Home > Research > Publications & Outputs > A Stitch in Time

Electronic data

  • A Stitch In Time

    Rights statement: © ACM, 2017. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security http://dx.doi.org/10.1145/3133965.3133977

    Accepted author manuscript, 727 KB, PDF-document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

A Stitch in Time: Supporting Android Developers in Writing Secure Code

Research output: Contribution in Book/Report/ProceedingsConference contribution

Published

Standard

A Stitch in Time : Supporting Android Developers in Writing Secure Code. / Nguyen, Duc Cuong ; Wermke, Dominik; Acar, Yasemin; Backes, Michael; Weir, Charles Alexander Forbes; Fahl, Sascha.

CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York : ACM, 2017. p. 1065-1077.

Research output: Contribution in Book/Report/ProceedingsConference contribution

Harvard

Nguyen, DC, Wermke, D, Acar, Y, Backes, M, Weir, CAF & Fahl, S 2017, A Stitch in Time: Supporting Android Developers in Writing Secure Code. in CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, pp. 1065-1077. DOI: 10.1145/3133956.3133977

APA

Nguyen, D. C., Wermke, D., Acar, Y., Backes, M., Weir, C. A. F., & Fahl, S. (2017). A Stitch in Time: Supporting Android Developers in Writing Secure Code. In CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 1065-1077). New York: ACM. DOI: 10.1145/3133956.3133977

Vancouver

Nguyen DC, Wermke D, Acar Y, Backes M, Weir CAF, Fahl S. A Stitch in Time: Supporting Android Developers in Writing Secure Code. In CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM. 2017. p. 1065-1077. Available from, DOI: 10.1145/3133956.3133977

Author

Nguyen, Duc Cuong ; Wermke, Dominik ; Acar, Yasemin ; Backes, Michael ; Weir, Charles Alexander Forbes ; Fahl, Sascha. / A Stitch in Time : Supporting Android Developers in Writing Secure Code. CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York : ACM, 2017. pp. 1065-1077

Bibtex

@inproceedings{19185249540249cbb282db3f3bf063bc,
title = "A Stitch in Time: Supporting Android Developers in Writing Secure Code",
abstract = "Despite security advice in the official documentation and an extensive body of security research about vulnerabilities and exploits, many developers still fail to write secure Android applications. Frequently, Android developers fail to adhere to security best practices, leaving applications vulnerable to a multitude of attacks. We point out the advantage of a low-time-cost tool both to teach better secure coding and to improve app security. Using the FixDroid™ IDE plug-in, we show that professional and hobby app developers can work with and learn from an in-environment tool without it impacting their normal work; and by performing studies with both students and professional developers, we identify key UI requirements and demonstrate that code delivered with such a tool by developers previously inexperienced in security contains significantly less security problems. Perfecting and adding such tools to the Android development environment is an essential step in getting both security and privacy for the next generation of apps.",
keywords = "Usable Security, Support Developers, Android Security, Cryptographic API",
author = "Nguyen, {Duc Cuong} and Dominik Wermke and Yasemin Acar and Michael Backes and Weir, {Charles Alexander Forbes} and Sascha Fahl",
note = "{\circledC} ACM, 2017. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security http://dx.doi.org/10.1145/3133965.3133977",
year = "2017",
month = "10",
day = "30",
doi = "10.1145/3133956.3133977",
language = "English",
pages = "1065--1077",
booktitle = "CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security",
publisher = "ACM",

}

RIS

TY - GEN

T1 - A Stitch in Time

T2 - Supporting Android Developers in Writing Secure Code

AU - Nguyen,Duc Cuong

AU - Wermke,Dominik

AU - Acar,Yasemin

AU - Backes,Michael

AU - Weir,Charles Alexander Forbes

AU - Fahl,Sascha

N1 - © ACM, 2017. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security http://dx.doi.org/10.1145/3133965.3133977

PY - 2017/10/30

Y1 - 2017/10/30

N2 - Despite security advice in the official documentation and an extensive body of security research about vulnerabilities and exploits, many developers still fail to write secure Android applications. Frequently, Android developers fail to adhere to security best practices, leaving applications vulnerable to a multitude of attacks. We point out the advantage of a low-time-cost tool both to teach better secure coding and to improve app security. Using the FixDroid™ IDE plug-in, we show that professional and hobby app developers can work with and learn from an in-environment tool without it impacting their normal work; and by performing studies with both students and professional developers, we identify key UI requirements and demonstrate that code delivered with such a tool by developers previously inexperienced in security contains significantly less security problems. Perfecting and adding such tools to the Android development environment is an essential step in getting both security and privacy for the next generation of apps.

AB - Despite security advice in the official documentation and an extensive body of security research about vulnerabilities and exploits, many developers still fail to write secure Android applications. Frequently, Android developers fail to adhere to security best practices, leaving applications vulnerable to a multitude of attacks. We point out the advantage of a low-time-cost tool both to teach better secure coding and to improve app security. Using the FixDroid™ IDE plug-in, we show that professional and hobby app developers can work with and learn from an in-environment tool without it impacting their normal work; and by performing studies with both students and professional developers, we identify key UI requirements and demonstrate that code delivered with such a tool by developers previously inexperienced in security contains significantly less security problems. Perfecting and adding such tools to the Android development environment is an essential step in getting both security and privacy for the next generation of apps.

KW - Usable Security

KW - Support Developers

KW - Android Security

KW - Cryptographic API

U2 - 10.1145/3133956.3133977

DO - 10.1145/3133956.3133977

M3 - Conference contribution

SP - 1065

EP - 1077

BT - CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

PB - ACM

CY - New York

ER -