appprofiler a flexible method of exposing privacy related
play

AppProfiler: A Flexible Method of Exposing Privacy-Related Behavior - PowerPoint PPT Presentation

Dec 08, 2022 •14 likes •384 views

AppProfiler: A Flexible Method of Exposing Privacy-Related Behavior in Android Applications to End Users Sanae Rosen 1 Zhiyun Qian 2 Z. Morley Mao 1 1 University of Michigan Ann Arbor, MI 2 NEC Labs coe-cse-vert Motivation Implementation

  1. AppProfiler: A Flexible Method of Exposing Privacy-Related Behavior in Android Applications to End Users Sanae Rosen 1 Zhiyun Qian 2 Z. Morley Mao 1 1 University of Michigan Ann Arbor, MI 2 NEC Labs coe-cse-vert

  2. Motivation Implementation Details Analysis Summary The Problem Smartphones have lots of personal data, lots of apps: privacy concerns. Hard to make informed decisions about what applications to install. Filtering malware not enough. Privacy-intrusive applications may be acceptable for some but not others. Goal: Let users know what their apps do, in terms of privacy-sensitive behavior. coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 2 / 16

  3. Motivation Implementation Details Analysis Summary What about existing approaches? Permissions are supposed to tell users how their applications behave May be vague or even incorrect Many so prevalent that users are likely to ignore them Inflexible to modification Many proposals to improve the permission system We focus on immediate solutions Many proposals protect against smartphone-specific attacks or malware We focus on legitimate apps coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 3 / 16

  4. Motivation Implementation Details Analysis Summary What about existing approaches? Permissions are supposed to tell users how their applications behave May be vague or even incorrect Many so prevalent that users are likely to ignore them Inflexible to modification Many proposals to improve the permission system We focus on immediate solutions Many proposals protect against smartphone-specific attacks or malware We focus on legitimate apps coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 3 / 16

  5. Motivation Implementation Details Analysis Summary What about existing approaches? Permissions are supposed to tell users how their applications behave May be vague or even incorrect Many so prevalent that users are likely to ignore them Inflexible to modification Many proposals to improve the permission system We focus on immediate solutions Many proposals protect against smartphone-specific attacks or malware We focus on legitimate apps coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 3 / 16

  6. Motivation Implementation Details Analysis Summary Our Solution Automatically create profiles Download From of application behavior Market and offline. Decompile Create Knowledge base mapping Knowledge Base API calls to behaviors of Static Analysis to Identify Behaviors interest of Interest Use static analysis to find these behaviors User-Friendly Detailed Profiles Profiles Provide profiles to end users Also useful for more broadly understanding app behavior Android Large-Scale Application Analysis Flexible: Rules/profiles can easily be adapted coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 4 / 16

  7. Motivation Implementation Details Analysis Summary Our Solution Automatically create profiles Download From of application behavior Market and offline. Decompile Create Knowledge base mapping Knowledge Base API calls to behaviors of Static Analysis to Identify Behaviors interest of Interest Use static analysis to find these behaviors User-Friendly Detailed Profiles Profiles Provide profiles to end users Also useful for more broadly understanding app behavior Android Large-Scale Application Analysis Flexible: Rules/profiles can easily be adapted coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 4 / 16

  8. Motivation Implementation Details Analysis Summary Our Solution Automatically create profiles Download From of application behavior Market and offline. Decompile Create Knowledge base mapping Knowledge Base API calls to behaviors of Static Analysis to Identify Behaviors interest of Interest Use static analysis to find these behaviors User-Friendly Detailed Profiles Profiles Provide profiles to end users Also useful for more broadly understanding app behavior Android Large-Scale Application Analysis Flexible: Rules/profiles can easily be adapted coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 4 / 16

  9. Motivation Implementation Details Analysis Summary Our Solution Automatically create profiles Download From of application behavior Market and offline. Decompile Create Knowledge base mapping Knowledge Base API calls to behaviors of Static Analysis to Identify Behaviors interest of Interest Use static analysis to find these behaviors User-Friendly Detailed Profiles Profiles Provide profiles to end users Also useful for more broadly understanding app behavior Android Large-Scale Application Analysis Flexible: Rules/profiles can easily be adapted coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 4 / 16

  10. Motivation Implementation Details Analysis Summary Our Solution Automatically create profiles Download From of application behavior Market and offline. Decompile Create Knowledge base mapping Knowledge Base API calls to behaviors of Static Analysis to Identify Behaviors interest of Interest Use static analysis to find these behaviors User-Friendly Detailed Profiles Profiles Provide profiles to end users Also useful for more broadly understanding app behavior Android Large-Scale Application Analysis Flexible: Rules/profiles can easily be adapted coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 4 / 16

  11. Motivation Implementation Details Analysis Summary Our Solution Automatically create profiles Download From of application behavior Market and offline. Decompile Create Knowledge base mapping Knowledge Base API calls to behaviors of Static Analysis to Identify Behaviors interest of Interest Use static analysis to find these behaviors User-Friendly Detailed Profiles Profiles Provide profiles to end users Also useful for more broadly understanding app behavior Android Large-Scale Application Analysis Flexible: Rules/profiles can easily be adapted coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 4 / 16

  12. Motivation Implementation Details Analysis Summary Basic Assumptions and Limitations We do not attempt to detect malware or applications that otherwise subvert the Android framework API We do not currently address native code We supplement (instead of replacing) the permission system Our target audience is privacy-concerned users who are concerned about how apps behave coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 5 / 16

  13. Motivation Implementation Details Analysis Summary Step 1: Build the Knowledge Base Identify high-priority API calls Refine mappings with Frequency analysis of domain-specific classes and methods knowledge Mapping of API call patterns to behavior labels coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 6 / 16

  14. Motivation Implementation Details Analysis Summary Step 1: Build the Knowledge Base Identify high-priority API calls Refine mappings with Frequency analysis of domain-specific classes and methods knowledge Mapping of API call patterns to behavior labels coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 6 / 16

  15. Motivation Implementation Details Analysis Summary Step 1: Build the Knowledge Base Identify high-priority API calls Refine mappings with Frequency analysis of domain-specific classes and methods knowledge Mapping of API call patterns to behavior labels coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 6 / 16

  16. Motivation Implementation Details Analysis Summary Step 1: Build the Knowledge Base Identify high-priority API calls Refine mappings with Frequency analysis of domain-specific classes and methods knowledge Mapping of API call patterns to behavior labels coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 6 / 16

  17. Motivation Implementation Details Analysis Summary Example Knowledge Base Entry Category: Location - Type Subcategory: Regional data - State FunctionCall call: call.function.enclosingClass.name startsWith "android.location.Address" and call.function.name == "getAdminArea" FunctionCall call: call.function.enclosingClass.name startsWith "android.location.Address" and call.function.name == "getSubAdminArea" coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 7 / 16

  18. Motivation Implementation Details Analysis Summary Step 2: Apply to applications Find rule matches in decompiled app Identify behaviors Identify which from multiple rules rules belong to (e.g. photo with no ad libraries preview) Convert data into Simplify and focus user-readable on key behaviors profiles Technical User Profiles Profiles coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 8 / 16

  19. Motivation Implementation Details Analysis Summary Step 2: Apply to applications Find rule matches in decompiled app Identify behaviors Identify which from multiple rules rules belong to (e.g. photo with no ad libraries preview) Convert data into Simplify and focus user-readable on key behaviors profiles Technical User Profiles Profiles coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 8 / 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE &

EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE &

EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE & EXTENSIBLE REST API REST API Thierry Delprat td@nuxeo.com https://github.com/tiry/ AGENDA AGENDA Quick introduction provide some context API design

1.37k views • 75 slides
Exposing the Lack of Privacy in File Hos9ng Services Nick

Exposing the Lack of Privacy in File Hos9ng Services Nick

Exposing the Lack of Privacy in File Hos9ng Services Nick Nikiforakis Marco Balduzzi Steven Van Acker Wouter Joosen Davide BalzaroF Sharing is

876 views • 35 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017

A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017

4/18/18 A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017 Finding A Partner? Time at the end of class To seek out a classmate of similar interests To work together On the semester

393 views • 22 slides
Privacy General Privacy Rights Employers are permitted to monitor work- related use of

Privacy General Privacy Rights Employers are permitted to monitor work- related use of

April 5, 2019 Privacy General Privacy Rights Employers are permitted to monitor work- related use of electronically generated communications when monitoring serves a legitimate business interest. See Also: Stored Communications Act

451 views • 11 slides
S MART G EN : Exposing Server URLs of Mobile Apps with Selective Symbolic Execution Chaoshun Zuo

S MART G EN : Exposing Server URLs of Mobile Apps with Selective Symbolic Execution Chaoshun Zuo

Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References S MART G EN : Exposing Server URLs of Mobile Apps with Selective Symbolic Execution Chaoshun Zuo Zhiqiang Lin Department of Computer Science

620 views • 44 slides
UNDERSTANDING THE SCIENTIFIC METHOD ATI TEAS SCIENCE - THE SCIENTIFIC METHOD Questions related

UNDERSTANDING THE SCIENTIFIC METHOD ATI TEAS SCIENCE - THE SCIENTIFIC METHOD Questions related

ATI TEAS SCIENCE REVIEW UNDERSTANDING THE SCIENTIFIC METHOD ATI TEAS SCIENCE - THE SCIENTIFIC METHOD Questions related to the Scientific Method will test your familiarity of the steps and tools in the process of developing scientific

237 views • 9 slides
1 Privacy has become the mainstay of security We have loads of data that we freely give away via

1 Privacy has become the mainstay of security We have loads of data that we freely give away via

Introduction and welcome Two main topics: Security related Research related Theyre related but each has it own distinct requirements 1 Privacy has become the mainstay of security We have loads of data that we freely give away via web pages

448 views • 21 slides
On k -anonymity and the curse of dimensionality Introduction An important method for privacy

On k -anonymity and the curse of dimensionality Introduction An important method for privacy

Charu C. Aggarwal T J Watson Research Center IBM Corporation Hawthorne, NY USA On k -anonymity and the curse of dimensionality Introduction An important method for privacy preserving data mining is that of anonymization . In

985 views • 34 slides
ROOM TEMPERATURE FABRICATION OF FLEXIBLE DSSCS USING ELECTROSPRAY METHOD Horim Lee 1,2 , Daesub

ROOM TEMPERATURE FABRICATION OF FLEXIBLE DSSCS USING ELECTROSPRAY METHOD Horim Lee 1,2 , Daesub

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS ROOM TEMPERATURE FABRICATION OF FLEXIBLE DSSCS USING ELECTROSPRAY METHOD Horim Lee 1,2 , Daesub Hwang 2 , Yongsok Seo 1 , Dong Young Kim 2* 1 Advanced Functional Polymeric Materials Lab, Seoul

157 views • 4 slides
The boundary element method discretised with the space-time method for the heat equation in 2D 1

The boundary element method discretised with the space-time method for the heat equation in 2D 1

The boundary element method discretised with the space-time method for the heat equation in 2D 1 Kazuki Niino, Olaf Steinbach TU Graz 2 Background Space-time method for a BEM Flexible mesh Stability Large coefficient matrix

286 views • 27 slides
A Method to Compress and Anonymize Packet Traces Markus Peuhkuri 2001-11-02 Abstract Data

A Method to Compress and Anonymize Packet Traces Markus Peuhkuri 2001-11-02 Abstract Data

A Method to Compress and Anonymize Packet Traces Markus Peuhkuri 2001-11-02 Abstract Data volume and privacy issues are one of problems related to large-scale packet capture. Utilizing flow nature of

375 views • 3 slides
SKI: Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration Pedro Fonseca

SKI: Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration Pedro Fonseca

SKI: Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration Pedro Fonseca (MPI-SWS) Rodrigo Rodrigues Bjrn Brandenburg (MPI-SWS) (NOVA University of Lisbon) OSDI 2014 SKI: Exposing Kernel Concurrency Bugs

840 views • 67 slides
Checklist for Analytical Method Validation (Chemical) TEST ASSAY/RELATED SUBSTANCES PARAMETER

Checklist for Analytical Method Validation (Chemical) TEST ASSAY/RELATED SUBSTANCES PARAMETER

Checklist for Analytical Method Validation (Chemical) TEST ASSAY/RELATED SUBSTANCES PARAMETER No. DOCUMENTS REQUIRED AVAILABILITY 1 Testing Method 2 Acceptance criteria 3 Chromatogram/spectrum for following solutions:- a) Standard b)

287 views • 5 slides
Flexible Hardware Design at Flexible Hardware Design at Low Levels of Abstraction Low Levels of

Flexible Hardware Design at Flexible Hardware Design at Low Levels of Abstraction Low Levels of

Flexible Hardware Design at Flexible Hardware Design at Low Levels of Abstraction Low Levels of Abstraction Emil Axelsson Hardware Description and Verification May 2009 Why low-level? Why low-level? Related question: Why is some software

908 views • 51 slides
Standardized survival curves and related measures using flexible parametric survival models Paul

Standardized survival curves and related measures using flexible parametric survival models Paul

Standardized survival curves and related measures using flexible parametric survival models Paul C Lambert 1,2 1 Department of Medical Epidemiology and Biostatistics, Karolinska Institutet, Stockholm, Sweden 2 Department of Health Sciences,

650 views • 43 slides
REFA Education Program Zoning Practice Outside of Boston September 19, 2013 Robert A. Fishman,

REFA Education Program Zoning Practice Outside of Boston September 19, 2013 Robert A. Fishman,

REFA Education Program Zoning Practice Outside of Boston September 19, 2013 Robert A. Fishman, Partner Chair, Real Estate Development and Land Use Group Nutter McClennen & Fish LLP Seaport West 155 Seaport Boulevard Boston, Massachusetts

317 views • 15 slides
Environmental Litigation Update: Florida v. Georgia & Florida Water and Land Conservation

Environmental Litigation Update: Florida v. Georgia & Florida Water and Land Conservation

Environmental Litigation Update: Florida v. Georgia & Florida Water and Land Conservation Initiative Environmental and Land Use Law Section of the Florida Bar August 28, 2018 Frederick L. Aschauer, Jr. Lewis, Longman & Walker, P.A.

592 views • 32 slides
PROPERTIES OF SUCCESS MAY 14, 2008 Q1 - 2008 INVESTOR PRESENTATION FORWARD-LOOKING DISCLAIMER

PROPERTIES OF SUCCESS MAY 14, 2008 Q1 - 2008 INVESTOR PRESENTATION FORWARD-LOOKING DISCLAIMER

PROPERTIES OF SUCCESS MAY 14, 2008 Q1 - 2008 INVESTOR PRESENTATION FORWARD-LOOKING DISCLAIMER Certain information included in this presentation contains forward-looking statements within the meaning of applicable securities laws. For this

349 views • 33 slides
2017 Q4 Investor Presentation April 2018 DISCIPLINED INVESTING CAPITAL PRESERVATION Overview

2017 Q4 Investor Presentation April 2018 DISCIPLINED INVESTING CAPITAL PRESERVATION Overview

Firm Capital Property Trust REAL ESTATE EQUITY PARTNERS 2017 Q4 Investor Presentation April 2018 DISCIPLINED INVESTING CAPITAL PRESERVATION Overview Firm Capital Property Trust (FCPT) is a publicly (TSXV) listed REIT, designed

432 views • 20 slides
Supreme Court Provides Clarity for Plan February 2009 Administrators Paying ERISA Benefits in

Supreme Court Provides Clarity for Plan February 2009 Administrators Paying ERISA Benefits in

Supreme Court Provides Clarity for Plan February 2009 Administrators Paying ERISA Benefits in Practice Group(s): Employee Benefits Divorce Employee Stock Ownership Plans The Supreme Court has recently provided some much needed clarity for

455 views • 3 slides
OPPORTUNITY ZONES PROGRAM Department of Economic Development and Commerce Our Economy

OPPORTUNITY ZONES PROGRAM Department of Economic Development and Commerce Our Economy

OPPORTUNITY ZONES PROGRAM Department of Economic Development and Commerce Our Economy Strategic Objective: Grow and diversify our economy Gross Domestic Product Share by Main Economic Sector Fiscal Year 2019 GNP $68.0 billion Construction

897 views • 30 slides
Committees and Board Roles and Responsibilities September 13, 2016 What is a Watermaster?

Committees and Board Roles and Responsibilities September 13, 2016 What is a Watermaster?

Committees and Board Roles and Responsibilities September 13, 2016 What is a Watermaster? Extension of the Court and administers the court decree. Special master with unique qualifications or subject matter expertise. May be imposed

515 views • 20 slides
THE SECOND MISSION Jonah is called again Jonah responds to Gods call Ninevehs

THE SECOND MISSION Jonah is called again Jonah responds to Gods call Ninevehs

THE SECOND MISSION Jonah is called again Jonah responds to Gods call Ninevehs change of heart The decree & hope of the king Gods response JONAH IS CALLED AGAIN The word of the LORD came to Jonah a second time,

464 views • 20 slides

More recommend