A collaborative policy-based security scheme to enforce resource access controlling mechanism
- 6 Downloads
Advances in both telecommunications and Information technology have improved the way users do business online. Android, an open-source mobile operating system, is becoming an attractive target for cyber criminals to exploit due to its predefined permission model. Without classification, the mobile operating system permits installation of mobile applications of all kinds, including Trojans, thus making its trustworthiness into question. In this paper, we present a security system called collaborative policy-based security scheme (CSS) that permits users to customize the access permissions of Android applications during runtime. The proposed CSS security scheme validates the trustworthiness of each application before being installed. The experimental results show that the proposed CSS successfully detects all malicious applications with a run-time overhead of 2.7%.
KeywordsAndroid system security Permission pattern Security policy Security profile Resource access restriction
- 1.Enck, W., Ongtang, M., & McDaniel, P. (2009) On lightweight mobile phone application certification. In Proceedings of the 16th ACM conference on computer and communications security ACM (pp. 235–245).Google Scholar
- 2.Jamaluddin, J., Zotou, N., & Coulton, P. (2004) Mobile phone vulnerabilities: A new generation of malware. In Proceedings of the IEEE international symposium on consumer electronics (pp. 199–202).Google Scholar
- 3.Zhang, Y., Wei, T., Song, D., Xue, H. (2013) Ad vulna: a vulnaggressive (vulnerable & aggressive) adware threatening millions. Threat Res.Google Scholar
- 5.Enck, W., Ongtang, M., & McDaniel, P. Mitigating android software misuse before it happens, Technical Report (NAS-TR-0094-2008), Network and Security Research center.Google Scholar
- 6.Crussell, J., Stevens, R., & Chen, H. (2014) MadFraud: investigating Ad Fraud in android applications. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services (pp. 123–134).Google Scholar
- 7.Chung, B., Jeon, Y., & Kim, J. (2014) User defined privilege restriction mechanism for secure execution environment on android. In Proceedings of the international conference on information and communication technology convergence (ICTC).Google Scholar
- 8.Zhang, Y., Yang, M., Yang, Z., Gu, G., Niry, P., & Zang, B. (2013) Permission use analysis to vetting undesirable behaviors in android applications. In Proceedings of the ACM SIGSAC conference on Computer & communications security (pp. 611–622).Google Scholar
- 9.Jain, A., & Prachi (2016) Android security: Permission based attacks. In Proceedimgs of the 3rd international conference on computing for sustainable global development (pp. 2754–2759).Google Scholar
- 13.Wei, T. E., Tyan, H. R., Jeng, A. B., Lee, H. M., Liao, H. Y. M., & Wang, J. C. (2015) DroidExec: Root exploit malware recognition against wide variability via folding redundant functionrelation graph. In Proceedings of 17th international conference on advanced communication technology (ICACT) (pp. 161–169).Google Scholar
- 16.Russello, G., Jimenez, A. B., Naderi, H., & Vander Mark, W. (2013) FireDroid: Hardening security in almost stock android. In Proceedings of the 29th annual computer security applications conference (ACSAC’13) (pp. 319–328).Google Scholar
- 17.Liu, Y., Zhang, Y., Li, H., & Chen, X. (2016) A hybrid malware detecting scheme for mobile Android applications. In Proceedings of the IEEE international conference on consumer electronics (ICCE) (pp. 155–156).Google Scholar
- 18.Alatwi, H. A. (2016) Android malware detection using category-based machine learning classifiers. Master’s thesis.Google Scholar
- 19.Zarni Aung, W. Z. (2013) Permission-based android malware detection. In Proceedings of the international journal of scientific and technology research, (Vol. 2, No. 3, pp. 228–234).Google Scholar
- 20.Wang, Y., Zhang, J., & Sun, C. (2013) Quantative security risk assessment of android permissions and applications. In Proceedings of the 27th international conference on data and applications security and provacy (pp. 226–241).Google Scholar
- 22.Liu, B., Nath, S., Govinder, R., & Liu,J. (2014) DECAF: Detecting and characterizing adfraud in mobile application. In Proceedings of the 11th USENIX conference on networked systems design and implementation (NSDI’14) (pp. 57–70).Google Scholar
- 26.Kramer, D., Kocurova, A., Oussena, S., Clark, T., & Komisarczuk, P. (2011) An extensible, self contained, layered approach to context acquisition. In Proceedings of the third international workshop on middleware for pervasive mobile and embedded computing (M-MPAC ‘11), (pp. 61–67).Google Scholar
- 28.Android Open Source Project (ASOP). Available: http://source.android.com/. Accessed on March 2017.
- 29.Metula.E. (2009) Managed code rootkits: hooking into runtime environments. In: BlackHat USA.Google Scholar
- 30.Van Wissen, B., Palmer, N., Kemp, R., Kielmann, T., Bal, H., De Boelelaan, A. (2010) ContextDroid: An expression-based context framework for android. In proceedings of Phonesense (pp. 1–5).Google Scholar
- 31.Divide webpage. Available: http://www.divide.com/. Accessed on July 2017.