Cassandra: Towards a certifying app store for android

Publikationstyp
Conference Paper
Date Issued
2014-11-07
Sprache
English
Author(s)
Lortz, Steffen  
Mantel, Heiko 
Starostin, Artem  
Bähr, Timo  
Schneider, David  
Weber, Alexandra  
TORE-URI
http://hdl.handle.net/11420/13863
Start Page
93
End Page
104
Citation
4th ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2014)
Contribution to Conference
4th ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2014  
Publisher DOI
10.1145/2666620.2666631
Scopus ID
2-s2.0-84937544350
Publisher
ACM
ISBN of container
978-1-4503-3155-5
Modern mobile devices store and process an abundance of data. Although many users consider some of this data as private, they do not yet obtain satisfactory support for con- Trolling what applications might do with their data. In this article, we propose Cassandra, a tool that enables users of mobile devices to check whether Android apps comply with their personal privacy requirements before in- stalling these apps. Beyond this, Cassandra implements the core functionality of a conventional app store, including the browsing of available apps and the delivery of apps for instalation. Cassandra performs the security analysis of apps on a server. However, a user does not need to trust this server be- cause Cassandra employs the proof-carrying code paradigm such that the server's analysis result can be validated on the client. We have proven that Cassandra's security analysis soundly detects all potential information leaks, i.e., allows of information that violate a user's privacy policy.
Subjects
Mobility
Proof-carrying code
Software security
DDC Class
004: Informatik