short-paper

DroidBarrier: know what is executing on your android

Authors:
Hussain M.J. Almohri

Kuwait University, Kuwait City, Kuwait

Kuwait University, Kuwait City, Kuwait
View Profile

,
Danfeng (Daphne) Yao

Virginia Tech, Blacksburg, VA, USA

Virginia Tech, Blacksburg, VA, USA
View Profile

,
Dennis Kafura

Virginia Tech, Blacksburg, VA, USA

Virginia Tech, Blacksburg, VA, USA
View Profile

CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacyMarch 2014Pages 257–264https://doi.org/10.1145/2557547.2557571

Published:03 March 2014Publication History

CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy

Pages 257–264

ABSTRACT

Many Android vulnerabilities share a root cause of malicious unauthorized applications executing without user's consent. In this paper, we propose the use of a technique called process authentication for Android applications to overcome the shortcomings of current Android security practices. We demonstrate the process authentication model for Android by designing and implementing our runtime authentication and detection system referred to as DroidBarrier. Our malware analysis shows that DroidBarrier is capable of detecting real Android malware at the time of creating independent processes. A

References

H. Almohri, D. Yao, and D. Kafura. Process authentication for high system assurance. IEEE Transactions on Dependable and Secure Computing, PP(99), 2013. Google ScholarDigital Library
H. M. Almohri, D. Yao, and D. Kafura. Identifying native applications with high assurance. In Proceedings of the second ACM conference on Data and Application Security and Privacy, pages 275--282, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
K. Barr, P. Bungale, S. Deasy, V. Gyuris, P. Hung, C. Newell, H. Tuch, and B. Zoppis. The VMware mobile virtualization platform: is that a hypervisor in your pocket? ACM SIGOPS Operating Systems Review, 44(4):124--135, Dec. 2010. Google ScholarDigital Library
S. Bugiel, L. Davi, A. Dmitrienko, S. Heuser, A.-R. Sadeghi, and B. Shastry. Practical and lightweight domain isolation on Android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM'11, pages 51--62, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
S. Bugiel, S. Heuser, and A.-R. Sadeghi. Flexible and fine-grained mandatory access control on android for diverse security and privacy policies. In 22nd USENIX Security Symposium (USENIX Security '13). USENIX, Aug. 2013. Google ScholarDigital Library
E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in Android. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys '11, pages 239--252, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
C. Dall, J. Andrus, A. Van't Hof, O. Laadan, and J. Nieh. The design, implementation, and evaluation of cells: A virtual smartphone architecture. ACM Trans. Comput. Syst., 30(3):9:1--9:31, Aug. 2012. Google ScholarDigital Library
M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach. Quire: lightweight provenance for smart phone operating systems. In Proceedings of the 20th USENIX Conference on Security, SEC'11, pages 23--23, Berkeley, CA, USA, 2011. USENIX Association. Google ScholarDigital Library
K. O. Elish, D. Yao, and B. G. Ryder. User-centric dependence analysis for identifying malicious mobile apps. In Proceedings of the Workshop on Mobile Security Technologies (MoST), May 2012. In conjunction with the IEEE Symposium on Security and Privacy.Google Scholar
W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI'10, pages 1--6, Berkeley, CA, USA, 2010. USENIX Association. Google ScholarDigital Library
W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS '09, pages 235--245, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
W. Enck, M. Ongtang, and P. McDaniel. Understanding Android Security. IEEE Security and Privacy, 7(1):50--57, Jan. 2009. Google ScholarDigital Library
A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '11, pages 3--14, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang. RiskRanker: scalable and accurate zero-day Android malware detection. In Proceedings of the 10th international conference on Mobile systems, applications, and services, MobiSys '12, pages 281--294, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
K. Gudeth, M. Pirretti, K. Hoeper, and R. Buskey. Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM '11, pages 33--38, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
R. Hund, T. Holz, and F. C. Freiling. Return-oriented rootkits: bypassing kernel code integrity protection mechanisms. In Proceedings of the 18th conference on USENIX security symposium, SSYM'09, pages 383--398, Berkeley, CA, USA, 2009. USENIX Association. Google ScholarDigital Library
T. Jaeger, R. Sailer, and U. Shankar. PRIMA: policy-reduced integrity measurement architecture. In Proceedings of the 11th ACM symposium on Access control models and technologies, SACMAT '06, pages 19--28, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
T. Luo, H. Hao, W. Du, Y. Wang, and H. Yin. Attacks on webview in the Android system. In Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC '11, pages 343--352, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
Y. Park, C. Lee, C. Lee, J. Lim, S. Han, M. Park, and S.-J. Cho. RGBDroid: a novel response-based approach to Android privilege escalation attacks. In Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats, LEET'12, pages 9--9, Berkeley, CA, USA, 2012. USENIX Association. Google ScholarDigital Library
G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid Android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 347--356, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
M. Rajagopalan, M. Hiltunen, T. Jim, and R. Schlichting. Authenticated system calls. In Proceedings of the 2005 International Conference on Dependable Systems and Networks, pages 358--367, June 2005. Google ScholarDigital Library
R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13, SSYM'04, pages 16--16, Berkeley, CA, USA, 2004. USENIX Association. Google ScholarDigital Library
A. Shabtai, Y. Fledel, and Y. Elovici. Securing Android-powered mobile devices using SELinux. Security Privacy, IEEE, 8(3):36--44, may-june 2010. Google ScholarDigital Library
S. Smalley and R. Craig. Security enhanced (se) android: Bringing flexible mac to android. In NDSS, 2013.Google Scholar
A. Srivastava, A. Lanzi, J. Giffin, and D. Balzarotti. Operating system interface obfuscation and the revealing of hidden operations. In Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment, DIMVA'11, pages 214--233, Berlin, Heidelberg, 2011. Springer-Verlag. Google ScholarDigital Library
T. Vidas, D. Votipka, and N. Christin. All your droid are belong to us: a survey of current Android attacks. In Proceedings of the 5th USENIX conference on Offensive technologies, WOOT'11, pages 10--10, Berkeley, CA, USA, 2011. USENIX Association. Google ScholarDigital Library
K. Xu, D. Yao, Q. Ma, and A. Crowell. Detecting infection onset with behavior-based policies. In 5th International Conference on Network and System Security (NSS), pages 57--64, 2011.Google Scholar
R. Xu, H. Saïdi, and R. Anderson. Aurasium: practical policy enforcement for Android applications. In Proceedings of the 21st USENIX conference on Security symposium, Security'12, pages 27--27, Berkeley, CA, USA, 2012. USENIX Association. Google ScholarDigital Library
L. K. Yan and H. Yin. DroidScope: seamlessly reconstructing the os and dalvik semantic views for dynamic Android malware analysis. In Proceedings of the 21st USENIX conference on Security symposium, Security'12, pages 29--29, Berkeley, CA, USA, 2012. USENIX Association. Google ScholarDigital Library
Y. Zhou and X. Jiang. Dissecting Android malware: Characterization and evolution. In 2012 IEEE Symposium on Security and Privacy (SP), pages 95--109, may 2012. Google ScholarDigital Library

Index Terms

DroidBarrier: know what is executing on your android
1. Security and privacy
  1. Security services
    1. Access control
    2. Authentication
  2. Systems security
    1. Operating systems security

Recommendations

ScanMe mobile: a cloud-based Android malware analysis service

As mobile malware have increased in number and sophistication, it has become pertinent for users to have tools that can inform them of potentially malicious applications. To fulfill this need, we develop a cloud-based malware analysis service called ...
Read More
DroidOLytics: Robust Feature Signature for Repackaged Android Apps on Official and Third Party Android Markets
ADCONS '13: Proceedings of the 2013 2nd International Conference on Advanced Computing, Networking and Security

Popularity of Android smart phone has led to exponential increase of sophisticated malware threats prompting the academia research, security researchers and Anti Virus (AV) industry to look for smart detection methods to protect user against malware app ...
Read More
Anti-Hijack

According to studies, Android is having the highest market share in smartphone operating systems. The number of Android apps (i.e. applications) are increasing day by day. Consequent threats and attacks on Android are also rising. There are a large ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy
March 2014
368 pages
ISBN:9781450322782
DOI:10.1145/2557547
General Chairs:
Elisa Bertino
Purdue University, USA
,
Ravi Sandhu
University of Texas at San Antonio, USA
,
Program Chair:
Jaehong Park
University of Texas at San Antonio, USA
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 March 2014
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
android malware
android system security
authentication
malicious processes
Qualifiers
- short-paper
Conference

Acceptance Rates
CODASPY '14 Paper Acceptance Rate19of119submissions,16%Overall Acceptance Rate149of789submissions,19%
More
Upcoming Conference
CODASPY '24

Sponsor:

sigsac

Fourteenth ACM Conference on Data and Application Security and Privacy

June 19 - 21, 2024

Porto , Portugal
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 13
  Total Citations
  View Citations
- 450
  Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

DroidBarrier: know what is executing on your android

CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy

ABSTRACT

References

Cited By

Index Terms

Recommendations

ScanMe mobile: a cloud-based Android malware analysis service

DroidOLytics: Robust Feature Signature for Repackaged Android Apps on Official and Third Party Android Markets

Anti-Hijack