Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

SoK: Lessons Learned from Android Security Research For Appified Software Platforms

 
: Acar, Yasemin; Backes, Michael; Bugiel, Sven; Fahl, Sascha; McDaniel, Patrick; Smith, Matthew

:

Locasto, M. ; Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society, Technical Committee on Security and Privacy:
IEEE Symposium on Security and Privacy, SP 2016. Proceedings : 23-25 May 2016, San Jose, California, USA
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2016
ISBN: 978-1-5090-0824-7
ISBN: 978-1-5090-0825-4
ISBN: 978-1-5090-0823-0
S.433-451
Symposium on Security and Privacy (SP) <37, 2016, San Jose/Calif.>
Englisch
Konferenzbeitrag
Fraunhofer FKIE ()

Abstract
Android security and privacy research has boomed in recent years, far outstripping investigations of other appified platforms. However, despite this attention, research efforts are fragmented and lack any coherent evaluation framework. We present a systematization of Android security and privacy research with a focus on the appification of software systems. To put Android security and privacy research into context, we compare the concept of appification with conventional operating system and software ecosystems. While appification has improved some issues (e.g., market access and usability), it has also introduced a whole range of new problems and aggravated some problems of the old ecosystems (e.g., coarse and unclear policy, poor software development practices). Some of our key findings are that contemporary research frequently stays on the beaten path instead of following unconventional and often promising new routes. Many security and privacy proposals focus entirely on the Android OS and do not take advantage of the unique features and actors of an appified ecosystem, which could be used to roll out new security mechanisms less disruptively. Our work highlights areas that have received the larger shares of attention, which attacker models were addressed, who is the target, and who has the capabilities and incentives to implement the countermeasures. We conclude with lessons learned from comparing the appified with the old world, shedding light on missed opportunities and proposing directions for future research.

: http://publica.fraunhofer.de/dokumente/N-540900.html