Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
184 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

DCert: Find the Leak in Your Pocket (1808.02103v1)

Published 3 Aug 2018 in cs.SE, cs.CR, and cs.PL

Abstract: Static data-flow analysis has proven its effectiveness in assessing security of applications. One major challenge it faces is scalability to large software. This issue is even exacerbated when additional limitations on computing and storage resources are imposed, as is the case for mobile devices. In such cases the analysis is performed on a conventional computer. This poses two problems. First, a man-in-the-middle attack can tamper with an analyzed application. So once on the mobile device, what guarantees that the actual version is not corrupt. Second, the analysis itself might be broken leading to an erroneous result. As a solution, we present DCert a tool for checking and certifying data-flow properties that consists of two components: a (heavy- weight) analyzer and a (lightweight) checker. The analyzer is deployed on a conventional computer. It verifies the conformance of a given application to a specified policy and generates a certificate attesting the validity of the analysis result. It suffices then for the checker, on a mobile device, to perform a linear pass in the application size to validate or refute the certificate as well as the policy. This allows us to separate the verification and the checking process while ensuring a trust relationship between them via the certificate. We describe DCert and report on experimental results obtained for real-world applications.

Summary

We haven't generated a summary for this paper yet.