Paper Summary on Mobile Security in 2013

Paper Summary on Mobile Security in 2013Discovering new research topics

Bob Mingshen Sun

[email protected]

October 30, 2014

Conference Coverage

0 paper in S&P 14 (May 19-22)5 papers in USENIX Sec 14 (Aug 14-16)5 papers in CCS 14 (Nov 4-8)5 papers in ACSAC 14 (Aug 14-16)

Bob (CUHK) Paper Summaries October 30, 2014 2 / 93

Summary Template

Take-away Message: One take-away message.Motivation: Why doesn’t the people problem/technical problem have a trivial solution? Whyare the previous solutions and why are they inadequate?Proposed Solution: Why is it believed it will work? How does it represent an improvement?How is the solution achieved?Evaluation: What logic, argument, evidence, artifacts(e.g., a proof-of-concept system),orexperiments are presented in support of the idea? Analysis Is this a good idea? What flaws doyou perceive in the work?What are the most interesting or controversial ideas? For work thathas practical implications, ask whether this will work,who would want it, what it will take togive it to them, and when might it become a reality?Contributions: Ideas, methods, software, experimental results, experimental techniques…?Directions: author’s and yours, perhaps driven by shortcomings or other critiquesQuestions: What questions would you like to raise in an open discussion of the work(reviewinteresting and controversial points, above)? What do you find difficult to understand? List asmany as you can.


Outline I

1 USENIX Security ’13Securing Embedded User Interfaces: Android and BeyondAutomatic Mediation of Privacy-Sensitive Resource Access in Smartphone ApplicationsFlexible and Fine-grained Mandatory Access Control on Android for Diverse Security andPrivacy PoliciesWHYPER: Towards Automating Risk Assessment of Mobile ApplicationsJekyll on iOS: When Benign Apps Become Evil

2 CCS ’13The Impact of Vendor Customizations on Android SecurityUnauthorized Origin Crossing on Mobile Platforms: Threats and MitigationIdentity, Location, Disease and More: Inferring Your Secrets from Android PublicResourcesVetting Undesirable Behaviors in Android Apps with Permission Use AnalysisAppIntent: Analyzing Sensitive Data Transmission in Android for Privacy LeakageDetection

3 ACSAC ’13Bob (CUHK) Paper Summaries October 30, 2014 4 / 93

Outline II

PatchDroid: Scalable Third-Party Security Patches for Android DevicesAFrame: Isolating Advertisements from Mobile Applications in AndroidThe Man Who Was There: Validating Check-ins in Location-Based ServicesFireDroid: Hardening Security in Almost-Stock Android


Securing Embedded User Interfaces: Android and Beyond1

Take-away Message: The authors implement a modified Android system (LayerCake) totackle the security issues of embedded user interfaces.

1Franziska Roesner and Tadayoshi Kohno. “Securing embedded user interfaces: Android and beyond”. In:Proceedings of the 22nd USENIX conference on Security. USENIX Association. 2013, pp. 97–112.


Securing Embedded User Interfaces: Android and Beyond

BackgroundEmbedded user interfaces - Embedded third-party UIs are common on websites and insmartphone apps.



Security and EmbeddingBrowsers provide secure isolation between an embedding page and embedded content.Android does not.

Third-party libraries run in app’s context.No true cross-application UI embedding.



Motivation: Android does not have a secured embedded user interface, we need to redesignsecure embedded interfaces from scratch.Proposed Solution

Modify Android system and add an embedded activity to achieve process isolationbetween application and embedded view.Managing windows.Handling focus.Supporting cross-principal APIs.Handling size conflicts.Support for clickjacking prevention. A malicious application may make a sensitive UIelement transparent or very small, obscure, scroll off-screen.

Covered, not the minimum requested size, not fully visible

preventing ancestor redirection.



EvaluationCase studiesPerformance: loading time and eventdispatching time

Contributions: Authors implement the system(LayerCoke) which provides additional securityproperties and capabilities

Isolated Embedded UISecure WebViewsAccess Control Gadgets



DirectionsIf modified Android system can provieds lots of security benefits, We can also work on it.

QuestionsWill the system benifit Android security community?Is it easy to write applications on these modified system?


Automatic Mediation of Privacy-Sensitive Resource Access in SmartphoneApplications2

Take-away Message: The authors design a static analysis algorithm to automatically mediate(add, delete) the permission prompt codes in the Windows Phone project.

2Benjamin Livshits and Jaeyeon Jung. “Automatic mediation of privacy-sensitive resource access insmartphone applications”. In: Proceedings of the 22nd USENIX conference on Security. USENIX Association.2013, pp. 113–130.


Automatic Mediation of Privacy-Sensitive Resource Access in SmartphoneApplications

Background: Unlike Android, the permission mechanism in Windows Phone is to add promptcodes before calling sensitive APIs by developer manmually.Motivation

Coding problemproper protectionpartial protectionno protection

The current practice often fails in providing adequate privacy protection.



Proposed Solution The algorithm formulate theproblem as prompt placement problem. And solve it toachieve the following conditions: safe, visible, frugal andnot-repetitive. There are two approaches:

Dominator-based approachBackward placementChecking for existing prompts



EvaluationInput statistics (processed methods, nodes)Results of applying analysis (succeeded #, failed #, dominator-based #, backward #)Performance analysis

ContributionsStudy on the existing applications on resource access prompts.Two static analysis algorithm for correct promt placement.



DirectionsSome static methods can help developers to avoid some coding mistakes which can leadto security problem or battery consumption.

QuestionsWhy not add policy enforcement in system level like iOS?The study use a compiler algorithm method to solve the security problem. But I think themotivation and the issues to be solved is not so compelling.


Flexible and Fine-grained Mandatory Access Control on Android forDiverse Security and Privacy Policies3

Take-away Message: The paper propose a system (FlaskDroid) which is a modified Androidsystem. FlaskDroid can make mandatory access control (MAC) using SELinux.

3Sven Bugiel, Stephan Heuser, and Ahmad-Reza Sadeghi. “Flexible and fine-grained mandatory accesscontrol on Android for diverse security and privacy policies”. In: 22nd USENIX Security Symposium (USENIXSecurity’13). USENIX. 2013.


Flexible and Fine-grained Mandatory Access Control on Android forDiverse Security and Privacy Policies

MotivationAlmost all proposals for security extensions to Android constitute MAC mechanisms thatare tailored to the specific semantics of the addressed problem.Current MAC system operate only at a specific layer (application layer, kernel layer). Nogeneric MAC system both in application layer and kernel layer.Mobile system need a higher security standard than PC.



Proposed SolutionModify Android system to achieve thearchitecture showed in the right.Extend SELinux’s policy semantics fortype enforcement.



EvaluationRoot exploitsMalicious apps executed by rootOver-privileged and information stealingSensory malwareConfused deputy and collusion attacks

Contributions: FlaskDroid system, extensible policy language



Directions: Complex system, lots of engineering work.Questions: I think the system is so complex using on the normal implementation. The newlydesigned policy language is very hard for the developers. What’s the practical usage of thesystem?


WHYPER: Towards Automating Risk Assessment of Mobile Applications4

Take-away Message: The paper presents a system WHYPER which use Natural LanguageProcessing (NPL) techniques to identify sentences that describe the need for a givenpermission in an application description.

4Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie. “WHYPER: towards automating riskassessment of mobile applications”. In: Proceedings of the 22nd USENIX conference on Security. USENIXAssociation. 2013, pp. 527–542.


WHYPER: Towards Automating Risk Assessment of Mobile Applications

Background: What does the user expect?GPS TrackerPhone-Call RecorderOne-Click Root

Motivation: Bridging the semantic gap between what the user expects an application to do(application description) and what it actually does (permission usage).



Proposed SolutionPreprocessor: preiod handling, sentenceboundaries, named entity handling andabbreviation handling.NPL Parser: Stanford ParserIntermediate-representation generator:First-Order-Logic (FOL)Semantic Graph Generator: API Docs ->Semantic GraphsSemantic Engine: FOL, semantic graphs-> determine if a sentence describes theneed for a permission



Evaluation: TP, FP, TN, FNprecision, recall and F-ScoreHow effective compared to keyword-based searching?

ContributionsWHYPER uses NLP techniques to bridge the semantic gap.581 applications containing 10,000 sentences, substantial improvement



DirectionsUsing the basic techniques to solve the security problems will come out a novel idea.But, we should clear about the motivation (the security problems).

QuestionsDid this system help you find out the zero-day malware or existing malware in the wild?Can this method work on Chinese descriptions?


Jekyll on iOS: When Benign Apps Become Evil5

Take-away Message: The authors craft Jekyll apps which can be remotely exploited andintroduce malicious control flows by rearranging codes on iOS. The Jekyll apps can bypass thereview mechanism of Apple.

5Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee. “Jekyll on iOS: when benign appsbecome evil”. In: Proceedings of the 22nd USENIX conference on Security. USENIX Association. 2013,pp. 559–572.


Jekyll on iOS: When Benign Apps Become Evil

BackgroundPublic APIs, private APIsApp signing

MotivationApple adopts the mandatory app review and code signing mechanisms to ensure thesecurity of apps on iOS. The result is very good, and rare malware appears on App Storedue to the mechanisms.Is there any methods can bypass the app review.If yes, why make this happened? Can we provide a better architecture?



Proposed Solution (Attack Design): Motivatingexample explained on the right figures.

Normal application planted with vulnerabilities andhides code gadgets.Jekyll apps pass Apple’s app review and publish tothe App Store.The attacker exploits the vulnerabilities andassembles the gadgets in a particular order toperform malicious operations.

Challenges: ASLR, crafting vulnerability, hiding gadgets



EvaluationPosting tweets and sending email and SMSCamera, bluetooth, device ID, and dialingexploiting kernel vulnerabilitiesTrampoline attack

ContributionsNovel attacking method on iOS which can pass App Review.Experiments.



DirectionsResearch direction on finding unrevealed vulnerabilities.The discovery should have great impact on the industry or represent a new type of attack.Android vulnerabilities? The inconsistent programming issue between Java and nativecode (e.g., Master Key bugs).

QuestionsiOS 7?How to figure out the vulnerabilities and exploit them? (ROP attacks?)


The Impact of Vendor Customizations on Android Security6

Take-away Message: The authors perform provenance analysis, permission usage analysis andvulnerability analysis on the customized Android OS from four different vendors. The resultsbring impact on the current smartphone industries.

6Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, and Xuxian Jiang. “The Impact of VendorCustomizations on Android Security”. In: Proceedings of the 20th ACM Conference on Computer andCommunications Security. CCS, 2013.


The Impact of Vendor Customizations on Android Security

Motivation: Most of the phone on the market are customized by vendors. Vendorcustomizations inherently impact over Android security. Authors want to study vendorcustomizations on stock Android devices and assess the impact on overall Android security.Proposed Solution

Provenance analysis: AOSP app, vendor app, third-party app.Permission usage analysis compares the permissions requested by the app: permissionoverprivilege problem.Vulnerability analysis: permission re-delegation attacks and content leaks.



Evaluation: Ten customized systems from five vendors. (Samsung, HTC, LG, Sony, Google)Statistics of the distribution of AOSP app, vendor app and third-party app% of overprivileged apps among all pre-loaded apps% of vulnerable apps among all appsTwo case studies: Samsung Galaxy S3 (wipe data) and LG Optimus P880 (reboot andaccount leak)



Contributions: Systematically analyze the security impact of customized systems fromdifferent vendors. The most attractive contribution is the discoveries in the below table.



DirectionsThe same study can be used in the third-party ROMs.The impact of third-party ROMs will be small than vendors.There may be more interesting discoveries: more severe security problems.

QuestionsHow long to determine a vulnerabilities using the tools mentioned in the paper?If a long time, then why?


Unauthorized Origin Crossing on Mobile Platforms: Threats andMitigation7

Take-away Message: The study analyze the mobile cross-origin risk and propose a protectionmechanism called Morbs. Morbs labels every message with the origin information and enforcethe policies based on origins.

7Rui Wang, Luyi Xing, XiaoFeng Wang, and Shuo Chen. “Unauthorized Origin Crossing on MobilePlatforms: Threats and Mitigation”. In: Proceedings of the 20th ACM Conference on Computer andCommunications Security. CCS, 2013.


Unauthorized Origin Crossing on Mobile Platforms: Threats andMitigationBackground: Mobile communication channels

Intent (Key value data)URL scheme: youtube://watch?token=xxxWeb-accessing utility classes: WebView,UIWebView

MotivationUnauthorized origin crossing is related to the priorresearch problems: confused deputy problem,permission redelegation problem, cross-site requestforgery (CSRF) attack.However, prior studies aim at protecting mobiledevices, the general problem has not been dugdeeper.private Avtivity? other channels?


Unauthorized Origin Crossing on Mobile Platforms: Threats andMitigation

AttacksExploiting the Intent ChannelAbusing the Scheme ChannelAttacks on Web-Accessing Utility Classes



Exploiting the Intent Channel: Next Intent (Android)



Intent Channel: Next Intent (Android) - Attacks on Facebook & DropboxVendor responses: Complicated, $5000 bounty, 100GB



Abusing the scheme Channel: Fbconnect (Android)



Abusing the scheme Channel: Invoking apps from the web (Android and iOS)Login CSRF attacks on Dropbox iOS SDK



Abusing the scheme Channel: Invoking apps from the web (Android and iOS)Bypassing Facebook’s app authentication mechanism.



Attacks on Web-Accessing Utility ClassesExploiting Callbacks (WebView in iOS)Exploiting Header-attachement (HttpClient in Android)


Unauthorized Origin Crossing on Mobile Platforms: Threats andMitigationProposed system: Morbs (policy checking)



EvaluationEffectiveness (examples)Performance (Morbs operation, impact of policy check on different channel)Campatibility and developer’s effort (Comparison between fix the problems w/o Morbsand w. Morbs)



ContributionsProblemsSystemEvalutaion

Directions: Try to figure out the security problems of App/System.Question: The problem is bring by the new communication mechanisms (intent, scheme) inmobile system. Are there any communication designs can defend against these securityproblem without modifying current architecuture/system?


Identity, Location, Disease and More: Inferring Your Secrets from AndroidPublic Resources8

Take-away Message: In this paper, the authors discovered three unexpected channels ofinformation leaks on Android.What can a malicious app still learn about the user’s privateinformation without any permissions at all?

8Xiaoyong Zhou, Soteris Demetriou, Dongjing He, Muhammad Naveed, Xiaorui Pan, XiaoFeng Wang,Carl A Gunter, and Klara Nahrstedt. “Identity, location, disease and more: inferring your secrets from androidpublic resources”. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communicationssecurity. ACM. 2013, pp. 1017–1028.


Identity, Location, Disease and More: Inferring Your Secrets from AndroidPublic Resources

Motivation: Assuming that Android’s security design has been faithfully implemented andapps are well protected by their developers, what can a malicious app still learn about theuser’s private information without any permissions at all?



Attacks:Usage monitoring and analysisIdentity inferenceHealth and investmentLocation inferenceDriving Route inference



Usage monitoring and analysis:/proc/uid_stat/[uid]/tcp_rcv and /proc/uid_stat/[uid]/tcp_snd: record thetotal numbers of bytes received and sent by a specific app respectively.Stealthy and realtime monitoring: continuously reads from tcp_rcv and tcp_send of atarget app to record increments in their values.Analyze a target app’s behavior offline to generate a payload-sequence signature for thebehavior.



Identity inference:TwitterFingerprinting tweeting event using TCP payload sequenceTimestamp + Location (next slide) + Twitter API = Identity


Identity, Location, Disease and More: Inferring Your Secrets from AndroidPublic ResourcesHealth and investment: Application finite state machine



Finding where you are: Location inferenceBSSID-based geo-location

/proc/net/arp and /proc/net/wireless is documented with ARP parameters.BSSID: the gateway’s MAC address -> MAC of wireless switch/routeGoogle, Skyhook and Navizon collecting the BSSIDs of public Wi-Fi hotspots to helplocation-based service.


Identity, Location, Disease and More: Inferring Your Secrets from AndroidPublic ResourcesKnowing where you go: Driving route inferenceAssumption: driving, turn-by-turn void guidance.Speaker usage information: speech-length sequences.



SolutionsMitigation strategiesEnforcement framework



EvaluationExperimental results: https://sites.google.com/site/sidedroid/Geo-location with a single BSSID evaluation.FP, TP

ContributionsReveal us what privacy can we steal by a zero-permission application.

Directions: Any new attack methods.Questions?: Is it difficult to figure out the TCP payload sequence produced by a certainbehavior?


https://sites.google.com/site/sidedroid/

Vetting Undesirable Behaviors in Android Apps with Permission UseAnalysis9

Take-away Message: TaintDroid + Permission usage

9Yuan Zhang, Min Yang, Bingquan Xu, Zhemin Yang, Guofei Gu, Peng Ning, X Sean Wang, andBinyu Zang. “Vetting undesirable behaviors in android apps with permission use analysis”. In: Proceedings ofthe 2013 ACM SIGSAC conference on Computer & communications security. ACM. 2013, pp. 611–622.


Vetting Undesirable Behaviors in Android Apps with Permission UseAnalysis

Motivation:TaintDroid: Tracking how apps use sensitive information required integrating our softwareinto the Android platform at a low level by tainting variables.Which variable should I taint? And how did the privacy leak?



Solutions:Explicit permission use points (E-PUP), Implicit permission use points (I-PUP).Permission User Behavior is a function call graph based on E-PUP and I-PUP.



E-PUP Identifier.I-PUP Tracker: 1. Delivery point; 2. Permission-based taint analysis.Application driver: Monkey.Behavior profiler: fine-grained permission model -> application usually need to usemultiple permissions together to accomplish a meaningful behavior.



Prototype, EvaluationBased on TaintDroid (Android 2.3).Two real-world malware study:malicious behavior analysis, systemcall trace comparison.Vetting market apps: comparisonbetween TaintDroid and VetDroidwith information leakage.Performance overhead evaluation:80%, 238%.



Contributions: VetDroid can help analyst to find privacy leakage easily based on TaintDroid.Directions: Still have some space to improve the dynamic analysis system.Questions: Can VetDroid analyze the privacy which go through native library?


AppIntent: Analyzing Sensitive Data Transmission in Android for PrivacyLeakage Detection10

Take-away Message: AppIntent uses an event-space constraint guided symbolic executiontechnique, which effectively reduces the event search space.

10Zhemin Yang, Min Yang, Yuan Zhang, Guofei Gu, Peng Ning, and X Sean Wang. “Appintent: Analyzingsensitive data transmission in android for privacy leakage detection”. In: Proceedings of the 2013 ACM SIGSACconference on Computer & communications security. ACM. 2013, pp. 1043–1054.


AppIntent: Analyzing Sensitive Data Transmission in Android for PrivacyLeakage Detection

Motivation: Existing symbolic execution only focus on non-interactive programs and has pathexplosion problem.Proposed Solution: Event-space constraint guided symbolic execution.



Construction of the event-space constraint graphExtracting critical events: backward traversing the call graph.Extracting essential events: construct the life cycle in an application.

Guided symbolic execution



Dynamic analysis platform: AppIntent uses InstrumentationTestRunner which can:Automatically trigger event inputs.Automatically provide data inputs.Highlight activated views of GUI events.Highlight sensitive data read and transmission.



Evaluation:Effectiveness of event-space constraint guided symbolic execution.

full graph v.s. event-space constraint graphEffectiveness on analyzing sensitive data transmission.

Malicious apps/Google PlayFindings: ID/phone number, logging system

Analysis time.Case study.



ContributionsEvent-space constraint guided symbolic execution technique.Dynamic triggering using Instrument.

Directions: Using the technique in other fields to solve the security problem is a gooddirection.Questions: How to extract sensitive data transmission path? How do you deal with the inputdata which is not from UI interaction (e.g. timing, network, sensor).


PatchDroid: Scalable Third-Party Security Patches for Android Devices11

Take-away Message: PatchDroid use hooking technique to make scalable third-party securitypatches for Android devices.

11Collin Mulliner, Jon Oberheide, William Robertson, and Engin Kirda. “PatchDroid: Scalable Third-PartySecurity Patches for Android Devices”. In: Proceedings of the 2013 Annual Computer Security ApplicationsConference. 2013.


PatchDroid: Scalable Third-Party Security Patches for Android Devices

Motivation: Because Android upgrades quickly, the motivation is tofix security vulnerabilities in Android devices that are no longer supported by themanufacturer and mobile network operator.roll out third-party security fixes.



Proposed Solution



Proposed Solution

patching native codefunction replacementfixing via function proxyfailed return value checking

patching Dalvik bytecode



Evaluationfunctional evaluationperformance overhead: ZygoteBench measures the time that it takes zygote to create anew process on an Android device.user trails: 14 different modelsMaster Key Bug (case study)



ContributionsPatchdroid: distributing and applying third-party patches for security vulnerabilitiesin-memory patchingevaluation

Direction: What else can hooking take place in other research area?Question: Is there a lot of engineering work to fit for different phone models?


AFrame: Isolating Advertisements from Mobile Applications in Android12

Take-away Message: Modify Android system to achieve advertisements isolation.

12Xiao Zhang, Amit Ahlawat, and Wenliang Du. “AFrame: Isolating Advertisements from Mobile Applicationsin Android”. In: Proceedings of the 2013 Annual Computer Security Applications Conference. 2013.


AFrame: Isolating Advertisements from Mobile Applications in Android

Motivation: When a application is installed, both the advertisement and the originalapplication will have the same privilege, as they are running in the same process, inseparable bythe system.

AdSplitdifferent application activity.transparency techniqueclickjackingoverhead in drawingrequire a stub library inside each application

Inspiration comes from browser’s iframe.



Proposed Solution: AFrame (Activity Frame)from the user perspective: transparent toend usersfrom the developer perspective: easy todevelop, permission assignmentsfrom the system perspective: processisolation, permission isolation, inputisolation, display (output) isolation.

Design and implementation:Modify Package Manager Service (PMS)hardware abstraction layer (HAL)



Evaluationprivilege isolationcompatibility with various advertising librariesperformance: system & application overhead



ContributionsAFrame is a modified Android system which can isolate the advertisement.It’s easy to use from either user’s perspective or developer’s perspective.

Direction: Both this paper and CCS paper are solving the advertising isolation problem.However, both of them need to modify Android system.

Is this problem still non-trivial?Can we use hooking to solve the problem?

Question: Will Google uses this method in the next release to isolate the advertisementlibraries? Why or why not? Is there any constraints for the system?


The Man Who Was There: Validating Check-ins in Location-BasedServices13

Take-away Message: This paper discovers a detection mechanisms and demonstrates thatboth services are still vulnerable. And then, implement a system employs NFC hardware toeliminate fake-location attacks.



The Man Who Was There: Validating Check-ins in Location-BasedServices

MotivationA important aspect of LBS: venues attract customers by providing special offers for theirmayor.Fake check-ins will have a negative impact on the system and deter users fromparticipating.Cheating detection mechanism of Foursquare.



Attacks: FoursquareGPS distanceHigh speedRapid fire

Experimental Results:Inconsistent triggeringInconsistent non-triggering



Attacks: Facebook PlacesFor every venue, the user checks-in with the same location coordinates, regardless of thevenue’s location.Experimental Results: An attacker can completely bypass the traveling speed constraints andcheck into venues around the globe with unlimited speed.



Proposed SolutionValidating user location: QR code, NFCAdapt existing detection mechanismsImplement NFCDesign a data exchanged protocol by using asymmetric encryption.

Evaluation: security analysis and performance analysis.



ContributionsReveal the LBS attack.Propose a system.

Direction: Is there any other rewarding systems in Android. Can we find the vulnerabilities?Question: We need to put NFC reader in every venue which is infeasible.


FireDroid: Hardening Security in Almost-Stock Android14

Take-away Message: FireDroid uses ptrace to attach Zygote in order to enforce securitypolicies.



FireDroid: Hardening Security in Almost-Stock Android

Motivation:does not require to recompile any parts of the Android system.it provides support for enterprise security management where security administrators candefine security policies to be enforced on the devices without relying on the device’s user.



Proposed Solution: FireDroid: ptrace-basedPEP: policy enforcement pointPDP: policy decision pointPR: policy repositoryPAP: policy administration pointGPR: global policy repositoryRPM: remote policy manager



FireDroid Policies: FireDroid design a policy language and its syntax.Financial chargesInformation harvestingVulnerabilities



EvaluationCTS: Compatibility Test SuiteOverhead on Benchmark: Quadrant, BenchmarkPiInter-process Communication: HttpGet, BroadcastIntent, QueryContact andGetLastLocation



Contributionsptrace-based systempolicy language

Direction: Performance evaluation is completed.Question: How to connect system call with the policy language? It is quiet obscure in thepaper.


Paper Summary on Mobile Security in 2013

Technology

Transcript of Paper Summary on Mobile Security in 2013