Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Androsia - A Tool for Securing In Memory Sensitive Data

OWASP Foundation via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a novel approach to securing sensitive data in Android applications through this AppSecUSA 2017 conference talk. Learn about Androsia, a tool that uses static program analysis techniques to identify and clear security-critical objects from memory immediately after their last use. Discover how this method provides defense in depth, protecting sensitive information even after a potential app compromise. Delve into the intricacies of data flow analysis, bytecode transformation, and the implementation of flow functions to detect Last Usage Points (LUP) of objects. Gain insights into leveraging the Soot framework for Java bytecode analysis and understand the inter-procedural summary-based analysis approach. Follow along as the speaker demonstrates the practical application of Androsia on Android apps, showcasing its potential to enhance mobile application security.

Syllabus

Intro
Agenda
Main Takeaway
Garbage Collector
destroy API
static secret
background
simple
dalvik to simple
flow droid
dummy main method
design overview
stringbuilder objects
instance fields
demo
static field
method bar
output format
power method
last users point
DEF set
Dataflow equations
Recap
Instance Field Approach
Reset Methods
Github repo

Taught by

OWASP Foundation

Reviews

Start your review of Androsia - A Tool for Securing In Memory Sensitive Data

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.