Spartan Jester: End-to-end information flow control for hybrid android applications

Julian Sexton, Andrey Chudnov, David A. Naumann

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

Web-based applications are attractive due to their portability. To leverage that, many mobile applications are hybrid, incorporating a web component that implements most of their functionality. While solutions for enforcing security exist for both mobile and web applications, enforcing and reasoning about the security of their combinations is difficult. We argue for a combination of static and dynamic analysis for assurance of end-to-end confidentiality in hybrid apps. We show how information flows in hybrid Android applications can be secured through use of SPARTA, a static analyzer for Android/Java, and JEST, a dynamic monitor for JavaScript, connected by a compatibility layer that translates policies and value representations. This paper reports on our preliminary investigation using a case study.

Original languageEnglish
Title of host publicationProceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017
Pages157-162
Number of pages6
ISBN (Electronic)9781538619674
DOIs
StatePublished - 19 Dec 2017
Event12th IEEE Symposium on Security and Privacy Workshops, SPW 2017 - San Jose, United States
Duration: 25 May 2017 → …

Publication series

NameProceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017
Volume2017-December

Conference

Conference12th IEEE Symposium on Security and Privacy Workshops, SPW 2017
Country/TerritoryUnited States
CitySan Jose
Period25/05/17 → …

Fingerprint

Dive into the research topics of 'Spartan Jester: End-to-end information flow control for hybrid android applications'. Together they form a unique fingerprint.

Cite this