|
[1] Google terms of service. http://www.google.com/intl/en/policies/terms/. [2] Android developer distribution agreement. http://www.android.com/us/developerdistribution-agreement.html. [3] P. Gilbert, B.G. Chun, L.P. Cox, and J. Jung. Vision: automated security validation of mobile apps at app markets In Acm, editor, Proceedings of the second international workshop on Mobile cloud computing and services, pages 21–26, 2011. [4] Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In Proceedings of the 19th Annual Network and Distributed System Security Symposium, 2012. [5] A.-D. Schmidt, H.-G. Schmidt, L. Batyuk, J.H. Clausen, S.A. Camtepe, S. Albayrak, and C. Yildizli. Smartphone malware evolution revisited: Android next target? In Proceedings of the 4th IEEE International Conference on Malicious and Unwanted Software (Malware 2009), pages 1–7. Ieee, 2009. [6] Aubrey-Derrick Schmidt and Sahin Albayrak. Malicious software for smartphones. technical report tub-dai 02/08-01. Technical report, 2008. [7] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.R. Sadeghi, and B. Shastry. Towards taming privilege-escalation attacks on android. In Proc. of the 19th Network and Distributed System Security Symposium (NDSS 2012), San Diego, CA, 2012. [8] L. Davi, A. Dmitrienko, A.R. Sadeghi, and M. Winandy. Privilege escalation attacks on android. Information Security, pages 346–360, 2011. [9] W. Enck, P. Gilbert, B.G. Chun, L.P. Cox, J. Jung, P. McDaniel, and A.N. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In USENIX Association, editor, Proceedings of the 9th USENIX conference on Operating systems design and implementation, pages 1–6, 2010. [10] C. Gibler, J. Crussell, J. Erickson, and H. Chen. Androidleaks: Automatically detecting potential privacy leaks in android applications on a large scale. Trust and Trustworthy Computing, pages 291–307, 2012. [11] A. Takanen, J. DeMott, and C. Miller. Fuzzing for software security testing and quality assurance. Artech House, 2008. [12] Android testing framework. http://developer.android.com/tools/testing/testingandroid.html. [13] Android instrumentation framework – junit. http://developer.android.com/tools/testing/testingandroid. [14] Ui/application exerciser monkey. http://developer.android.com/tools/help/monkey.html. [15] Solution center for android – arm. http://www.arm.com/community/softwareenablement/google/solution-center-android/. [16] D. Bornstein. Dalvik vm internals. In Google I/O Developer Conference, volume 23, pages 17–30, 2008. [17] Inc. Juniper Networks. Malicious mobile threats report 2010/2011. Technical report. [18] http://developer.android.com/guide/topics/security/permissions.html. [19] http://developer.android.com/reference/android/Manifest.permission.html. [20] z4root. http://forum.xda-developers.com/showthread.php?t=833953. [21] Superuser. http://forum.xda-developers.com/showthread.php?t=682828, https://play.google.com/store/apps/details?id=com.noshufou.android.su. [22] Android wargame. http://140.113.87.234/. [23] W. Uzgalis and E. Zalta. The stanford encyclopedia of philosophy. The Stanford Encyclopedia of Philosophy, 2008. [24] Andreas Kirchner. Data leak detection in smartphone application. 2011. [25] White-box testing – wikipedia. http://en.wikipedia.org/wiki/White-boxtesting. [26] P. Godefroid. Random testing for security: blackbox vs. whitebox fuzzing. In Proceedings of the 2nd international workshop on Random testing: co-located with the 22nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2007), Rt a07, page 1, New York, NY, USA, 2007. Acm. [27] J.C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385–394, 1976. [28] Po-Yen Huang. Automated exploit generation for control-flow hijacking attacks. 2011. [29] Wai-Meng Leong. Automaticweb testing and attack generation. 2012. [30] Findbugs. http://findbugs.sourceforge.net/. [31] Pmd. http://pmd.sourceforge.net/pmd-5.0.0/. [32] Eclipse – static analysis. http://wiki.eclipse.org/CDT/designs/StaticAnalysis. [33] Emma: a free java code coverage tool. http://emma.sourceforge.net/. [34] V. Chipounov, V. Kuznetsov, and G. Candea. S2e: a platform for in-vivo multi-path analysis of software systems. SIGPLAN Not., 46(3):265–278, 2011. [35] Android-x86 project. http://www.android-x86.org/. [36] F. Bellard. Qemu, a fast and portable dynamic translator. In Proceedings of the annual conference on USENIX Annual Technical Conference, Atec a05, page 41, Berkeley, CA, USA, 2005. USENIX Association. [37] C. Cadar, D. Dunbar, and D. Engler. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In USENIX Association, editor, Proceedings of the 8th USENIX conference on Operating systems design and implementation, pages 209–224, 2008. [38] Cortex-a9 processor. http://www.arm.com/products/processors/cortex-a/cortexa9.php. [39] Goldfish. http://elinux.org/AndroidonOMAP#Goldfish. [40] Vishal Kanaujia. Virtual machines for abstraction: The dalvik vm. http://www.linuxforu.com/2011/06/virtual-machines-for-abstraction-dalvik-vm/. [41] G. Candea, S. Bucur, and C. Zamfir. Automated software testing as a service. In Proceedings of the 1st ACM symposium on Cloud computing, SoCC a10, pages 155–160, New York, NY, USA, 2010. Acm.
|