A static analysis is presented, based on the theory of abstract interpretation, for verifying privacy policy compliance by mobile applications. This includes instances where, for example, the application releases the user’s location or device ID without authorization. It properly extends previous work on datacentric semantics for verification of privacy policy compliance by mobile applications by (i) tracking implicit information flow, and (ii) performing a quantitative analysis of information leakage. This yields to a novel combination of qualitative and quantitative analyses of information flows in mobile applications.
Privacy Analysis of Android Apps: Implicit Flows and Quantitative Analysis
CORTESI, Agostino;Ferrara, Pietro;
2015-01-01
Abstract
A static analysis is presented, based on the theory of abstract interpretation, for verifying privacy policy compliance by mobile applications. This includes instances where, for example, the application releases the user’s location or device ID without authorization. It properly extends previous work on datacentric semantics for verification of privacy policy compliance by mobile applications by (i) tracking implicit information flow, and (ii) performing a quantitative analysis of information leakage. This yields to a novel combination of qualitative and quantitative analyses of information flows in mobile applications.
| File | Dimensione | Formato | |
|---|---|---|---|
|
cisim15_barbon.pdf
non disponibili
Descrizione: articolo principale
Tipologia:
Documento in Post-print
Licenza:
Accesso chiuso-personale
Dimensione
356.64 kB
Formato
Adobe PDF
|
356.64 kB | Adobe PDF | Visualizza/Apri |
I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
