{"id":"https://openalex.org/W3114029772","doi":"https://doi.org/10.1145/3416124","title":"Securing Applications against Side-channel Attacks through Resource Access Veto","display_name":"Securing Applications against Side-channel Attacks through Resource Access Veto","publication_year":2020,"publication_date":"2020-12-22","ids":{"openalex":"https://openalex.org/W3114029772","doi":"https://doi.org/10.1145/3416124","mag":"3114029772"},"language":"en","primary_location":{"id":"doi:10.1145/3416124","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3416124","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3416124","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3416124","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5062036062","display_name":"Tousif Osman","orcid":null},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Tousif Osman","raw_affiliation_strings":["Concordia University, Montreal, QC, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University, Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055898168","display_name":"Mohammad Mannan","orcid":"https://orcid.org/0000-0002-9630-5858"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohammad Mannan","raw_affiliation_strings":["Concordia University, Montreal, QC, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University, Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102843571","display_name":"Urs Hengartner","orcid":"https://orcid.org/0000-0002-9840-0015"},"institutions":[{"id":"https://openalex.org/I151746483","display_name":"University of Waterloo","ror":"https://ror.org/01aff2v68","country_code":"CA","type":"education","lineage":["https://openalex.org/I151746483"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Urs Hengartner","raw_affiliation_strings":["University of Waterloo, Ontario, Canada"],"affiliations":[{"raw_affiliation_string":"University of Waterloo, Ontario, Canada","institution_ids":["https://openalex.org/I151746483"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085765243","display_name":"Amr Youssef","orcid":"https://orcid.org/0000-0002-4284-8646"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Amr Youssef","raw_affiliation_strings":["Concordia University, Montreal, QC, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University, Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5062036062"],"corresponding_institution_ids":["https://openalex.org/I60158472"],"apc_list":null,"apc_paid":null,"fwci":0.1515,"has_fulltext":true,"cited_by_count":5,"citation_normalized_percentile":{"value":0.4634628,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"1","issue":"4","first_page":"1","last_page":"29"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.8430086374282837},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.8170150518417358},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7535179853439331},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.7481567859649658},{"id":"https://openalex.org/keywords/swipe","display_name":"SwIPe","score":0.7329621315002441},{"id":"https://openalex.org/keywords/side-channel-attack","display_name":"Side channel attack","score":0.6375144720077515},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5628209710121155},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.46456897258758545},{"id":"https://openalex.org/keywords/accelerometer","display_name":"Accelerometer","score":0.43389129638671875},{"id":"https://openalex.org/keywords/pointer","display_name":"Pointer (user interface)","score":0.4208257496356964},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.41458821296691895},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.38622570037841797},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.2045379877090454},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.11096957325935364}],"concepts":[{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.8430086374282837},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.8170150518417358},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7535179853439331},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.7481567859649658},{"id":"https://openalex.org/C2779623668","wikidata":"https://www.wikidata.org/wiki/Q7652842","display_name":"SwIPe","level":2,"score":0.7329621315002441},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.6375144720077515},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5628209710121155},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.46456897258758545},{"id":"https://openalex.org/C89805583","wikidata":"https://www.wikidata.org/wiki/Q192940","display_name":"Accelerometer","level":2,"score":0.43389129638671875},{"id":"https://openalex.org/C150202949","wikidata":"https://www.wikidata.org/wiki/Q107602","display_name":"Pointer (user interface)","level":2,"score":0.4208257496356964},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.41458821296691895},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.38622570037841797},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.2045379877090454},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.11096957325935364},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3416124","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3416124","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3416124","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3416124","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3416124","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3416124","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6103875446","display_name":null,"funder_award_id":"N01347","funder_id":"https://openalex.org/F4320321487","funder_display_name":"Canadian Network for Research and Innovation in Machining Technology, Natural Sciences and Engineering Research Council of Canada"}],"funders":[{"id":"https://openalex.org/F4320321487","display_name":"Canadian Network for Research and Innovation in Machining Technology, Natural Sciences and Engineering Research Council of Canada","ror":"https://ror.org/01h531d29"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3114029772.pdf","grobid_xml":"https://content.openalex.org/works/W3114029772.grobid-xml"},"referenced_works_count":31,"referenced_works":["https://openalex.org/W34350934","https://openalex.org/W592027770","https://openalex.org/W776418363","https://openalex.org/W1543344803","https://openalex.org/W1973831058","https://openalex.org/W2004876093","https://openalex.org/W2033811191","https://openalex.org/W2073445898","https://openalex.org/W2074367177","https://openalex.org/W2082300114","https://openalex.org/W2090465075","https://openalex.org/W2093316511","https://openalex.org/W2099468260","https://openalex.org/W2107816859","https://openalex.org/W2132073183","https://openalex.org/W2150097065","https://openalex.org/W2158705880","https://openalex.org/W2294068577","https://openalex.org/W2474388146","https://openalex.org/W2611887307","https://openalex.org/W2735670810","https://openalex.org/W2786308658","https://openalex.org/W2798069878","https://openalex.org/W2923593504","https://openalex.org/W2963204406","https://openalex.org/W2979280275","https://openalex.org/W2991173802","https://openalex.org/W3100675173","https://openalex.org/W3101731393","https://openalex.org/W4214931895","https://openalex.org/W4243272515"],"related_works":["https://openalex.org/W2398889655","https://openalex.org/W2536378363","https://openalex.org/W2549484948","https://openalex.org/W4205559861","https://openalex.org/W2158820730","https://openalex.org/W1547097662","https://openalex.org/W3202730707","https://openalex.org/W3007448029","https://openalex.org/W1428967323","https://openalex.org/W2546977421"],"abstract_inverted_index":{"Apps":[0],"on":[1,201],"modern":[2],"mobile":[3,82],"operating":[4],"systems":[5],"can":[6,29,56,149],"access":[7,32,175,189],"various":[8],"system":[9],"resources":[10,162],"with,":[11],"or":[12,63,121],"without,":[13],"an":[14,27,85,133,139],"explicit":[15,122],"user":[16,41],"permission.":[17],"Although":[18],"the":[19,40,61,78,151,177,193,204],"OS":[20,152],"generally":[21],"maintains":[22],"strict":[23],"separation":[24],"between":[25],"apps,":[26],"app":[28,55,69,86,134,148],"still":[30],"get":[31],"to":[33,70,87,114,136,153,156,163,176],"another":[34],"app\u2019s":[35,140],"private":[36],"information,":[37],"such":[38,74,91],"as":[39,75],"input,":[42],"through":[43],"numerous":[44],"side-channels.":[45],"For":[46],"example,":[47],"keystrokes":[48],"and":[49,207],"swipe":[50],"gestures":[51],"from":[52,60,77,117,124],"a":[53,67,109,143,146,169,183,187],"victim":[54],"be":[57],"inferred":[58],"indirectly":[59],"accelerometer":[62,178],"gyroscope":[64],"output,":[65],"allowing":[66],"zero-permission":[68],"learn":[71],"sensitive":[72],"inputs":[73],"passwords":[76],"victim\u2019s":[79],"app.":[80],"Current":[81],"OSes":[83],"allow":[84],"defend":[88,115],"itself":[89],"in":[90,94,102],"situations":[92],"only":[93],"some":[95],"exceptional":[96],"cases\u2014e.g.,":[97],"by":[98],"blocking":[99],"screenshot":[100],"captures":[101],"Android.":[103],"In":[104,182],"this":[105],"article,":[106],"we":[107,185,218],"propose":[108],"general":[110],"mechanism":[111],"for":[112,142,168],"apps":[113,167],"themselves":[116],"any":[118],"unwanted":[119],"implicit":[120],"interference":[123],"other":[125,165],"concurrently":[126],"running":[127,166],"apps.":[128],"Our":[129],"AppVeto":[130,200,221],"solution":[131],"enables":[132],"developer":[135],"easily":[137],"configure":[138],"requirements":[141],"safe":[144],"environment;":[145],"foreground":[147],"request":[150],"disallow":[154],"access\u2014i.e.,":[155],"enable":[157,186],"veto":[158],"powers\u2014to":[159],"selected":[160],"side-channel-prone":[161],"all":[164],"certain":[170],"(short)":[171],"duration,":[172],"e.g.,":[173],"no":[174],"during":[179],"password":[180],"input.":[181],"sense,":[184],"finer-grained":[188],"control":[190],"policy":[191],"than":[192],"current":[194],"runtime":[195],"permission":[196],"model.":[197],"We":[198],"implement":[199],"Android":[202,215,235],"using":[203],"Xposed":[205],"framework":[206],"Procedure":[208],"Linkage":[209],"Table":[210],"hooking":[211],"techniques,":[212],"without":[213],"changing":[214],"APIs.":[216,239],"Furthermore,":[217],"show":[219],"that":[220],"imposes":[222],"negligible":[223],"overhead,":[224],"while":[225],"being":[226],"effective":[227],"against":[228],"several":[229],"well-known":[230],"side-channel":[231],"attacks\u2014implemented":[232],"via":[233],"both":[234],"Java":[236],"and/or":[237],"Native":[238]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}