@inproceedings{f95a1dce0c4b43f0b0097cd6c3dd2880,
title = "On the effectiveness of API-level access control using bytecode rewriting in Android",
abstract = "Bytecode rewriting on Android applications has been widely adopted to implement fine-grained access control. It endows more flexibility and convenience without modifying the Android platform. Bytecode rewriting uses static analysis to identify the usage of security-sensitive API methods, before it instruments the bytecode to control the access to these API calls. Due to the significance of this technique, the effectiveness of its performance in providing fine-grained access control is crucial. We have provided a systematic evaluation to assess the effectiveness of API-level access control using bytecode rewriting on Android Operating System. In our evaluation, we have identified a number of potential attacks targeted at incomplete implementations of bytecode rewriting on Android OS, which can be applied to bypass access control imposed by bytecode rewriter. These attacks can either bypass the API-level access control or make such access control difficult to implement, exposing weak links in the bytecode rewriting process. Recommendations on engineering secure bytecode rewriting tools are presented based on the identified attacks. This work is the first systematic study on the effectiveness of using bytecode rewriting for API-level access control.",
keywords = "Android, access control, bytecode rewriting",
author = "Hao Hao and Vicky Singh and Wenliang Du",
year = "2013",
doi = "10.1145/2484313.2484317",
language = "English (US)",
isbn = "9781450317672",
series = "ASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security",
pages = "25--36",
booktitle = "ASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security",
note = "8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013 ; Conference date: 08-05-2013 Through 10-05-2013",
}