Transactions on Software Engineering

The IEEE Transactions on Software Engineering (TSE) is an archival journal published bimonthly. We are interested in well-defined theoretical results and empirical studies that have potential impact on the construction, analysis, or management of software. Read the full scope of TSE.


Expand your horizons with Colloquium, a monthly survey of abstracts from all CS transactions!


From the September 2018 Issue

Enhancing the Description-to-Behavior Fidelity in Android Apps with Privacy Policy

By Le Yu, Xiapu Luo, Chenxiong Qian, Shuai Wang, and Hareton K.N. Leung

Featured article thumbnail image Since more than 96 percent of mobile malware targets the Android platform, various techniques based on static code analysis or dynamic behavior analysis have been proposed to detect malicious apps. As malware is becoming more complicated and stealthy, recent research proposed a promising detection approach that looks for the inconsistency between an app's permissions and its description. In this paper, we first revisit this approach and reveal that using description and permission will lead to many false positives because descriptions often fail to declare all sensitive operations. Then, we propose exploiting an app's privacy policy and its bytecode to enhance the malware detection based on description and permissions. It is non-trivial to automatically analyze privacy policy and perform the cross-verification among these four kinds of software artifacts including, privacy policy, bytecode, description, and permissions. To address these challenging issues, we first propose a novel data flow model for analyzing privacy policy, and then develop a new system, named TAPVerifier, for carrying out investigation of individual software artifacts and conducting the cross-verification. The experimental results show that TAPVerifier can analyze privacy policy with a high accuracy and recall rate. More importantly, integrating privacy policy and bytecode level information can remove up to 59.4 percent false alerts of the state-of-the-art systems, such as AutoCog, CHABADA, etc.

download PDF View the PDF of this article      csdl View this issue in the digital library      TSE Facebook Link  TSE on Facebook


Editorials and Announcements

Announcements

  • We are pleased to announce that Nenad Medvidović, a Professor in the Computer Science Department and in the Informatics Program at the University of Southern California, has been selected as the new Editor-in-Chief of the IEEE Transactions on Software Engineering starting in 2018.
  • TSE now offers authors access to Code Ocean. Code Ocean is a cloud-based executable research platform that allows authors to share their algorithms in an effort to make the world’s scientific code more open and reproducible. Learn more or sign up for free.
  • According to Clarivate Analytics' 2016 Journal Citation Report, TSE has an impact factor of 3.272.

Editorials


Reviewers List


Annual Index


Access All Recently Published TSE Articles

RSS Subscribe to the RSS feed of recently published TSE content

mail icon Sign up for e-mail notifications through IEEE Xplore Content Alerts

preprints icon View TSE preprints in the Computer Society Digital Library