We introduce an enhanced information-flow analysis for tracking the amount of confidential data that is possibly released to third parties by a mobile application. The main novelty of our solution is that it can explicitly keep track of the footprint of data sources in the expressions formed and manipulated by the program, as well as of transformations over them, yielding a lazy approach with finer granularity, which may reduce false positives with respect to state-of-the-art information-flow analyses.

Datacentric Semantics for Verification of Privacy Policy Compliance by Mobile Applications

CORTESI, Agostino;Ferrara, Pietro;
2015-01-01

Abstract

We introduce an enhanced information-flow analysis for tracking the amount of confidential data that is possibly released to third parties by a mobile application. The main novelty of our solution is that it can explicitly keep track of the footprint of data sources in the expressions formed and manipulated by the program, as well as of transformations over them, yielding a lazy approach with finer granularity, which may reduce false positives with respect to state-of-the-art information-flow analyses.
2015
Verification, Model Checking, and Abstract Interpretation
4.1 Articolo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
CortesiVMCAI2015.pdf

non disponibili

Descrizione: articolo principale
Tipologia: Documento in Post-print
Licenza: Accesso chiuso-personale
Dimensione 439.83 kB
Formato Adobe PDF
  Visualizza/Apri
439.83 kB Adobe PDF   Visualizza/Apri

I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10278/3661631
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 16
  • ???jsp.display-item.citation.isi??? 13
social impact