Blogs (1) >>
ASE 2019
Sun 10 - Fri 15 November 2019 San Diego, California, United States
ASE 2019 (series) / A-Mobile 2019 (series) / A-Mobile 2019 /

SeMA: A Design Methodology for Building Secure Android Apps

Joydeep Mitra, Venkatesh-Prasad Ranganath
A-Mobile 2019
Mon 11 Nov 2019 15:00 - 15:30 at Cortez 1B - SESSION II

UX (user experience) designers visually capture the UX of an app via storyboards. This method is also used in Android app development to conceptualize and design apps.

Recently, security has become an integral part of Android app UX because mobile apps are used to perform critical activities such as banking, communication, and health. Therefore, securing user information is imperative in mobile apps.

In this context, storyboarding tools offer limited capabilities to capture and reason about the security requirements of an app. Consequently, security cannot be baked into the app at design time. Hence, vulnerabilities stemming from design flaws can often occur in apps. To address this concern, in this paper, we propose a storyboard based design methodology to enable the specification and verification of security properties of an Android app at design time.

https://arxiv.org/abs/1902.10056
small-avatar
Joydeep Mitra
Kansas State University
United States
small-avatar
Venkatesh-Prasad Ranganath
Kansas State University

Mon 11 Nov

a-mobile-2019-papers
14:00 - 15:30: A-Mobile 2019 - SESSION II at Cortez 1B
a-mobile-2019-papers14:00 - 14:30
Talk		Automated Support for Testing and Maintenance of Mobile Applications
Mattia FazziniUniversity of Minnesota
a-mobile-2019-papers14:30 - 15:00
Research paper		Automatic Components Separation of Obfuscated Android Applications: An Empirical Study of Design Based Features
Amit Kumar Mondal, Chanchal K. RoyUniversity of Saskatchewan, Banani RoyUniversity of Saskatchewan, Kevin SchneiderUniversity of Saskatchewan
a-mobile-2019-papers15:00 - 15:30
Research paper		SeMA: A Design Methodology for Building Secure Android Apps
Joydeep MitraKansas State University, Venkatesh-Prasad RanganathKansas State University
Pre-print Media Attached

Automated Support for Testing and Maintenance of Mobile Applications A-Mobile 2019

Session: SESSION II

Mattia Fazzini
Mattia Fazzini
University of Minnesota
United States
All Details Close

Automatic Components Separation of Obfuscated Android Applications: An Empirical Study of Design Based Features A-Mobile 2019

Session: SESSION II

In modern days, mobile applications (apps) have become omnipresent. Components of mobile apps (such as 3rd party libraries) require to be separated and analyzed differently for security issue detection, repackaged app detection, tumor code purification and so on. Various techniques are available to automatically analyze mobile apps. However, analysis of the app’s executable binary remains challenging due to required curated database, large codebases and obfuscation. Considering these, we focus on exploring a versatile technique to separate different components with designed based features independent of code obfuscation. Particularly, we conducted an empirical study using design patterns and fuzzy signatures to separate programming design components such as 3rd party libraries. In doing so, we have built a system for automatically extracting design patterns from both the executable package (APK) and Jar of an Android application. We have experimented the relationship and impact of design patterns in 3rd party libraries, usual apps and Android malware. The experimental outcome with various standard datasets containing obfuscated apps and malwares reveals that design features like these are present significantly within them (within 60% APKs including malware). Moreover, these features remain unaltered even after app obfuscation. Finally, as a case study, we have shown that the design patterns alone can detect 3rd party libraries within the obfuscated apps considerably (F1 score is 32%). Overall, our empirical study reveals that design features might play a versatile role in separating various Android components for various purposes.

small-avatar
Amit Kumar Mondal
Chanchal K. Roy
Chanchal K. Roy
University of Saskatchewan
Canada
small-avatar
Banani Roy
University of Saskatchewan
small-avatar
Kevin Schneider
University of Saskatchewan
All Details Close

SeMA: A Design Methodology for Building Secure Android Apps A-Mobile 2019

Session: SESSION II

UX (user experience) designers visually capture the UX of an app via storyboards. This method is also used in Android app development to conceptualize and design apps.

Recently, security has become an integral part of Android app UX because mobile apps are used to perform critical activities such as banking, communication, and health. Therefore, securing user information is imperative in mobile apps.

In this context, storyboarding tools offer limited capabilities to capture and reason about the security requirements of an app. Consequently, security cannot be baked into the app at design time. Hence, vulnerabilities stemming from design flaws can often occur in apps. To address this concern, in this paper, we propose a storyboard based design methodology to enable the specification and verification of security properties of an Android app at design time.

small-avatar
Joydeep Mitra
Kansas State University
United States
small-avatar
Venkatesh-Prasad Ranganath
Kansas State University
All Details Close