题名

PERMISSION WATCHER TOOL: A SANDBOX TOOL-BASED STATIC AND DYNAMIC ANALYSIS FOR ANDROID APPS

DOI

10.7903/ijecs.1651

作者

Er-rajy Latifa;El Kiram My Ahmed

关键词

Permissions ; Applications ; Security ; Tool

期刊名称

International Journal of Electronic Commerce Studies

卷期/出版年月

9卷2期(2018 / 12 / 01)

页次

209 - 238

内容语文

英文
中文摘要

Android security has become a very important issue with regard to mobile phone development: Android gives great freedom to developers to create and publish their apps for free in the PlayStore. The security mechanism of Android is based on an instrument that gives users the information about permissions that the application requests before installing it. This authorization system provides an overview of the application, and this can help to raise awareness of its risks. However, standard users still do not have enough information to understand clearly these requested authorizations and their implications on their security. In this article, we present a tool called "Permission watcher" that combines dynamic and static analysis. Our proposed tool allows users to install any application with only the necessary permissions instead of accepting all permissions requested or cancel the installation completely.
主题分类 基礎與應用科學 > 資訊科學
社會科學 > 經濟學
社會科學 > 財金及會計學
社會科學 > 管理學
参考文献
  1. A. Developers, UI/Application Exerciser Monkey. Retrieved on June 8, 2016, from http://developer.android.com/%0Atools/help/monkey.html.
  2. Ahrendt, W.,Baar, T.,Beckert, B.,Bubel, R.,Giese, M.,Menzel, W.,Mostowski, W.,Roth, A.,Schlager, S.,Schmitt, P. H.(2005).The KeY tool Integrating object oriented designand formal verification.Software System Model,4(1),32-54.
  3. Amir, M.(2010).Energy-aware location provider for the Android platform.University of Alexandria.
  4. Android4me, AXMLPrinter2.jar[Online].Retrieved on June 10, 2016, fromhttps://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/android4me/AXMLPrinter2.jar.
  5. Andrus, J.,Dall, C.,Van Hof, A.,Laadan, O.,Nieh, J.(2011).Cells: A virtual mobile smartphone architecture categories and subject descriptors.Proceedings of the Twenty-Third ACM Symposium on Operating System Princuples
  6. Appelgate, Mollie Helen(2012).University of California, Los Angeles.
  7. Balanza, M.,Alintanahin, K.,Abendan, O.,Dizon, J.(2011).DroidDreamlight lurks behind legitimateAndroid Apps.2012 6th International Conference on Malicious and Unwanted Software
  8. Barrera, D.(2014).Carleton University.
  9. Barrera, D.,Kayacik, H. G.,Van Oorschot, P. C.,Somayaji, A.(2010).A methodology for empirical analysis of permission-based security models and its application to Android.Proceedings of the 17th ACM Conference on Computers and Communications Security
  10. Barros, P.,Just, R.,Millstein, S.,Vines, P.,Dietl, W.,Amorim, M.,Ernst, M. D.(2015).Static analysis of implicit control flow: Resolving Java reflection and Android intents.2015 30thIEEE/ACM International Conference onAutomated Software Engineering
  11. Bugiel, S.,Davi, L.,Dmitrienko, A.,Fischer, T.,Sadeghi, A.(2011).,Technische Universitat Darmstadt.
  12. Butler, J.(2004).VICE -Catch the hookers!.Black Hat USA,61,17-35.
  13. Chin, E.,Felt, A. P.,Sekar, V.,Wagner, D.(2012).Measuring user confidence in smartphone security and privacy.Proceedings of the Eighth Symposium on Usable Privacy and Security
  14. Desnos, A.,Gueguen, G.(2011).Android: From reversing to decompilation.Proceedings of the Black Hat Abu Dhabi
  15. Dewald, A.,Holz, T.,Freiling, F. C.(2010).ADSandbox.Proceedings of the 2010 ACM Symposium on Applied Computing
  16. Di Pietro, R.,Lombardi, F.,Rossicone, S.(2013).,未出版
  17. Ding, J.,Chang, P.,Hsu, W.,Chung, Y.(2011).PQEMU: A parallel system emulator based onQEMU.2011 IEEE 17th International Conference on Parallel and Distributed Systems
  18. Enck, W.,Gilbert, P.,Han, S.,Tendulkar, V.,Chun, B.-G.,Cox, L. P.,Jung, J.,McDaniel, P.,Sheth, A. N.(2014).TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones.ACM Transactions on Computer Systems (TOCS),32(2),393-407.
  19. Enck, W.,Octeau, D.,Mcdaniel, P.,Chaudhuri, S.(2011).A study of Android application security.Proceedings of the 20th USENIX Conference on Security
  20. Enck, W.,Ongtang, M.,McDaniel, P.(2009).On lightweight mobile phone application certification.Proceedings of the 16th ACM conference on Computer and Communications Security
  21. Fang, Z.,Han, W.,Li, Y.(2014).Permission based Android security: Issues and countermeasures.Computer Security,43,205-218.
  22. Felt, A. P.,Greenwood, K.,Wagner, D.(2011).The effectiveness of application permissions.Proceedings of the 2nd USENIX Conference on Web Application Development
  23. Felt, A. P.,Ha, E.,Egelman, S.,Haney, A.,Chin, E.,Wagner, D.(2012).Android Permissions: User attention , comprehension , and behavior.Proceedings of the Eight Symposium on Usable Privacy and Security
  24. Forman, I. R.,Forman, N.(2004).Java Reflection in Action.Manning Publications.
  25. Fuchs, A. P.,Chaudhuri, A.,Foster, J. S.(2010).,University of Maryland Department of Computer Science.
  26. Google, Android debugger bridge.Retrieved on June 9, 2016, from https://developer.android.com/studio/command-line/adb.
  27. Jaglan, V.,Dalal, S.,Srinivasan, S.(2011).Enhancing security of agent-oriented techniques programs code using jar files.International Journal on Computer Science and Engineering,3(4),1627-1632.
  28. Jones, K.(2001).Loadable kernel modules.Usenix Magazine,26(7),43-49.
  29. Kelley, P. G.,Consolvo, S.,Cranor, L. F.,Jung, J.,Sadeh, N.,Wetherall, D.(2012).A conundrum of permissions: installing applications on an Android smartphone.International Conference on Financial Cryptography and Data Security
  30. Kemp, R.,Palmer, N.,Kielmann, T.,Bal, H.(2012).Cuckoo: A computation offloading framework for smartphones.International Conference on Mobile Computer, Application, and Services
  31. Kohno, T.(2004).Attacking and repairing the WinZip encryption scheme.Proceeding of the 11thACM Conferenceon Computer and Communications Security
  32. Kornblum, J.(2006).Identifying almost identical files using context triggered piecewise hashing.Digital Investigation,3,91-97.
  33. Kurhade, S. R.,Gite, N. D.(2015).Androidanti-malwareanalysis.International Journal of Advanced Research in Computer Engineering & Technology,4(5),2261-2266.
  34. Lange, M.,Liebergeld, S.,Lackorzynski, A.,Warg, A.,Peter, M.(2011).L4Android: a generic operating system framework for secure smartphones.Proceedings of the 1st ACM workshop on Security and privacy in smartphones mobile devices
  35. Liu, B.,Lin, J.,Sadeh, N.(2013).Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help?.Proceedings of the 23rd international conference on World wide web
  36. Martinelli, F.,Mercaldo, F.,Nardone, V.,Santone, A.(2017).Twinkle Twinkle Little DroidDream, How I Wonder What You Are?.2017 IEEE International Workshop on Metrology for Metrology for AeroSpace
  37. Möller, A.,München, T. U.,Michahelles, F.,Diewald, S.,Roalter, L.,Kranz, M.(2012).Update behavior in app markets and security implications: A case study in google play.Proceedings of the 3rd International Workshop on Research in the Large, Held in Conjunction with Mobile HCI
  38. Neuner, S.,Van Der Veen, V.,Lindorfer, M.,Huber, M.,Merzdovnik, G.,Mulazzani, M.,Weippl, E.(2014).Enter Sandbox: Android Sandbox Comparison.Proceedings of the Third Workshop on Mobile Security Technologies (MoST)
  39. N. J. Percoco, and S. Schulte, Adventures in BouncerLand. Retrievedon June 8, 2016, from https://media.blackhat.com/bh-us-12/Briefings/Percoco/BH_US_12_Percoco_Adventures_in_Bouncerland_WP.pdf.
  40. Rastogi, V.,Chen, Y.,Enck, W.(2013).AppsPlayground: Automatic security analysis of smartphone applications.Proceedings of the third ACM Conference on Data and Application Security and Privacy
  41. Report, T.(2009).,未出版
  42. Scientia mobile(2014).,未出版
  43. Tam, K.,Khan, S. J.,Fattoriy, A.,Cavallaro, L.(2013).CopperDroid: automatic reconstruction of Android malware behaviors.Proceeding 2015 Network and Distributed System Security Symposium.2013
  44. Tenenboim-Chekina, L.,Barad, O.,Shabtai, A.,Mimran, D.,Rokach, L.,Shapira, B.,Elovici, Y.(2013).Detecting application update attack on mobile devices through network features.2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS),Turin, Italy:
  45. Vidas, T.,Christin, N.(2014).Evading Android runtime analysis via sandbox detection.Proceedings of the 9thACMSymposium on Information, Computer and Communications Security
  46. Viennot, N.,Garcia, E.,Nieh, J.(2014).A measurement study of google play.Proceedings of the 2014 ACM International conference on Measurement and modeling of computer systems
  47. Willems, C.,Holz, T.,Freiling. F.(2007).Toward automated dynamic malware analysis using CWSandbox.IEEE Security and Privacy Magazine,5(2),32-39.
  48. Xing, L.,Pan, X.,Wang, R.,Yuan, K.,Wang, X.(2014).Upgrading your Android, elevating my malware: privilege escalation through mobile OS updating.Proceedings of 2014 IEEE Symposium on Security and Privacy
  49. Xu, J.,Li, S.,Zhang, T.(2014).Security analysis and protection based on Smaliinjection for Android applications.International Conference on Algorithms and Architectures for Parallel Processing
  50. Xu, R.,Saïdi, H.,Anderson, R.,Saıdi, H.(2012).Aurasium: practical policy enforcement for Android applications.Proceedings of the 21st USENIX Conference on Security Symposium
  51. You, I.,Yim, K.(2010).Malware obfuscation techniques: Abrief survey.Proceedings of the 2010 International Conference on Broadband, Wireless Computer, and Communication and Applications
  52. Zhang, M.,Yin, H.(2014).AppSealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in Android applications.Proceedings 2014 Network and Distributed System Security Symposium
  53. Zhang, P.,Sun, H.,Yan, Z.(2013).Mechanism for security enhancement in mobile application installation.Proceedings of the 2012 2ndInternational Conference on Computer and Information Applications
  54. Zhang, X.,Breitinger, F.,Baggili, I.(2016).Rapid Android parser for investigating DEX files (RAPID).Digital Investigation,17,28-39.
  55. Zhang, Y.,Yang, M.,Xu, B.,Yang, Z.,Gu, G.,Ning, P.,Wang, X. S.,Zang, B.(2013).Vetting undesirable behaviors in android apps with permission use analysis.Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security
  56. Zheng, M.,Sun, M.,Lui, J. C. S.(2013).DroidAnalytics: Asignature based analytic system to collect, extract, analyze and associateAndroid malware.2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
  57. Zhou, W.,Zhou, Y.,Jiang, X.,Ning, P.(2012).Detecting repackaged smartphone applications in third-party android marketplaces.Proceedings of the second ACM Conference on Data and Application Security and Privacy
  58. Zhou, Y.,Jiang, X.(2012).Dissecting Android malware: Characterization and evolution.2012 IEEE Symposium on Security and Privacy
print cancel