Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications
作者: Leonid Batyuk , Markus Herpich , Seyit Ahmet Camtepe , Karsten Raddatz , Aubrey-Derrick Schmidt
DOI: 10.1109/MALWARE.2011.6112328
关键词:
摘要: In the last decade, smartphones have gained widespread usage. Since advent of online application stores, hundreds thousands applications become instantly available to millions smart-phone users. Within Android ecosystem, security is governed by digital signatures and a list coarse-grained permissions. However, this mechanism not fine-grained enough provide user with sufficient means control applications' activities. Abuse highly sensible private information such as phone numbers without users' notice result. We show that there high frequency privacy leaks even among widely popular applications. Together fact majority users are proficient in computer security, presents challenge engineers developing solutions for platform. Our contribution twofold: first, we propose service which able assess Market via static analysis detailed, but readable reports user. Second, describe mitigate threats automated reverse-engineering refactoring binary packages according preferences.
ieeecomputersociety.org参考文章(9)
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Sahin Albayrak, Seyit Camtepe, Jan Clausen, Aubrey-Derrick Schmidt, Kamer Ail Yuksel, Hans-Gunterh Schmidt, Kiraz Osman, Enhancing security of linux-based android devices School of Electrical Engineering & Computer Science; Information Security Institute; Science & Engineering Faculty. ,(2008)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Thomas Bläsing, Leonid Batyuk, Aubrey-Derrick Schmidt, Seyit Ahmet Camtepe, Sahin Albayrak, An Android Application Sandbox system for suspicious software detection international conference on malicious and unwanted software. pp. 55- 62 ,(2010) , 10.1109/MALWARE.2010.5665792
Aubrey-Derrick Schmidt, Jan Hendrik Clausen, Ahmet Camtepe, Sahin Albayrak, Detecting Symbian OS malware through static function call analysis international conference on malicious and unwanted software. pp. 15- 22 ,(2009) , 10.1109/MALWARE.2009.5403024
Aubrey-Derrick Schmidt, Frank Peters, Florian Lamour, Christian Scheel, Seyit Ahmet Camtepe, Şahin Albayrak, Monitoring smartphones for anomaly detection Mobile Networks and Applications. ,vol. 14, pp. 92- 106 ,(2009) , 10.1007/S11036-008-0113-X
Asaf Shabtai, Yuval Fledel, Yuval Elovici, Securing Android-Powered Mobile Devices Using SELinux ieee symposium on security and privacy. ,vol. 8, pp. 36- 44 ,(2010) , 10.1109/MSP.2009.144
Nicolai Kuntze, Roland Rieke, Gunther Diederich, Richard Sethmann, Karsten Sohr, Tanveer Mustafa, Kai-Oliver Detken, Secure Mobile Business Information Processing embedded and ubiquitous computing. pp. 672- 678 ,(2010) , 10.1109/EUC.2010.107
Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel, Semantically Rich Application-Centric Security in Android annual computer security applications conference. pp. 340- 349 ,(2009) , 10.1109/ACSAC.2009.39