{"id":"https://openalex.org/W2890471546","doi":"https://doi.org/10.1145/3243734.3243843","title":"Invetter","display_name":"Invetter","publication_year":2018,"publication_date":"2018-10-15","ids":{"openalex":"https://openalex.org/W2890471546","doi":"https://doi.org/10.1145/3243734.3243843","mag":"2890471546"},"language":"en","primary_location":{"id":"doi:10.1145/3243734.3243843","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3243734.3243843","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101455341","display_name":"Lei Zhang","orcid":"https://orcid.org/0000-0002-9298-2536"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Lei Zhang","raw_affiliation_strings":["Fudan University, Shang Hai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shang Hai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101856258","display_name":"Zhemin Yang","orcid":"https://orcid.org/0000-0002-1854-639X"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhemin Yang","raw_affiliation_strings":["Fudan University, Shang Hai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shang Hai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5040328050","display_name":"Yuyu He","orcid":null},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuyu He","raw_affiliation_strings":["Fudan University, Shang Hai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shang Hai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100389498","display_name":"Zhenyu Zhang","orcid":"https://orcid.org/0000-0001-5570-090X"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhenyu Zhang","raw_affiliation_strings":["Fudan University, Shang Hai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shang Hai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022038961","display_name":"Zhiyun Qian","orcid":"https://orcid.org/0000-0003-1506-2522"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhiyun Qian","raw_affiliation_strings":["University of California Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054807919","display_name":"Geng Hong","orcid":"https://orcid.org/0000-0003-1811-9432"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Geng Hong","raw_affiliation_strings":["Fudan University, Shang Hai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shang Hai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100368650","display_name":"Yuan Zhang","orcid":"https://orcid.org/0000-0001-5538-1478"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuan Zhang","raw_affiliation_strings":["Fudan University, Shang Hai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shang Hai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5052437722","display_name":"Min Yang","orcid":"https://orcid.org/0000-0001-9714-5545"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Min Yang","raw_affiliation_strings":["Fudan University, Shang Hai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shang Hai, China","institution_ids":["https://openalex.org/I24943067"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5101455341"],"corresponding_institution_ids":["https://openalex.org/I24943067"],"apc_list":null,"apc_paid":null,"fwci":2.1469,"has_fulltext":false,"cited_by_count":25,"citation_normalized_percentile":{"value":0.88450573,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1165","last_page":"1178"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9955999851226807,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9926000237464905,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8776439428329468},{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.8611226081848145},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.6357704997062683},{"id":"https://openalex.org/keywords/vendor","display_name":"Vendor","score":0.600929319858551},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5915412306785583},{"id":"https://openalex.org/keywords/rendering","display_name":"Rendering (computer graphics)","score":0.5254365801811218},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.42671093344688416},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.17861157655715942},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.11956420540809631}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8776439428329468},{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.8611226081848145},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.6357704997062683},{"id":"https://openalex.org/C2777338717","wikidata":"https://www.wikidata.org/wiki/Q1762621","display_name":"Vendor","level":2,"score":0.600929319858551},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5915412306785583},{"id":"https://openalex.org/C205711294","wikidata":"https://www.wikidata.org/wiki/Q176953","display_name":"Rendering (computer graphics)","level":2,"score":0.5254365801811218},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.42671093344688416},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.17861157655715942},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.11956420540809631},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3243734.3243843","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3243734.3243843","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.4699999988079071}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W124941384","https://openalex.org/W1437814062","https://openalex.org/W1438616768","https://openalex.org/W1486731751","https://openalex.org/W1565377632","https://openalex.org/W1630356589","https://openalex.org/W1912565424","https://openalex.org/W1948712562","https://openalex.org/W1963971515","https://openalex.org/W1988036170","https://openalex.org/W1992114977","https://openalex.org/W2008345765","https://openalex.org/W2010395842","https://openalex.org/W2027538101","https://openalex.org/W2081580037","https://openalex.org/W2083988638","https://openalex.org/W2088983597","https://openalex.org/W2114275288","https://openalex.org/W2140095007","https://openalex.org/W2166743230","https://openalex.org/W2168103835","https://openalex.org/W2273325114","https://openalex.org/W2398484989","https://openalex.org/W2407015181","https://openalex.org/W2475731385","https://openalex.org/W2482589566","https://openalex.org/W2487596118","https://openalex.org/W2532201797","https://openalex.org/W2534511085","https://openalex.org/W2573570214","https://openalex.org/W2578991858","https://openalex.org/W2626290556","https://openalex.org/W2789555918","https://openalex.org/W2793024489","https://openalex.org/W4244726870"],"related_works":["https://openalex.org/W2316685381","https://openalex.org/W3003485427","https://openalex.org/W2056388267","https://openalex.org/W4210309948","https://openalex.org/W2249350383","https://openalex.org/W2755037920","https://openalex.org/W4388923452","https://openalex.org/W2072937473","https://openalex.org/W3211901564","https://openalex.org/W2786416059"],"abstract_inverted_index":{"Android":[0,30,94],"integrates":[1],"an":[2],"increasing":[3],"number":[4],"of":[5,35,42,169],"features":[6],"into":[7],"system":[8,136],"services":[9],"to":[10,38,107,127,141,163],"manage":[11],"sensitive":[12,43,129],"resources,":[13],"such":[14,179],"as":[15,82,180],"location,":[16],"medical":[17],"and":[18,102,114,124,146,183],"social":[19],"network":[20],"information.":[21],"To":[22,109],"prevent":[23],"untrusted":[24],"apps":[25],"from":[26],"abusing":[27],"the":[28,55,61,72,157],"services,":[29],"implements":[31],"a":[32,90,116],"comprehensive":[33],"set":[34],"access":[36,48],"controls":[37,49],"ensure":[39],"proper":[40],"usage":[41],"resources.":[44],"Unlike":[45],"explicit":[46],"permission-based":[47],"that":[50,120,132,165],"are":[51,75,99,133,161,171],"discussed":[52],"extensively":[53],"in":[54,71,76,135],"past,":[56],"our":[57],"paper":[58],"focuses":[59],"on":[60],"widespread":[62],"yet":[63],"undocumented":[64],"input":[65,79,130],"validation":[66],"problem.":[67],"As":[68],"we":[69,112,150,160],"show":[70],"paper,":[73],"there":[74],"fact":[77],"more":[78],"validations":[80,98,131],"acting":[81],"security":[83],"checks":[84],"than":[85],"permission":[86],"checks,":[87],"rendering":[88],"them":[89,170],"critical":[91],"foundation":[92],"for":[93],"framework.":[95],"Unfortunately,":[96],"these":[97],"unstructured,":[100],"ill-defined,":[101],"fragmented,":[103],"making":[104],"it":[105],"challenging":[106],"analyze.":[108],"this":[110],"end,":[111],"design":[113],"implement":[115],"tool,":[117],"called":[118],"Invetter,":[119],"combines":[121],"machine":[122],"learning":[123],"static":[125],"analysis":[126],"locate":[128,151],"problematic":[134],"services.":[137],"By":[138],"applying":[139],"Invetter":[140],"4":[142,147],"different":[143],"AOSP":[144],"codebases":[145],"vendor-customized":[148],"images,":[149],"103":[152],"candidate":[153],"insecure":[154],"validations.":[155],"Among":[156],"true":[158],"positives,":[159],"able":[162],"confirm":[164],"at":[166],"least":[167],"20":[168],"truly":[172],"exploitable":[173],"vulnerabilities":[174],"by":[175],"constructing":[176],"various":[177],"attacks":[178],"privilege":[181],"escalation":[182],"private":[184],"information":[185],"leakage.":[186]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2018-09-27T00:00:00"}