Title: Bytecode instrumentation mechanism for monitoring mobile application information flow
Authors: Mohamed Sarrab
Addresses: Communication and Information Research Center, Sultan Qaboos University, Muscat SQU123, Oman
Abstract: Mobile applications are monitored for performance check or tested for error correctness in respect of particular security properties. The more sensitive the information such as credit card, personal medical and private information processed by mobile app, the more important to observe and check the flow of the information during mobile app execution. Monitoring untrusted mobile app to verify there is no information flow during the runtime of mobile app in an environment, where critical information are existed, are very difficult. This paper concerned with the observation of information flow of untrusted mobile app at runtime. The paper presents first part (Observe points) of framework called observing untrusted app execution to control information flow with the aim of supporting user interaction to change app behaviour. This paper presents all necessary instrumentation algorithms of Java bytecode and discusses the prototype implementation of new bytecode instrumentation mechanism for observing information flow during runtime.
Keywords: Java bytecode; mobile apps; bytecode instrumentation; information flow; mobile applications; information security; app monitoring; runtime.
International Journal of Security and Networks, 2015 Vol.10 No.3, pp.191 - 206
Received: 08 Jul 2014
Accepted: 18 Feb 2015
Published online: 19 Sep 2015 *