Mobile applications security is nowadays one of the most important topics in the field of information security, due to their pervasivity in the people’s life. Among mobile applications, those that interact with social network profiles, have a great potential for development, as they intercept another powerful asset of the today cyberspace. However, one of the problems that can limit the diffusion of social network applications is the lack of fine-grained control when an application use the APIs of a social network to access a profile. For instance, in Twitter, the supported access control policy is basically on/off, so that if a (third party) application needs the right to write in a user profile, the user is enforced to grant this right with no restriction in the entire profile. This enables a large set of security threats and can make (even inexpert) users reluctant to run these applications. To overcome this problem, we propose an effective solution working for Android Twitter applications based on a middleware approach. The proposed solution enables other possible benefits, as anomaly-based malware detection leveraging API-call patterns, and it can be extended to a multiple social network scenario.
A middleware to allow fine-grained access control of Twitter applications / F. Buccafurri, G. Lax, S. Nicolazzo, A. Nocera (LECTURE NOTES IN COMPUTER SCIENCE). - In: Mobile, Secure, and Programmable Networking / [a cura di] S. Boumerdassi, É. Renault, S. Bouzefrane. - [s.l] : Springer Verlag, 2016. - ISBN 978-3-319-50462-9. - pp. 168-182 (( Intervento presentato al 2. convegno International Conference on Mobile, Secure, and Programmable Networking tenutosi a Paris nel 2016 [10.1007/978-3-319-50463-6_14].
A middleware to allow fine-grained access control of Twitter applications
S. Nicolazzo;
2016
Abstract
Mobile applications security is nowadays one of the most important topics in the field of information security, due to their pervasivity in the people’s life. Among mobile applications, those that interact with social network profiles, have a great potential for development, as they intercept another powerful asset of the today cyberspace. However, one of the problems that can limit the diffusion of social network applications is the lack of fine-grained control when an application use the APIs of a social network to access a profile. For instance, in Twitter, the supported access control policy is basically on/off, so that if a (third party) application needs the right to write in a user profile, the user is enforced to grant this right with no restriction in the entire profile. This enables a large set of security threats and can make (even inexpert) users reluctant to run these applications. To overcome this problem, we propose an effective solution working for Android Twitter applications based on a middleware approach. The proposed solution enables other possible benefits, as anomaly-based malware detection leveraging API-call patterns, and it can be extended to a multiple social network scenario.File | Dimensione | Formato | |
---|---|---|---|
A middleware to allow fine-grained access control of Twitter applications.pdf
accesso riservato
Tipologia:
Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione
206.24 kB
Formato
Adobe PDF
|
206.24 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
978-3-319-50463-6_14.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
686.01 kB
Formato
Adobe PDF
|
686.01 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.