.pdf.

Stephen Checkoway, Lucas Davi, AlexandraDmitrienko, Ahmad-Reza Sadeghi, HovavShacham, and Marcel Winandy. 2010. Return-oriented programming without returns. InProceedings of the 17th ACM conference onComputer and communications security. ACM,559–572. http://cseweb.ucsd.edu/~hovav/dist/noret-ccs.pdf.

Ning Chen, Steven CH Hoi, Shaohua Li, and XiaokuiXiao. 2015. SimApp: A Framework for Detect-ing Similar Mobile Applications by Online KernelLearning. (2015).

Erika Chin, Adrienne Porter Felt, Kate Green-wood, and David Wagner. 2011. Analyzing inter-application communication in Android. In Proceed-ings of the 9th international conference on Mo-bile systems, applications, and services. ACM, 239–252. https://www.eecs.berkeley.edu/~daw/papers/intents-mobisys11.pdf.

Sunil Choenni, Mortaza S Bargh, Carmelita Roepan,and Ronald F Meijer. 2016. Privacy and Securityin Smart Data Collection by Citizens. In Smarteras the New Urban Agenda. Springer, 349–366.

Jongseok Choi and Howon Kim. 2012. A Novel Ap-proach for SMS security. International Journal ofSecurity and Its Applications 6 (2012), 373–378.

Andy Chou, Junfeng Yang, Benjamin Chelf, SethHallem, and Dawson Engler. 2001. An empiricalstudy of operating systems errors. Vol. 35. ACM.

Amit Choudhary. 2006. Implementinga System Call on Linux 2.6 for i386.Technical Report. http://www.tldp.org/.http://www.tldp.org/HOWTO/html_single/

Implement-Sys-Call-Linux-2.6-i386/.

Shauvik Roy Choudhary, Alessandra Gorla, andAlessandro Orso. 2015. Automated Test InputGeneration for Android: Are We There Yet?(E). InAutomated Software Engineering (ASE), 2015 30thIEEE/ACM International Conference on. IEEE,

429–440. http://arxiv.org/pdf/1503.07217.pdf.:: Shauvik Roy Choudhary Georgia Instituteof Technology, USA [email protected] Gorla IMDEA Software Institute,Spain [email protected] AlessandroOrso Georgia Institute of Technology, [email protected] ;;

J. Chow, T. GARFINKEL, and D. LUCCHETTI.2014a. Method and system for recording aselected computer process for subsequent re-play. (Feb. 18 2014). https://www.google.com/patents/US8656222 US Patent 8,656,222.

J. Chow, T. GARFINKEL, and D. LUCCHETTI.2014b. Method and system for recording aselected computer process for subsequent re-play. (Feb. 18 2014). https://www.google.com/patents/US8656222 US Patent 8,656,222, https://www.google.com/patents/US8656222.

Onur Cinar. 2012. Bionic API Primer. In Pro An-droid C++ with the NDK. Springer, 155–177.

Frances Cleary and Massimo Felici. 2014. CyberSecurity and Privacy: Third Cyber Security andPrivacy EU Forum, CSP Forum 2014, Athens,Greece, May 21-22, 2014, Revised Selected Papers.Vol. 470. Springer.

Mauro Conti, Luigi Vincenzo Mancini, Riccardo Spo-laor, and Nino Vincenzo Verde. 2016. Analyz-ing Android Encrypted Network Traffic to IdentifyUser Actions. Information Forensics and Security,IEEE Transactions on 11, 1 (2016), 114–125.

Vanessa Cooper. 2014. Tapjacking Threats andMitigation Techniques for Android Applications.(2014). http://digitalcommons.kennesaw.edu/.

Luis Corral, Anton B Georgiev, Andrea Janes, andStefan Kofler. 2015. Energy-aware performanceevaluation of Android custom kernels. In Pro-ceedings of the Fourth International Workshop onGreen and Sustainable Software. IEEE Press, 1–7.:: PM: Ok ;;


https://www.cs.jhu.edu/~s/papers/iago2013/iago2013.pdfhttps://www.cs.jhu.edu/~s/papers/iago2013/iago2013.pdfhttp://cseweb.ucsd.edu/~hovav/dist/noret-ccs.pdfhttp://cseweb.ucsd.edu/~hovav/dist/noret-ccs.pdfhttps://www.eecs.berkeley.edu/~daw/papers/intents-mobisys11.pdfhttps://www.eecs.berkeley.edu/~daw/papers/intents-mobisys11.pdfhttp://www.tldp.org/HOWTO/html_single/Implement-Sys-Call-Linux-2.6-i386/http://www.tldp.org/HOWTO/html_single/Implement-Sys-Call-Linux-2.6-i386/http://arxiv.org/pdf/1503.07217.pdfhttp://arxiv.org/pdf/1503.07217.pdfhttps://www.google.com/patents/US8656222https://www.google.com/patents/US8656222https://www.google.com/patents/US8656222https://www.google.com/patents/US8656222https://www.google.com/patents/US8656222https://www.google.com/patents/US8656222http://digitalcommons.kennesaw.edu/http://digitalcommons.kennesaw.edu/www.wright.edu/~pmateti


Marco Couto, Jacome Cunha, Joao Paulo Fernan-des, Rui Pereira, and Joao Saraiva. 2015. Green-Droid: A tool for analysing power consumption inthe android ecosystem. In Scientific Conference onInformatics, 2015 IEEE 13th International. IEEE,73–78.

John Criswell, Nathan Dautenhahn, and VikramAdve. 2014. Virtual Ghost: Protecting appli-cations from hostile operating systems. In Pro-ceedings of the 19th international conference onArchitectural support for programming languagesand operating systems. ACM, 81–96. http://web.engr.illinois.edu/~dautenh1/downloads/

publications/VirtualGhost-ASPLOS-2014.pdf.

Jonathan Crussell, Clint Gibler, and Hao Chen.2013. AnDarwin: Scalable Detection of Seman-tically Similar Android Applications. In ComputerSecurity–ESORICS 2013. Springer, 182–199.

CyberPunk. 2015. Android Free Foren-sic Toolkit. http://n0where.net/android-free-forensic-toolkit.:: AFFT is a toolkit to automatically acquire andextract data from Android image dumps ;;

CydiaSubstrate.com 2015. Cydia Substrate for An-droid. CydiaSubstrate.com. http://www.cydiasubstrate.com/.:: Similar to a framework called Xposed. Substratemakes it easy to modify software, even without thesource code. Code Injection. Substrate extensionsare simply classes that will be loaded immediatelyafter the Java VM is initialized, allowing an oppor-tunity to use other Substrate APIs. ;;

Christoffer Dall and Jason Nieh. 2014. KVM/ARM:the design and implementation of the Linux ARMHypervisor. In Proceedings of the 19th interna-tional conference on Architectural support for pro-gramming languages and operating systems. ACM,333–348. http://www.cs.columbia.edu/~nieh/pubs/asplos2014_kvmarm.pdf.

Pejman Dashtinejad. 2015. Security System forMobile Messaging Applications. (2015). http:

//www.diva-portal.org/smash/get/diva2:

813095/FULLTEXT01.pdf.:: Master of Science Thesis Examiner ProfessorSead Muftic Department of ICT KTH Univer-sity SE-100 44 Stockholm, Sweden TRITAICTEX-2015:2 Abstract Instant messaging (IM) applica-tions are one of the most popular applications forsmartphones. The IMs have the capability of send-ing messages or initiating voice calls via Internetwhich makes it almost cost free for the users tocommunicate with each other. Unfortunately, likeany other type of applications, majority of theseapplications are vulnerable to malicious attacksand have privacy issues. The motivation for thisthesis is the need to identifying security services ofan IM application and to design a secure system forany mobile messaging application. This researchproposes an E2EE (End-to-End Encryption) ap-proach which provides a secure IM application de-sign which protects its users with better integrity,confidentiality and privacy. To achieve this goal aresearch is conducted to investigate current secu-rity features of popular messaging applications inthe mobile market. A list of requirements for goodsecurity is generated and based on those require-ments an architecture is designed. A demo is alsoimplemented and evaluated. Keywords: Mobile,Application, messaging, Chat, Encryption, Secu-rity ;;

Alberto Dassatti, Olivier Auberson, Romain Bornet,Etienne Messerli, Jerome Stadelmann, and YannThoma. 2014. REPTAR: A universal platform forcodesign applications. In Education and ResearchConference (EDERC), 2014 6th European Embed-ded Design in. IEEE, 109–113.

Soumya Kanti Datta, Christian Bonnet, andNavid Nikaein. 2013. Minimizing energyexpenditure in smart devices. In Informa-tion & Communication Technologies (ICT),2013 IEEE Conference on. IEEE, 712–717.http://www.eurecom.fr/en/publication/

3946/download/cm-publi-3946.pdf.:: Soumya Kanti Datta, Christian Bonnet, NavidNikaein Mobile Communication Department EU-RECOM Sophia Antipolis, France dattas, bonnet,


http://web.engr.illinois.edu/~dautenh1/downloads/publications/VirtualGhost-ASPLOS-2014.pdfhttp://web.engr.illinois.edu/~dautenh1/downloads/publications/VirtualGhost-ASPLOS-2014.pdfhttp://web.engr.illinois.edu/~dautenh1/downloads/publications/VirtualGhost-ASPLOS-2014.pdfhttp://n0where.net/android-free-forensic-toolkithttp://n0where.net/android-free-forensic-toolkithttp://www.cydiasubstrate.com/http://www.cydiasubstrate.com/http://www.cs.columbia.edu/~nieh/pubs/asplos2014_kvmarm.pdfhttp://www.cs.columbia.edu/~nieh/pubs/asplos2014_kvmarm.pdfhttp://www.diva-portal.org/smash/get/diva2:813095/FULLTEXT01.pdfhttp://www.diva-portal.org/smash/get/diva2:813095/FULLTEXT01.pdfhttp://www.diva-portal.org/smash/get/diva2:813095/FULLTEXT01.pdfhttp://www.eurecom.fr/en/publication/3946/download/cm-publi-3946.pdfhttp://www.eurecom.fr/en/publication/3946/download/cm-publi-3946.pdfwww.wright.edu/~pmateti


[email protected] AbstractThe growing popu-larity of smartphones and tablets has highlightedseveral research issues. In this paper we focus onminimizing energy expenditure of Android devices.The energy dissipated by exotic hardware is ex-plained in detail. The software development prac-tices that result in high power consumption are alsodescribed. An application Power Monitor is devel-oped to understand the usage pattern of smart de-vices. We have presented three usage patterns andhave shown that how higher power consumptioncan be estimated from such patterns. This discus-sion sets the platform for power efficient applica-tion development. The paper then provides ade-quate road map to create such applications hav-ing reduced impact on battery life. Several guide-lines for the end users are also provided to pro-long the battery life. Finally the paper concludeswith some future research directions on minimiz-ing energy expenditure in Android devices. IndexTermsAndroid; energy expenditure; usage pattern;power optimized application development; batterylife. ;;

Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, and Marcel Winandy. 2010.Return-oriented programming without re-turns on ARM. System Security Lab-Ruhr University Bochum, Tech. Rep (2010).http://www.hgi.ruhr-uni-bochum.de/media/

trust/veroeffentlichungen/2010/07/21/

ROP-without-Returns-on-ARM.pdf.

Lucas Davi, Daniel Lehmann, Ahmad-Reza Sadeghi,and Fabian Monrose. 2014. Stitching the gadgets:On the ineffectiveness of coarse-grained control-flow integrity protection. USENIX Security Sym-posium. 2014. (2014).

Lucas Davi, Christopher Liebchen, Ahmad-RezaSadeghi, Kevin Z Snow, and Fabian Monrose.2015. Isomeron: Code randomization resilient to(just-in-time) return-oriented programming.Proc. 22nd Network and Distributed Sys-tems Security Sym.(NDSS) (2015). https://www.trust.informatik.tu-darmstadt.

de/fileadmin/user_upload/Group_TRUST/

PubsPDF/ndss.isomeron.camera.ready.pdf.

Lucas Davi, Ahmad-Reza Sadeghi, and Mar-cel Winandy. 2011. ROPdefender: A de-tection tool to defend against return-orientedprogramming attacks. In Proceedings of the6th ACM Symposium on Information, Com-puter and Communications Security. ACM, 40–51. http://extlibres.ru/media/storage/1/ROP/davi2011ropdefender.pdf.

Yahel Ben David. 2015. Connecting the Last Billion.(2015). http://www.eecs.berkeley.edu/Pubs/TechRpts/2015/EECS-2015-233.pdf.:: A dissertation submitted in partial satisfactionof the requirements for the degree of Doctor ofPhilosophy in Engineering - Electrical Engineeringand Computer Sciences in the Graduate Divisionof the University of California, Berkeley Commit-tee in charge: Professor Eric Brewer, Chair Pro-fessor Scott Shenker Professor Tapan Parikh Fall2015 Abstract Connecting the Last Billion by Ya-hel Ben David Doctor of Philosophy in Engineer-ing - Electrical Engineering and Computer Sci-ences University of California, Berkeley ProfessorEric Brewer, Chair The last billion people to jointhe online world, are likely to face at least one oftwo obstacles: Part I: Rural Internet Access Ru-ral, sparsely populated, areas make conventionalinfrastructure investments unfeasible: Big corpo-rations attempt to address this challenge via thelaunch of Low-Earth-Orbiting (LEO) satellite con-stellations, fleets of high-altitude balloons, and gi-ant solar-powered drones; although these grandioseinitiatives hold potential, they are costly and risky.At the same time, small local operators, WirelessInternet Service Providers (WISPs), are growingin numbers, in subscribe base and in territory cov-ered. WISPs can play a major role in serving agrowing number of rural communities, as well asoffer real competition to incumbent operators inurban and semi-urban markets, leading to betterservice at reduced costs. The key motivation forthis work is to lower the barriers-to-entry for smallrural WISPs, and to sustainably grow their oper-ation this has been my research focus for over 15


http://www.hgi.ruhr-uni-bochum.de/media/trust/veroeffentlichungen/2010/07/21/ROP-without-Returns-on-ARM.pdfhttp://www.hgi.ruhr-uni-bochum.de/media/trust/veroeffentlichungen/2010/07/21/ROP-without-Returns-on-ARM.pdfhttp://www.hgi.ruhr-uni-bochum.de/media/trust/veroeffentlichungen/2010/07/21/ROP-without-Returns-on-ARM.pdf https://www.trust.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/ndss.isomeron.camera.ready.pdf https://www.trust.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/ndss.isomeron.camera.ready.pdf https://www.trust.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/ndss.isomeron.camera.ready.pdf https://www.trust.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/ndss.isomeron.camera.ready.pdfhttp://extlibres.ru/media/storage/1/ROP/davi2011ropdefender.pdfhttp://extlibres.ru/media/storage/1/ROP/davi2011ropdefender.pdfhttp://www.eecs.berkeley.edu/Pubs/TechRpts/2015/EECS-2015-233.pdfhttp://www.eecs.berkeley.edu/Pubs/TechRpts/2015/EECS-2015-233.pdfwww.wright.edu/~pmateti


years. The core of this work is based on a case-study of a WISP, FurtherReach which we havebuilt from the ground up. This WISP brings broad-band Internet service to hundreds of subscribersat the south coast of Mendocino county in Cal-ifornia. Through designing, deploying and oper-ating this venture, we learn about the real chal-lenges faced by WISPs, develop technical solutionsas well as business models, operational methodolo-gies and deployment strategies. The FurtherReachcase study is presented in chapter 2. Chapter 1 in-troduces the overall WISP ecosystem. In chapter 3we discuss the potential of Software Defined Net-works (SDN) to aid in WISP operations. Finally,chapter 4 discusses the often overlooked computer-security concerns that are unique to rural commu-nities, especially in developing countries. Part II:Dissent Networking Oppressive regimes censor andrestrict information flow. Sadly, Internet censor-ship, in some countries, does not seem to be goingaway, and presents a growing challenge. The de-gree and effectiveness of censorship varies greatly,as does the risk of getting caught circumventing it.Similarly, the technologies to aid dissenters varyaccordingly. My work in this field predates smart-phones, which I believe could be made to offer safeand effective solutions even in the most danger-ous of countries. Should we consider these tech-nologies Internet access? Once again the degreeof connectivity, and especially interactivity, frombehind a censoring firewall, varies greatly. In chap-ter 5, I present our attempt at defining the threatsand narrating the exceptionally challenging prob-lem space. I find this chapter quite discouragingas it dictates exceptional restrictions on the designspace, yet ignoring these constraints may put usersof the technology in greater risks than without it.It makes us question if technology can help at all? Icontinue in chapter 6, to present Rangzen, our ini-tial attempt at designing a solution that adheres tothe strict constraints presented in 5. While limitedin functionality, especially given its delay-tolerantapproach, which is incompatible with many Inter-net applications that expect real-time interactiv-ity, it does successfully follow our design guidelinesfor dissent technologies as presented in chapter 5.

We have built an Android app, Rangzen, basedon these design specifications, which undergoes abeta testing program at the time of this writing.The app will be distributed freely on the Androidstore in January 2016, and the code is open sourceand available to the public. ;;

Maurice E Dawson Jr, Marwan Omar, and JonathanAbramson. 2015. Understanding the Methods be-hind Cyber Terrorism. (2015).

Daniel DeFreez. 2012. Android Privacy ThroughEncryption. Ph.D. Dissertation. Southern Ore-gon University. http://defreez.com/articles/thesis.pdf.

Soteris Demetriou, Xiaoyong Zhou, MuhammadNaveed, Yeonjoon Lee, Kan Yuan, X Wang, andCarl A Gunter. 2015. Whats in Your Dongle andBank Account? Mandatory and Discretionary Pro-tection of Android External Resources. (2015).

Lin Deng, Nariman Mirzaei, Paul Ammann, andJeff Offutt. 2015. Towards mutation analysis ofAndroid apps. In Software Testing, Verificationand Validation Workshops (ICSTW), 2015 IEEEEighth International Conference on. IEEE, 1–10.

Mattia Denti and Jukka K. Nurminen. 2013. Perfor-mance and Energy-Efficiency of Scala on MobileDevices. May (2013).

Luke Deshotels, Vivek Notani, and Arun Lakhotia.2014. DroidLegacy: Automated Familial Classifi-cation of Android Malware. In Proceedings of ACMSIGPLAN on Program Protection and ReverseEngineering Workshop 2014 (PPREW’14). ACM,New York, NY, USA, Article 3, 12 pages. DOI:http://dx.doi.org/10.1145/2556464.2556467

Anthony Desnos and Geoffroy Gueguen. 2011. An-droid: From reversing to decompilation. Proc. ofBlack Hat Abu Dhabi (2011).

Marijana Despotovi-Zraki, Aleksandar Belic, andVeljko Milutinović. 2014. Handbook of Research onHigh Performance and Cloud Computing in Scien-tific Research and Education. IGI Global.


http://defreez.com/articles/thesis.pdfhttp://defreez.com/articles/thesis.pdfhttp://dx.doi.org/10.1145/2556464.2556467www.wright.edu/~pmateti


developer.android.com 2014. Binder. devel-oper.android.com.

Mathieu Devos. 2014. Bionic vs Glibc Report. Mas-ter’s thesis. Universiteit Gent. Promotors: S. Vri-jders D. Staessens K. Casier.:: The goal of this report is to find and point outthe restrictions that apply when using the Bioniclibrary compared to the standard glibc. These areboth C/C++ standard libraries. The two librariesthat will be researched are: GNU C Library (glibc)Bionic Library (bionic) Both these standard li-braries provide support for the C and C++ lan-guage but are used on different platforms. Whereglibc is used within Linux distributions, bionic isused on android based systems. Over the courseof this report we will try to provide insight in theBionic library. We will try to find the origin anduse of the bionic library and why glibc was not ad-equate enough for the job. After that we will alsoprovide the restrictions and traps that come withthe use of the Bionic library. Concluding is donewith the general information and where to find in-formation before coding with the bionic library. Ingeneral the standard C/C++ library is small com-pared to other languages and should provide ad-equate speed when using low level programming.Since the standard library is so small it is veryeasy to port it to new platforms. This raises thequestion why Google decided to not use glibc butwrite their own adaptation of a standard C/C++library. In this report we hope to find the answer tothat question, while providing details where bothlibraries differ. ;;

Wenrui Diao, Xiangyu Liu, Zhe Zhou, and KehuanZhang. 2014. Your Voice Assistant is Mine: Howto Abuse Speakers to Steal Information and Con-trol Your Phone. arXiv preprint arXiv:1407.4923(2014).

Michael Dietz, Shashi Shekhar, Yuliy Pisetsky, An-hei Shu, and Dan S Wallach. 2011a. QUIRE:Lightweight Provenance for Smart Phone Oper-ating Systems. In USENIX Security Symposium.24. http://static.usenix.org/event/sec11/tech/full_papers/Dietz.pdf.

:: rice.edu ;;

Michael Dietz, Shashi Shekhar, Yuliy Pisetsky, An-hei Shu, and Dan S Wallach. 2011b. QUIRE:Lightweight Provenance for Smart Phone Operat-ing Systems.. In USENIX Security Symposium.

Alessandro Distefano, Gianluigi Me, and FrancescoPace. 2010. Android anti-forensics througha local paradigm. digital investigation 7(2010), S83–S94. http://www.dfrws.org/2010/proceedings/2010-310.pdf.

Quang Do, Ben Martini, and Kim-Kwang RaymondChoo. 2013. Enhancing User Privacy on AndroidMobile Devices Via Permissions Removal. In 47thAnnual Hawaii International Conference on Sys-tem Sciences (HICSS 2014).

Quang Do, Ben Martini, and Kim-Kwang RaymondChoo. 2014. Enhancing User Privacy on AndroidMobile Devices via Permissions Removal. In Sys-tem Sciences (HICSS), 2014 47th Hawaii Interna-tional Conference on. IEEE, 5070–5079.

Quang Do, Ben Martini, and Kim-Kwang RaymondChoo. 2015. Exfiltrating data from Android de-vices. Computers & Security 48 (2015), 74–91.

Christopher Dong and Xing Liu. Development of An-droid Application for Language Studies . IERI Pro-cedia (????).:: Abstract Mobile devices are becoming very pop-ular nowadays. Language textbooks with learningaids on mobile devices can greatly help studentswith their studies. The authors have been devel-oping learning aids on mobile devices that can beused in language courses. This paper introducesan Android application that can help students tomemorize vocabulary. The vocabulary is based ona published textbook. Students who are using thetextbook in their courses can review the vocabu-lary of the textbook using the virtual flashcardsand multiple choice quizzes provided by the appli-cation which runs on an Android device. ;;

Eli M Dow. 2010. Monitor Linux file system eventswith inotify. Technical Report. IBM Linux Test


http://static.usenix.org/event/sec11/tech/full_papers/Dietz.pdf http://static.usenix.org/event/sec11/tech/full_papers/Dietz.pdfhttp://www.dfrws.org/2010/proceedings/2010-310.pdfhttp://www.dfrws.org/2010/proceedings/2010-310.pdfwww.wright.edu/~pmateti


and Integration Center. http://www.ibm.com/developerworks/library/l-inotify.

Idilio Drago, Marco Mellia, Maurizio M Munafo,Anna Sperotto, Ramin Sadre, and Aiko Pras.2012. Inside dropbox: understanding personalcloud storage services. In Proceedings of the 2012ACM conference on Internet measurement confer-ence. ACM, 481–494.

Joshua J. Drake, Zach Lanier, Collin Mulliner, PauOliva, Stephen A. Ridley, and Georg Wicherski.2013. Android Hacker’s Handbook. Wiley. http://filepi.com/i/q0j0NIZ.

DroidSec.org. 2015. www.droidsec.org/wiki/. (2015).http://www.droidsec.org/wiki/.

David Drysdale website. 2014. Anatomy of a systemcall, part 1. https://lwn.net/Articles/604287.(2014).

Yao Du, Xiaoqing Wang, and Junfeng Wang. 2015.A static Android malicious code detection methodbased on multi-source fusion. Security and Com-munication Networks (2015).:: The rapid development of mobile malwaresmakes the traditional signature-based and single-feature based malware detec-tion methods a chal-lenging task. The surge of new malwares with morecomplex structures and dynamic characteristic-sleads to efficient fusion of multi-source maliciousinformation more difficult in detection. In this pa-per, we propose anew multi-source based methodto detect Android malwares by emphasizing on thetraditional static features, control flowgraph, andrepacking characteristics. Each category of featuresis treated as an independent information sourcein fea-ture extracting rules building and classifica-tion. Then, the DempsterShafer algorithm is usedto fuse these informationsources. This method canimprove accuracy of malware detection withoutadding too many instability characteristics thatareextracted from disassembled codes, and have betterperformance in the resistance to code obfuscationtechnologies. Toverify our method, different cate-gories of apps are collected to build the dataset inour experiment. Based on the dataset,our method

can achieve 97% detection accuracy and 1.9% falsepositive rate. Copyright 2015 John Wiley Sons,Ltd. ;;

Aditya Dwivedi and Preeti Saxena. 2015. An-droid Phone Security Using Wi-Fi Positioning Sys-tem. International Journal of Electrical and Elec-tronic Engineering & Telecommunications (2015),1–6. http://ijeetc.com/ijeetcadmin/upload/IJEETC_54acc0e4f294c.pdf.

Frank Ch Eigler. 2014. Systemtap tutorial.sourceware.org. http://www.sourceware.org/systemtap/tutorial.pdf.:: Systemtap is a tool that allows developers andadministrators to write and reuse simple scripts todeeply examine the activities of a live Linux sys-tem. Data may be extracted, filtered, and sum-marized quickly and safely, to enable diagnoses ofcomplex performance or functional problems. ;;

Frank Ch Eigler and Red Hat. 2006. Problem solv-ing with systemtap. In Proc. of the Ottawa LinuxSymposium. Citeseer, 261–268.

Frank C Eigler, Vara Prasad, Will Cohen, HienNguyen, Martin Hunt, Jim Keniston, and BradChen. 2005. Architecture of systemtap: a Linuxtrace/probe tool. (2005).

Nikolay Elenkov. 2014. Android Security Internals:An In-Depth Guide to Android’s Security Archi-tecture (1st ed.). No Starch Press, San Francisco,CA, USA.

elinux.org. 2014. Android Binder. eLinux.org (2014).http://elinux.org/Android_Binder.

Karim O. Elisha, Xiaokui Shua, Danfeng (Daphne)Yaoa, Barbara G. Rydera, and Xuxian Jiangb.2015. Profiling user-trigger dependence for An-droid malware detection. Computers & Security49 (2015), 255–273.

Documents

Bibliography for Tightening the Android Mobile Platformcecs.wright.edu/~pmateti/Research/android-bib.pdf · Bibliography for Tightening the Android Mobile Platform Prabhaker Mateti