[6] W. Cui, M. Peinado, and H. J. Wang, “ShieldGen: Automatic Data
Patch Generation for Unknown Vulnerabilities with Informed Probing,”
in Proceedings of 2007 IEEE Symposium on Security and Privacy
(Oakland’07), May 2007.
[7] D. Brumley, J. Newsome, D. Song, H. Wang, and S. Jha, “Towards Au-
tomatic Generation of Vulnerability-Based Signatures,” in Proceedings
of the 2006 IEEE Symposium on Security and Privacy (Oakland’06),
May 2006.
[8] M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and
P. Barham, “Vigilante: End-to-End Containment of Internet Worms,”
in Proceedings of the twentieth ACM Symposium on Systems and
Operating Systems Principles (SOSP’05), October 2005.
[9] M. Costa, M. Castro, L. Zhou, L. Zhang, and M. Peinado, “Bouncer:
Securing Software by Blocking Bad Input,” in Proceedings of 21st
ACM SIGOPS Symposium on Operating Systems Principles (SOSP’07),
October 2007.
[10] J. Caballero, Z. Liang, Poosankam, and D. Song, “Towards Gener-
ating High Coverage Vulnerability-Based Signatures with Protocol-
Level Constraint-Guided Exploration,” in Proceedings of the 12th
International Symposium on Recent Advances in Intrusion Detection
(RAID’09), September 2009.
[11] Z. Lin, X. Jiang, D. Xu, B. Mao, and L. Xie, “AutoPaG: Towards Auto-
mated Software Patch Generation with Source Code Root Cause Iden-
tification and Repair,” in Proceedings of the 2nd ACM Symposium on
Information, Computer and Communications Security (ASIACCS’07),
March 2007.
[12] C. Zhang, T. Wang, T. Wei, Y. Chen, and W. Zou, “IntPatch: Au-
tomatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at
Compile-Time,” in Proceedings of the 15th European Conference on
Research in Computer Security (ESORICS’10), September 2010.
[13] S. Sidiroglou and A. D. Keromytis, “Countering Network Worms
Through Automatic Patch Generation,” IEEE Security and Privacy,
vol. 3, no. 6, pp. 41–49, Nov. 2005.
[14] J. Newsome, D. Brumley, and D. Song, “Vulnerability-specific ex-
ecution filtering for exploit prevention on commodity software,” in
Proceedings of the 13th Symposium on Network and Distributed System
Security (NDSS’06), February 2006.
[15] “Soot: a java optimization framework,” http://www.sable.mcgill.ca/
soot/.
[16] “dex2jar,” http://code.google.com/p/dex2jar/.
[17] D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein,
and Y. L. Traon, “Effective Inter-Component Communication Mapping
in Android with Epicc: An Essential Step Towards Holistic Security
Analysis,” in Proceedings of the 22nd USENIX Security Symposium,
August 2013.
[18] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel,
and A. N. Sheth, “TaintDroid: An Information-Flow Tracking System
for Realtime Privacy Monitoring on Smartphones,” in Proceedings
of the 9th USENIX Symposium on Operating Systems Design and
Implementation (OSDI’10), October 2010.
[19] M. Weiser, “Program Slicing,” in Proceedings of the 5th International
Conference on Software Engineering (ICSE’81), March 1981.
[20] “Ui/application exerciser monkey,” http://developer.android.com/tools/
help/monkey.html.
[21] W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A Study of
Android Application Security,” in Proceedings of the 20th Usenix
Security Symposium, August 2011.
[22] V. Razmov and D. Simon, “Practical Automated Filter Generation to
Explicitly Enforce Implicit Input Assumptions,” in Proceedings of the
17th Annual Computer Security Applications Conference (ACSAC’01),
December 2001.
[23] M. Egele, C. Kruegel, E. Kirda, and G. Vigna, “PiOS: Detecting Privacy
Leaks in iOS Applications,” in Proceedings of 18th Annual Network and
Distributed System Security Symposium (NDSS’11), February 2011.
[24] B. Livshits and J. Jung, “Automatic Mediation of Privacy-Sensitive
Resource Access in Smartphone Applications,” in Proceedings of the
22th Usenix Security Symposium, August 2013.
[25] R. Xu, H. Sadi, and R. Anderson, “Aurasium: Practical Policy Enforce-
ment for Android Applications,” in Proceedings of the 21th Usenix
Security Symposium, August 2012.
[26] “Privacy blocker,” http://privacytools.xeudoxus.com/.
[27] P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall, “These
Aren’t The Droids You’re Looking For: Retrofitting Android to Protect
Data from Imperious Applications,” in Proceedings of the 18th ACM
Conference on Computer and Communications Security (CCS’11),
October 2011.
[28] Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh, “Taming Information-
Stealing Smartphone Applications (on Android),” in Proceedings of
the 4th International Conference on Trust and Trustworthy Computing
(TRUST’11), June 2011.
[29] A. R. Beresford, A. Rice, N. Skehin, and R. Sohan, “MockDroid:
trading privacy for application functionality on smartphones,” in Pro-
ceedings of the 12th Workshop on Mobile Computing Systems and
Applications (HotMobile’11), March 2011.
[30] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and
B. Shastry, “Towards Taming Privilege-Escalation Attacks on Android,”
in Proceedings of 19th Annual Network and Distributed System Security
Symposium (NDSS’12), February 2012.
[31] M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach, “Quire:
Lightweight Provenance for Smart Phone Operating Systems,” in Pro-
ceedings of the 20th Usenix Security Symposium, August 2011.
[32] Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, “Hey, You, Get Off of My
Market: Detecting Malicious Apps in Official and Alternative Android
Markets,” in Proceedings of 19th Annual Network and Distributed
System Security Symposium (NDSS’12), February 2012.
[33] L.-K. Yan and H. Yin, “DroidScope: Seamlessly Reconstructing OS
and Dalvik Semantic Views for Dynamic Android Malware Analysis,”
in Proceedings of the 21st USENIX Security Symposium, August 2012.
[34] Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization
and Evolution,” in Proceedings of the 33rd IEEE Symposium on Security
and Privacy (Oakland’12), May 2012.
[35] M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, “RiskRanker:
Scalable and Accurate Zero-day Android Malware Detection,” in Pro-
ceedings of the 10th International Conference on Mobile Systems,
Applications and Services (MobiSys’12), June 2012.
[36] V. Rastogi, Y. Chen, and X. Jiang, “DroidChameleon: Evaluating
Android Anti-malware against Transformation Attacks,” in Proceedings
of the 8th ACM Symposium on InformAtion, Computer and Communi-
cations Security (ASIACCS’13), May 2013.
[37] W. Enck, M. Ongtang, and P. McDaniel, “On Lightweight Mobile Phone
Application Certification,” in Proceedings of the 16th ACM Conference
on Computer and Communications Security (CCS’09), November 2009.
[38] B. Davis, B. Sanders, A. Khodaverdian, and H. Chen, “I-ARM-Droid:
A Rewriting Framework for In-App Reference Monitors for Android
Applications,” in Proceedings of the Mobile Security Technologies
Workshop (MoST’12), May 2012.
[39] D. Chandra and M. Franz, “Fine-Grained Information Flow Analysis
and Enforcement in a Java Virtual Machine,” in Proceedings of the
23rd Annual Computer Security Applications Conference (ACSAC’07),
December 2007.
[40] A. C. Myers, “JFlow: Practical Mostly-Static Information Flow Con-
trol,” in Proceedings of the 26th ACM Symposium on Principles of
Programming Languages (POPL’99), January 1999.
[41] L. Jia, J. Aljuraidan, E. Fragkaki, L. Bauer, M. Stroucken,
K. Fukushima, S. Kiyomoto, and Y. Miyake, “Run-Time Enforcement
of Information-Flow Properties on Android (Extended Abstract),” in
Proceedings of 18th European Symposium on Research in Computer
Security (ESORICS’13), September 2013.
[42] B. Niu and G. Tan, “Efficient User-Space Information Flow Control,”
in Proceedings of the 8th ACM Symposium on Information, Computer
and Communications Security (ASIACCS’13), May 2013.
[43] B. Zeng, G. Tan, and U. Erlingsson, “Strato: A Retargetable Framework
for Low-Level Inlined-Reference Monitors,” in Proceedings of the 22th
Usenix Security Symposium, August 2013.
15