Options
Cassandra: Towards a certifying app store for android
Publikationstyp
Conference Paper
Date Issued
2014-11-07
Sprache
English
Author(s)
Start Page
93
End Page
104
Citation
4th ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2014)
Contribution to Conference
Publisher DOI
Scopus ID
Publisher
ACM
Modern mobile devices store and process an abundance of data. Although many users consider some of this data as private, they do not yet obtain satisfactory support for con- Trolling what applications might do with their data. In this article, we propose Cassandra, a tool that enables users of mobile devices to check whether Android apps comply with their personal privacy requirements before in- stalling these apps. Beyond this, Cassandra implements the core functionality of a conventional app store, including the browsing of available apps and the delivery of apps for instalation. Cassandra performs the security analysis of apps on a server. However, a user does not need to trust this server be- cause Cassandra employs the proof-carrying code paradigm such that the server's analysis result can be validated on the client. We have proven that Cassandra's security analysis soundly detects all potential information leaks, i.e., allows of information that violate a user's privacy policy.
Subjects
Mobility
Proof-carrying code
Software security
DDC Class
004: Informatik