Publication Type : Journal Article
Publisher : International Journal of Control Theory and Applications, International Science Press, Volume 9, Issue 7, p.3085-3093 .
Source : International Journal of Control Theory and Applications, International Science Press, Volume 9, Issue 7, p.3085-3093 (2016)
Url : http://www.serialsjournals.com/serialjournalmanager/pdf/1473225763.pdf
Keywords : Firefox OS;Application security; manifest analysis; Permission system
Campus : Coimbatore
School : School of Engineering
Department : Computer Science
Year : 2016
Abstract : There is an emerging trend to use web browsers as mobile operating systems initiated by big market players such as Mozilla Firefox and Google Chrome. The applications for Firefox OS are basically web applications developed using HTML, CSS, JavaScript and other technologies. Firefox OS uses a Linux kernel and boots into Gecko runtime engine. It provides security features like sandboxed execution for applications, Content Security Policy and permission management system. In this paper, we present a study on the permission management system in Firefox OS through static analysis of its applications. The results of the study on 16 privileged applications downloaded from Firefox OS marketplace shows that about 7% of the permissions accessed by these applications are unauthorised. 13% of the permissions were requested but not used, 14% of the permissions were never requested but the equivalent WebAPI calls were being made in the application source code. Finally 66% of permissions were requested and used. The results reveal that many code reviewed privileged applications hosted on the Firefox marketplace do not conform to the Firefox OS permission policies and could cause potential threats to the system.
Cite this Research Publication : S. P and Jevitha, K. P., “Static analysis of Firefox OS privileged applications to detect permission policy violations”, International Journal of Control Theory and Applications, vol. 9, no. 7, pp. 3085-3093, 2016.