ABSTRACT
Many Android vulnerabilities share a root cause of malicious unauthorized applications executing without user's consent. In this paper, we propose the use of a technique called process authentication for Android applications to overcome the shortcomings of current Android security practices. We demonstrate the process authentication model for Android by designing and implementing our runtime authentication and detection system referred to as DroidBarrier. Our malware analysis shows that DroidBarrier is capable of detecting real Android malware at the time of creating independent processes. A
- H. Almohri, D. Yao, and D. Kafura. Process authentication for high system assurance. IEEE Transactions on Dependable and Secure Computing, PP(99), 2013. Google ScholarDigital Library
- H. M. Almohri, D. Yao, and D. Kafura. Identifying native applications with high assurance. In Proceedings of the second ACM conference on Data and Application Security and Privacy, pages 275--282, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- K. Barr, P. Bungale, S. Deasy, V. Gyuris, P. Hung, C. Newell, H. Tuch, and B. Zoppis. The VMware mobile virtualization platform: is that a hypervisor in your pocket? ACM SIGOPS Operating Systems Review, 44(4):124--135, Dec. 2010. Google ScholarDigital Library
- S. Bugiel, L. Davi, A. Dmitrienko, S. Heuser, A.-R. Sadeghi, and B. Shastry. Practical and lightweight domain isolation on Android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM'11, pages 51--62, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- S. Bugiel, S. Heuser, and A.-R. Sadeghi. Flexible and fine-grained mandatory access control on android for diverse security and privacy policies. In 22nd USENIX Security Symposium (USENIX Security '13). USENIX, Aug. 2013. Google ScholarDigital Library
- E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in Android. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys '11, pages 239--252, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- C. Dall, J. Andrus, A. Van't Hof, O. Laadan, and J. Nieh. The design, implementation, and evaluation of cells: A virtual smartphone architecture. ACM Trans. Comput. Syst., 30(3):9:1--9:31, Aug. 2012. Google ScholarDigital Library
- M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach. Quire: lightweight provenance for smart phone operating systems. In Proceedings of the 20th USENIX Conference on Security, SEC'11, pages 23--23, Berkeley, CA, USA, 2011. USENIX Association. Google ScholarDigital Library
- K. O. Elish, D. Yao, and B. G. Ryder. User-centric dependence analysis for identifying malicious mobile apps. In Proceedings of the Workshop on Mobile Security Technologies (MoST), May 2012. In conjunction with the IEEE Symposium on Security and Privacy.Google Scholar
- W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI'10, pages 1--6, Berkeley, CA, USA, 2010. USENIX Association. Google ScholarDigital Library
- W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS '09, pages 235--245, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- W. Enck, M. Ongtang, and P. McDaniel. Understanding Android Security. IEEE Security and Privacy, 7(1):50--57, Jan. 2009. Google ScholarDigital Library
- A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '11, pages 3--14, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang. RiskRanker: scalable and accurate zero-day Android malware detection. In Proceedings of the 10th international conference on Mobile systems, applications, and services, MobiSys '12, pages 281--294, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- K. Gudeth, M. Pirretti, K. Hoeper, and R. Buskey. Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM '11, pages 33--38, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- R. Hund, T. Holz, and F. C. Freiling. Return-oriented rootkits: bypassing kernel code integrity protection mechanisms. In Proceedings of the 18th conference on USENIX security symposium, SSYM'09, pages 383--398, Berkeley, CA, USA, 2009. USENIX Association. Google ScholarDigital Library
- T. Jaeger, R. Sailer, and U. Shankar. PRIMA: policy-reduced integrity measurement architecture. In Proceedings of the 11th ACM symposium on Access control models and technologies, SACMAT '06, pages 19--28, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- T. Luo, H. Hao, W. Du, Y. Wang, and H. Yin. Attacks on webview in the Android system. In Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC '11, pages 343--352, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- Y. Park, C. Lee, C. Lee, J. Lim, S. Han, M. Park, and S.-J. Cho. RGBDroid: a novel response-based approach to Android privilege escalation attacks. In Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats, LEET'12, pages 9--9, Berkeley, CA, USA, 2012. USENIX Association. Google ScholarDigital Library
- G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid Android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 347--356, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- M. Rajagopalan, M. Hiltunen, T. Jim, and R. Schlichting. Authenticated system calls. In Proceedings of the 2005 International Conference on Dependable Systems and Networks, pages 358--367, June 2005. Google ScholarDigital Library
- R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13, SSYM'04, pages 16--16, Berkeley, CA, USA, 2004. USENIX Association. Google ScholarDigital Library
- A. Shabtai, Y. Fledel, and Y. Elovici. Securing Android-powered mobile devices using SELinux. Security Privacy, IEEE, 8(3):36--44, may-june 2010. Google ScholarDigital Library
- S. Smalley and R. Craig. Security enhanced (se) android: Bringing flexible mac to android. In NDSS, 2013.Google Scholar
- A. Srivastava, A. Lanzi, J. Giffin, and D. Balzarotti. Operating system interface obfuscation and the revealing of hidden operations. In Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment, DIMVA'11, pages 214--233, Berlin, Heidelberg, 2011. Springer-Verlag. Google ScholarDigital Library
- T. Vidas, D. Votipka, and N. Christin. All your droid are belong to us: a survey of current Android attacks. In Proceedings of the 5th USENIX conference on Offensive technologies, WOOT'11, pages 10--10, Berkeley, CA, USA, 2011. USENIX Association. Google ScholarDigital Library
- K. Xu, D. Yao, Q. Ma, and A. Crowell. Detecting infection onset with behavior-based policies. In 5th International Conference on Network and System Security (NSS), pages 57--64, 2011.Google Scholar
- R. Xu, H. Saïdi, and R. Anderson. Aurasium: practical policy enforcement for Android applications. In Proceedings of the 21st USENIX conference on Security symposium, Security'12, pages 27--27, Berkeley, CA, USA, 2012. USENIX Association. Google ScholarDigital Library
- L. K. Yan and H. Yin. DroidScope: seamlessly reconstructing the os and dalvik semantic views for dynamic Android malware analysis. In Proceedings of the 21st USENIX conference on Security symposium, Security'12, pages 29--29, Berkeley, CA, USA, 2012. USENIX Association. Google ScholarDigital Library
- Y. Zhou and X. Jiang. Dissecting Android malware: Characterization and evolution. In 2012 IEEE Symposium on Security and Privacy (SP), pages 95--109, may 2012. Google ScholarDigital Library
Index Terms
- DroidBarrier: know what is executing on your android
Recommendations
ScanMe mobile: a cloud-based Android malware analysis service
As mobile malware have increased in number and sophistication, it has become pertinent for users to have tools that can inform them of potentially malicious applications. To fulfill this need, we develop a cloud-based malware analysis service called ...
DroidOLytics: Robust Feature Signature for Repackaged Android Apps on Official and Third Party Android Markets
ADCONS '13: Proceedings of the 2013 2nd International Conference on Advanced Computing, Networking and SecurityPopularity of Android smart phone has led to exponential increase of sophisticated malware threats prompting the academia research, security researchers and Anti Virus (AV) industry to look for smart detection methods to protect user against malware app ...
Anti-Hijack
According to studies, Android is having the highest market share in smartphone operating systems. The number of Android apps (i.e. applications) are increasing day by day. Consequent threats and attacks on Android are also rising. There are a large ...
Comments