DCert: Find the Leak in Your Pocket
Mohamed Nassim Seghir
TL;DR
DCert is a tool that separates heavy data-flow analysis from lightweight verification, enabling secure, scalable, and trustworthy security assessments of applications on resource-constrained devices.
Contribution
It introduces a dual-component system with a heavy analyzer on a computer and a lightweight checker on mobile devices, ensuring analysis integrity through certificates.
Findings
Effective certification of data-flow properties in real-world applications
Scalable verification suitable for resource-limited mobile devices
Maintains trustworthiness despite potential tampering or analysis errors
Abstract
Static data-flow analysis has proven its effectiveness in assessing security of applications. One major challenge it faces is scalability to large software. This issue is even exacerbated when additional limitations on computing and storage resources are imposed, as is the case for mobile devices. In such cases the analysis is performed on a conventional computer. This poses two problems. First, a man-in-the-middle attack can tamper with an analyzed application. So once on the mobile device, what guarantees that the actual version is not corrupt. Second, the analysis itself might be broken leading to an erroneous result. As a solution, we present DCert a tool for checking and certifying data-flow properties that consists of two components: a (heavy- weight) analyzer and a (lightweight) checker. The analyzer is deployed on a conventional computer. It verifies the conformance of a given…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Software Testing and Debugging Techniques · Security and Verification in Computing