Works (6)

Updated: July 5th, 2023 15:38

2021 article

Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem

28TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2021).

By: C. Lentzsch*, S. Shah n, B. Andow*, M. Degeling*, A. Das n & W. Enck n

TL;DR: The first large-scale analysis of Alexa skills is performed, obtained from seven different skill stores totaling to 90,194 unique skills, revealing several limitations that exist in the current skill vetting process and providing some suggestions for strengthening the overall ecosystem and thereby enhance transparency for end-users. (via Semantic Scholar)
Sources: Web Of Science, ORCID
Added: August 30, 2021

2019 article

ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware

PROCEEDINGS OF THE NINTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY '19), pp. 25–36.

By: S. Gorski n, B. Andow n, A. Nadkarni*, S. Manandhar*, W. Enck n, E. Bodden*, A. Bartel*

TL;DR: This paper proposes Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks, and uses ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Sources: Web Of Science, ORCID
Added: July 1, 2019

2016 article

A Study of Grayware on Google Play

2016 IEEE SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (SPW 2016), pp. 224–233.

By: B. Andow n, A. Nadkarni n, B. Bassett*, W. Enck n & T. Xie*

Event: IEEE

TL;DR: It is hypothesized enhancing analysis with text analytics can effectively reduce human effort when triaging grayware, and it is shown how even relatively simple heuristics can quickly triage apps that take advantage of users in an undesirable way. (via Semantic Scholar)
Sources: Web Of Science, ORCID
Added: August 6, 2018

2016 journal article

A Study of Security Isolation Techniques

ACM COMPUTING SURVEYS, 49(3).

By: R. Shu n, P. Wang n, S. Gorski n, B. Andow n, A. Nadkarni n, L. Deshotels n, J. Gionta n, W. Enck n, X. Gu n

author keywords: Security isolation; access control; resilient architectures
TL;DR: This article provides a hierarchical classification structure for grouping different security isolation techniques by systematically classifying different approaches and analyzing their properties. (via Semantic Scholar)
Sources: Web Of Science, ORCID
Added: August 6, 2018

2016 conference paper

Practical DIFC enforcement on android

Proceedings of the 25th USENIX Security Symposium, 1119–1136.

By: A. Nadkarni, B. Andow, W. Enck & S. Jha

Source: NC State University Libraries
Added: August 6, 2018

2015 article

AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context

2015 IEEE/ACM 37TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, VOL 1, Vol. 1, pp. 303–313.

By: W. Yang*, X. Xiao*, B. Andow n, S. Li*, T. Xie* & W. Enck n

Event: IEEE

TL;DR: This work introduces AppContext, an approach of static program analysis that extracts the contexts of security-sensitive behaviors to assist app analysis in differentiating between malicious and benign behaviors. (via Semantic Scholar)
Sources: Web Of Science, ORCID
Added: August 6, 2018

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2024) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.