Wang et al., 2023 - Google Patents
Taintmini: Detecting flow of sensitive data in mini-programs with static taint analysisWang et al., 2023
View PDF- Document ID
- 10933790452264068912
- Author
- Wang C
- Ko R
- Zhang Y
- Yang Y
- Lin Z
- Publication year
- Publication venue
- 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)
External Links
Snippet
Mini-programs, which are programs running inside mobile super apps such as WeChat, often have access to privacy-sensitive information, such as location data and phone numbers, through APUs provided by the super apps. This access poses a risk of privacy …
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | Taintmini: Detecting flow of sensitive data in mini-programs with static taint analysis | |
| Geneiatakis et al. | A Permission verification approach for android mobile applications | |
| Mendoza et al. | Mobile application web api reconnaissance: Web-to-mobile inconsistencies & vulnerabilities | |
| Diamantaris et al. | Reaper: real-time app analysis for augmenting the android permission system | |
| Gadient et al. | Security code smells in Android ICC | |
| Yang et al. | Automated generation of event-oriented exploits in android hybrid apps | |
| Garcia et al. | Automatic generation of inter-component communication exploits for android applications | |
| Mazuera-Rozo et al. | The Android OS stack and its vulnerabilities: an empirical study | |
| Praitheeshan et al. | Security evaluation of smart contract-based on-chain ethereum wallets | |
| Wang et al. | Uncovering and exploiting hidden apis in mobile super apps | |
| Ogata et al. | Vetting the security of mobile applications | |
| Mahmud et al. | Cardpliance:{PCI}{DSS} Compliance of Android Applications | |
| Qin et al. | Vulnerability detection on android apps–inspired by case study on vulnerability related with web functions | |
| Bergadano et al. | A modular framework for mobile security analysis | |
| Zhao et al. | Demystifying privacy policy of third-party libraries in mobile apps | |
| Li et al. | Minitracker: Large-scale sensitive information tracking in mini apps | |
| Alzaidi et al. | DroidRista: a highly precise static data flow analysis framework for android applications | |
| El-Zawawy et al. | Do not let Next-Intent Vulnerability be your next nightmare: type system-based approach to detect it in Android apps | |
| Baskaran et al. | Measuring the leakage and exploitability of authentication secrets in super-apps: The wechat case | |
| Sutter et al. | Dynamic Security Analysis on Android: A Systematic Literature Review | |
| Hsu | Practical security automation and testing: tools and techniques for automated security scanning and testing in devsecops | |
| Kishnani et al. | Assessing Security, Privacy, User Interaction, and Accessibility Features in Popular E-Payment Applications | |
| Tang et al. | Ssldetecter: detecting SSL security vulnerabilities of android applications based on a novel automatic traversal method | |
| Huang et al. | SieveDroid: Intercepting undesirable private-data transmissions in Android applications | |
| Tran et al. | Security issues in android application development and plug-in for android studio to support secure programming |