Bytecode instrumentation mechanism for monitoring mobile application information flow

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

Mobile applications are monitored for performance check or tested for error correctness in respect of particular security properties. The more sensitive the information such as credit card, personal medical and private information processed by mobile app, the more important to observe and check the flow of the information during mobile app execution. Monitoring untrusted mobile app to verify there is no information flow during the runtime of mobile app in an environment, where critical information are existed, are very difficult. This paper concerned with the observation of information flow of untrusted mobile app at runtime. The paper presents first part (Observe points) of framework called observing untrusted app execution to control information flow with the aim of supporting user interaction to change app behaviour. This paper presents all necessary instrumentation algorithms of Java bytecode and discusses the prototype implementation of new bytecode instrumentation mechanism for observing information flow during runtime.

Original languageEnglish
Pages (from-to)191-206
Number of pages16
JournalInternational Journal of Security and Networks
Volume10
Issue number3
DOIs
Publication statusPublished - Sep 1 2015

Fingerprint

Application programs
Monitoring

Keywords

  • Information flow
  • Instrumentation
  • Java bytecode
  • Mobile apps

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Cite this

Bytecode instrumentation mechanism for monitoring mobile application information flow. / Sarrab, Mohamed.

In: International Journal of Security and Networks, Vol. 10, No. 3, 01.09.2015, p. 191-206.

Research output: Contribution to journalArticle

@article{cc9e42e17aed4a48b12621869bef9157,
title = "Bytecode instrumentation mechanism for monitoring mobile application information flow",
abstract = "Mobile applications are monitored for performance check or tested for error correctness in respect of particular security properties. The more sensitive the information such as credit card, personal medical and private information processed by mobile app, the more important to observe and check the flow of the information during mobile app execution. Monitoring untrusted mobile app to verify there is no information flow during the runtime of mobile app in an environment, where critical information are existed, are very difficult. This paper concerned with the observation of information flow of untrusted mobile app at runtime. The paper presents first part (Observe points) of framework called observing untrusted app execution to control information flow with the aim of supporting user interaction to change app behaviour. This paper presents all necessary instrumentation algorithms of Java bytecode and discusses the prototype implementation of new bytecode instrumentation mechanism for observing information flow during runtime.",
keywords = "Information flow, Instrumentation, Java bytecode, Mobile apps",
author = "Mohamed Sarrab",
year = "2015",
month = "9",
day = "1",
doi = "10.1504/IJSN.2015.071835",
language = "English",
volume = "10",
pages = "191--206",
journal = "International Journal of Security and Networks",
issn = "1747-8405",
publisher = "Inderscience Enterprises Ltd",
number = "3",

}

TY - JOUR

T1 - Bytecode instrumentation mechanism for monitoring mobile application information flow

AU - Sarrab, Mohamed

PY - 2015/9/1

Y1 - 2015/9/1

N2 - Mobile applications are monitored for performance check or tested for error correctness in respect of particular security properties. The more sensitive the information such as credit card, personal medical and private information processed by mobile app, the more important to observe and check the flow of the information during mobile app execution. Monitoring untrusted mobile app to verify there is no information flow during the runtime of mobile app in an environment, where critical information are existed, are very difficult. This paper concerned with the observation of information flow of untrusted mobile app at runtime. The paper presents first part (Observe points) of framework called observing untrusted app execution to control information flow with the aim of supporting user interaction to change app behaviour. This paper presents all necessary instrumentation algorithms of Java bytecode and discusses the prototype implementation of new bytecode instrumentation mechanism for observing information flow during runtime.

AB - Mobile applications are monitored for performance check or tested for error correctness in respect of particular security properties. The more sensitive the information such as credit card, personal medical and private information processed by mobile app, the more important to observe and check the flow of the information during mobile app execution. Monitoring untrusted mobile app to verify there is no information flow during the runtime of mobile app in an environment, where critical information are existed, are very difficult. This paper concerned with the observation of information flow of untrusted mobile app at runtime. The paper presents first part (Observe points) of framework called observing untrusted app execution to control information flow with the aim of supporting user interaction to change app behaviour. This paper presents all necessary instrumentation algorithms of Java bytecode and discusses the prototype implementation of new bytecode instrumentation mechanism for observing information flow during runtime.

KW - Information flow

KW - Instrumentation

KW - Java bytecode

KW - Mobile apps

UR - http://www.scopus.com/inward/record.url?scp=84942306777&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84942306777&partnerID=8YFLogxK

U2 - 10.1504/IJSN.2015.071835

DO - 10.1504/IJSN.2015.071835

M3 - Article

VL - 10

SP - 191

EP - 206

JO - International Journal of Security and Networks

JF - International Journal of Security and Networks

SN - 1747-8405

IS - 3

ER -