(2016) SoK: Lessons Learned From Android Security Research For Appified Software Platforms.
|
Text
androidsok-sp16.pdf - Published Version Download (255kB) | Preview |
Abstract
Android security and privacy research has boomed in recent years, far outstripping investigations of other appified platforms. However, despite this attention, research efforts are fragmented and lack any coherent evaluation framework. We present a systematization of Android security and privacy research with a focus on the appification of software systems. To put Android security and privacy research into context, we compare the concept of appification with conventional operating system and software ecosystems. While appification has improved some issues (e.g., market access and usability), it has also introduced a whole range of new problems and aggravated some problems of the old ecosystems (e.g., coarse and unclear policy, poor software development practices). Some of our key findings are that contemporary research frequently stays on the beaten path instead of following unconventional and often promising new routes. Many security and privacy proposals focus entirely on the Android OS and do not take advantage of the unique features and actors of an appified ecosystem, which could be used to roll out new security mechanisms less disruptively. Our work highlights areas that have received the larger shares of attention, which attacker models were addressed, who is the target, and who has the capabilities and incentives to implement the countermeasures. We conclude with lessons learned from comparing the appified with the old world, shedding light on missed opportunities and proposing directions for future research.
Item Type: | Conference or Workshop Item (A Paper) (Paper) |
---|---|
Additional Information: | pub_id: 785 Bibtex: androidsok:sp16 URL date: None |
Divisions: | Michael Backes (InfSec) |
Conference: | SP IEEE Symposium on Security and Privacy |
Depositing User: | Sebastian Weisgerber |
Date Deposited: | 26 Jul 2017 10:32 |
Last Modified: | 18 Jul 2019 12:11 |
Primary Research Area: | NRA4: Secure Mobile and Autonomous Systems |
URI: | https://publications.cispa.saarland/id/eprint/911 |
Actions
Actions (login required)
View Item |