TY - GEN
T1 - Spartan Jester
T2 - 12th IEEE Symposium on Security and Privacy Workshops, SPW 2017
AU - Sexton, Julian
AU - Chudnov, Andrey
AU - Naumann, David A.
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/12/19
Y1 - 2017/12/19
N2 - Web-based applications are attractive due to their portability. To leverage that, many mobile applications are hybrid, incorporating a web component that implements most of their functionality. While solutions for enforcing security exist for both mobile and web applications, enforcing and reasoning about the security of their combinations is difficult. We argue for a combination of static and dynamic analysis for assurance of end-to-end confidentiality in hybrid apps. We show how information flows in hybrid Android applications can be secured through use of SPARTA, a static analyzer for Android/Java, and JEST, a dynamic monitor for JavaScript, connected by a compatibility layer that translates policies and value representations. This paper reports on our preliminary investigation using a case study.
AB - Web-based applications are attractive due to their portability. To leverage that, many mobile applications are hybrid, incorporating a web component that implements most of their functionality. While solutions for enforcing security exist for both mobile and web applications, enforcing and reasoning about the security of their combinations is difficult. We argue for a combination of static and dynamic analysis for assurance of end-to-end confidentiality in hybrid apps. We show how information flows in hybrid Android applications can be secured through use of SPARTA, a static analyzer for Android/Java, and JEST, a dynamic monitor for JavaScript, connected by a compatibility layer that translates policies and value representations. This paper reports on our preliminary investigation using a case study.
UR - http://www.scopus.com/inward/record.url?scp=85048333075&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85048333075&partnerID=8YFLogxK
U2 - 10.1109/SPW.2017.15
DO - 10.1109/SPW.2017.15
M3 - Conference contribution
AN - SCOPUS:85048333075
T3 - Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017
SP - 157
EP - 162
BT - Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017
Y2 - 25 May 2017
ER -