Advertisement

A collaborative policy-based security scheme to enforce resource access controlling mechanism

  • K. MuthumanickamEmail author
  • P. C. Senthil Mahesh
Article
  • 6 Downloads

Abstract

Advances in both telecommunications and Information technology have improved the way users do business online. Android, an open-source mobile operating system, is becoming an attractive target for cyber criminals to exploit due to its predefined permission model. Without classification, the mobile operating system permits installation of mobile applications of all kinds, including Trojans, thus making its trustworthiness into question. In this paper, we present a security system called collaborative policy-based security scheme (CSS) that permits users to customize the access permissions of Android applications during runtime. The proposed CSS security scheme validates the trustworthiness of each application before being installed. The experimental results show that the proposed CSS successfully detects all malicious applications with a run-time overhead of 2.7%.

Keywords

Android system security Permission pattern Security policy Security profile Resource access restriction 

Notes

References

  1. 1.
    Enck, W., Ongtang, M., & McDaniel, P. (2009) On lightweight mobile phone application certification. In Proceedings of the 16th ACM conference on computer and communications security ACM (pp. 235–245).Google Scholar
  2. 2.
    Jamaluddin, J., Zotou, N., & Coulton, P. (2004) Mobile phone vulnerabilities: A new generation of malware. In Proceedings of the IEEE international symposium on consumer electronics (pp. 199–202).Google Scholar
  3. 3.
    Zhang, Y., Wei, T., Song, D., Xue, H. (2013) Ad vulna: a vulnaggressive (vulnerable & aggressive) adware threatening millions. Threat Res.Google Scholar
  4. 4.
    Enck, W., Ongtang, M., & McDaniel, P. (2009). Understanding android security. IEEE Security & Privacy, 7(1), 50–57.CrossRefGoogle Scholar
  5. 5.
    Enck, W., Ongtang, M., & McDaniel, P. Mitigating android software misuse before it happens, Technical Report (NAS-TR-0094-2008), Network and Security Research center.Google Scholar
  6. 6.
    Crussell, J., Stevens, R., & Chen, H. (2014) MadFraud: investigating Ad Fraud in android applications. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services (pp. 123–134).Google Scholar
  7. 7.
    Chung, B., Jeon, Y., & Kim, J. (2014) User defined privilege restriction mechanism for secure execution environment on android. In Proceedings of the international conference on information and communication technology convergence (ICTC).Google Scholar
  8. 8.
    Zhang, Y., Yang, M., Yang, Z., Gu, G., Niry, P., & Zang, B. (2013) Permission use analysis to vetting undesirable behaviors in android applications. In Proceedings of the ACM SIGSAC conference on Computer & communications security (pp. 611–622).Google Scholar
  9. 9.
    Jain, A., & Prachi (2016) Android security: Permission based attacks. In Proceedimgs of the 3rd international conference on computing for sustainable global development (pp. 2754–2759).Google Scholar
  10. 10.
    Vecchiato, D., Vieira, M., & Martins, E. (2016). The perils of android security configuration. Computer, 49, 15–21.CrossRefGoogle Scholar
  11. 11.
    Sadeghi, A., Bagheri, H., Garcia, J., & Malek, S. (2017). A taxonomy and qualitative comparison of program analysis techniques for security assessment of Android software. IEEE Transactions on Software Engineering, 43(6), 492–530.CrossRefGoogle Scholar
  12. 12.
    Faruki, P., Bharmal, A., & Laxmi, V. (2015). Android security: a survey of issues, malware penetration, and defenses. IEEE Communications Surveys and Tutorials, 17(2), 998–1022.CrossRefGoogle Scholar
  13. 13.
    Wei, T. E., Tyan, H. R., Jeng, A. B., Lee, H. M., Liao, H. Y. M., & Wang, J. C. (2015) DroidExec: Root exploit malware recognition against wide variability via folding redundant functionrelation graph. In Proceedings of 17th international conference on advanced communication technology (ICACT) (pp. 161–169).Google Scholar
  14. 14.
    Zou, S., Zhang, J., & Lin, X. (2015). An effective behavior-based Android malware detection system. Security and Communication Networks, 8(12), 2079–2089.CrossRefGoogle Scholar
  15. 15.
    Zhan, Y., Yang, M., Yang, Z., Guofei, G., Ning, P., & Zang, B. (2014). Permission use analysis for vetting undesirable behaviors in android apps. IEEE Transactions on Information Forensics and Security, 9(11), 1828–1842.CrossRefGoogle Scholar
  16. 16.
    Russello, G., Jimenez, A. B., Naderi, H., & Vander Mark, W. (2013) FireDroid: Hardening security in almost stock android. In Proceedings of the 29th annual computer security applications conference (ACSAC’13) (pp. 319–328).Google Scholar
  17. 17.
    Liu, Y., Zhang, Y., Li, H., & Chen, X. (2016) A hybrid malware detecting scheme for mobile Android applications. In Proceedings of the IEEE international conference on consumer electronics (ICCE) (pp. 155–156).Google Scholar
  18. 18.
    Alatwi, H. A. (2016) Android malware detection using category-based machine learning classifiers. Master’s thesis.Google Scholar
  19. 19.
    Zarni Aung, W. Z. (2013) Permission-based android malware detection. In Proceedings of the international journal of scientific and technology research, (Vol. 2, No. 3, pp. 228–234).Google Scholar
  20. 20.
    Wang, Y., Zhang, J., & Sun, C. (2013) Quantative security risk assessment of android permissions and applications. In Proceedings of the 27th international conference on data and applications security and provacy (pp. 226–241).Google Scholar
  21. 21.
    Talha, K. A., Alpha, D. I., & Aydin, C. (2015). APK auditor: Permission based android malware detection system. Digital Investigation, 13, 1–14.CrossRefGoogle Scholar
  22. 22.
    Liu, B., Nath, S., Govinder, R., & Liu,J. (2014) DECAF: Detecting and characterizing adfraud in mobile application. In Proceedings of the 11th USENIX conference on networked systems design and implementation (NSDI’14) (pp. 57–70).Google Scholar
  23. 23.
    Rahman, M., Rahman, M., Carbunar, B., & Chau, D. H. (2017). Search rank fraud and malware detection in Google Play. IEEE Transactions on Knowledge and Data Engineering, 29(6), 1329–1342.CrossRefGoogle Scholar
  24. 24.
    Narayanan, A., Chandramohan, M., Chen, L., & Liu, Y. (2017). Context-aware, adaptive, and scalable Android malware detection through online learning. IEEE Transactions on Emerging Topics in Computational Intelligence, 1(3), 157–175.CrossRefGoogle Scholar
  25. 25.
    Pietraszek, T., & Tanner, A. (2005). Datamining and machine learning-towards reducing false positives in intrusion detection. Information Security Technical Report, 10(3), 169–183.CrossRefGoogle Scholar
  26. 26.
    Kramer, D., Kocurova, A., Oussena, S., Clark, T., & Komisarczuk, P. (2011) An extensible, self contained, layered approach to context acquisition. In Proceedings of the third international workshop on middleware for pervasive mobile and embedded computing (M-MPAC ‘11), (pp. 61–67).Google Scholar
  27. 27.
    Barr, K., Bungale, P., Deasy, S., Gyuris, V., Hung, P., Newell, C., et al. (2010). The VMware mobile virtualization platform: is that a hypervisor in your pocket. ACM SIGOPS Operating Systems Review, 44(4), 124–135.CrossRefGoogle Scholar
  28. 28.
    Android Open Source Project (ASOP). Available: http://source.android.com/. Accessed on March 2017.
  29. 29.
    Metula.E. (2009) Managed code rootkits: hooking into runtime environments. In: BlackHat USA.Google Scholar
  30. 30.
    Van Wissen, B., Palmer, N., Kemp, R., Kielmann, T., Bal, H., De Boelelaan, A. (2010) ContextDroid: An expression-based context framework for android. In proceedings of Phonesense (pp. 1–5).Google Scholar
  31. 31.
    Divide webpage. Available: http://www.divide.com/. Accessed on July 2017.

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringArunai Engineering CollegeTiruvannamalaiIndia
  2. 2.Department of Computer Science and EngineeringAnnamacharya Institute of Technology and SciencesRajampetIndia

Personalised recommendations