On lightweight mobile phone application certification
作者: William Enck , Machigar Ongtang , Patrick McDaniel
关键词: Mobile phone 、 Malware 、 Computer security 、 Computer science 、 Cloud computing security 、 Mobile malware 、 Security service 、 Application security 、 Android (operating system) 、 Android malware 、 Certification 、 Security analysis 、 Upload
摘要: Users have begun downloading an increasingly large number of mobile phone applications in response to advancements handsets and wireless networks. The increased results a greater chance installing Trojans similar malware. In this paper, we propose the Kirin security service for Android, which performs lightweight certification mitigate malware at install time. uses rules, are templates designed conservatively match undesirable properties configuration bundled with applications. We use variant requirements engineering techniques perform in-depth analysis Android produce set rules that characteristics. sample 311 most popular downloaded from official Market, our found 5 implement dangerous functionality therefore should be installed extreme caution. Upon close inspection, another five asserted rights, but were within scope reasonable functional needs. These indicate provides practical means detecting
acm.org
core.ac.uk
elsevier.com
patrickmcdaniel.org 参考文章(31)
Jonathan D Moffett, Charles B Haley, Bashar Nuseibeh, Core Security Requirements Artefacts ,(2004)
James P. Anderson, Computer Security Technology Planning Study ,(1972)
Sandra Rueda, Trent Jaeger, Dave King, Verifying compliance of trusted programs usenix security symposium. pp. 321- 334 ,(2008)
Eduardo Fernandez, Duane Hybertson, Markus Schumacher, Frank Buschmann, Security Patterns: Integrating Security and Systems Engineering ,(2006)
Wenwu Zhu, Helen J. Wang, Chuanxiong Guo, Smart-Phone Attacks and Defenses ,(2004)
S. Lipner, The trustworthy computing security development lifecycle annual computer security applications conference. pp. 2- 13 ,(2004) , 10.1109/CSAC.2004.41
Michalis Polychronakis, Panayiotis Mavrommatis, Niels Provos, Ghost turns zombie: exploring the life cycle of web-based malware LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. pp. 11- ,(2008)
Lieven Desmet, Wouter Joosen, Fabio Massacci, Pieter Philippaerts, Frank Piessens, Ida Siahaan, Dries Vanoverberghe, Security-by-contract on the .NET platform Information Security Technical Report. ,vol. 13, pp. 25- 32 ,(2008) , 10.1016/J.ISTR.2008.02.001
Jerry Cheng, Starsky H.Y. Wong, Hao Yang, Songwu Lu, SmartSiren Proceedings of the 5th international conference on Mobile systems, applications and services - MobiSys '07. pp. 258- 271 ,(2007) , 10.1145/1247660.1247690
Peter Chen, Marjon Dean, Don Ojoko-Adams, Hassan Osman, Lillian Lopez, System Quality Requirements Engineering (SQUARE) Methodology: Case Study on Asset Management System Defense Technical Information Center. ,(2004) , 10.21236/ADA431068