Profiling Android Vulnerabilities

Jimenez, Matthieu; Papadakis, Mike; Bissyande, Tegawendé François D Assise; Klein, Jacques

doi:10.1109/QRS.2016.34

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Profiling Android Vulnerabilities

Jimenez, Matthieu; Papadakis, Mike; Bissyande, Tegawendé François D Assise et al.

2016 • In 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS 2016)

Peer reviewed

Permalink
https://hdl.handle.net/10993/28093

DOI
10.1109/QRS.2016.34

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

ProfilingAndroidVulnerabilities.pdf

Author preprint (299.07 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Software Security; Complexity; Android; Vulnerabilities; Common Vulnerability Exposure

Abstract :

[en] In widely used mobile operating systems a single vulnerability can threaten the security and privacy of billions of users. Therefore, identifying vulnerabilities and fortifying software systems requires constant attention and effort. However, this is costly and it is almost impossible to analyse an entire code base. Thus, it is necessary to prioritize efforts towards the most likely vulnerable areas. A first step in identifying these areas is to profile vulnerabilities based on previously reported ones. To investigate this, we performed a manual analysis of Android vulnerabilities, as reported in the National Vulnerability Database for the period 2008 to 2014. In our analysis, we identified a comprehensive list of issues leading to Android vulnerabilities. We also point out characteristics of the locations where vulnerabilities reside, the complexity of these locations and the complexity to fix the vulnerabilities. To enable future research, we make available all of our data.

Disciplines :

Computer science

Author, co-author :

Jimenez, Matthieu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Papadakis, Mike ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Bissyande, Tegawendé François D Assise ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Klein, Jacques ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)

External co-authors :

Language :

English

Title :

Profiling Android Vulnerabilities

Publication date :

August 2016

Event name :

2016 IEEE International Conference on Software Quality, Reliability and Security

Event place :

Vienna, Austria

Event date :

from 01-08-2016 to 03-08-2016

Audience :

International

Main work title :

2016 IEEE International Conference on Software Quality, Reliability and Security (QRS 2016)

Publisher :

IEEE Computer Society

ISBN/EAN :

978-1-5090-4127-5

Pages :

222-229

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Available on ORBilu :

since 02 August 2016

Statistics

Number of views

271 (24 by Unilu)

Number of downloads

807 (19 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

WoS citations^™