International Journal of Computer Science and Artificial Intelligence
An Open Access Journal
ISSN:2226-4450(Print)       ISSN:2226-4469(Online)
CODEN: IJCSPS                
Editor-in-Chief: Prof.Bing-Fei Wu(Taiwan)
Android Application Visual Safety Analysis Based On Component Relations
Full Paper(PDF, 391KB)
Abstract:
This study attempts to reduce the hidden danger of Android application installation. Regular methods for detecting malicious software need a great amount of sample data to implement the feature extraction and behavior matching, which makes the detection difficult and complex. We propose an automatic modeling method based on the analysis of the source code to describe the behavior of the application with its components. An attack graph was then drawn to visualize the application framework and elements related safety, with which the users could have a deeper acknowledgment about the hidden danger instead of the fuzzy recognition of the traditional show of permission applied before the installation of the application. The automatic modeling method allows the user to protect their private data with little difficulty, and less complexity than traditional software analysis methods.
Keywords:Android Safety; Component; Attack Graph; Static Analysis; Visualization
Author: Hao Chen1, Li Pan1
1.National Engineering Laboratory for Information Content Analysis Technology, Department of Electronic Engineering, Shanghai Jiao Tong University, China
References:
  1. Deokar P T and Nagmode M S, “Cloud Server Based Home Automation System Using Android Phone,” International Journal of innovative Research in science & Engineering, 8 pages.
  2. Grace M C, Zhou Y, Wang Z, et al., “Systematic Detection of Capability Leaks in Stock Android Smartphones,” NDSS, 15 pages, 2012.
  3. Bugiel S, Davi L, Dmitrienko A, et al., “Towards Taming Privilege-Escalation Attacks on Android,” NDSS, 18 pages, 2012.
  4. Geneiatakis D, Fovino I N, Kounelis I, et al., “A Permission verification approach for android mobile applications,” Computers & Security, vol. 49, pp. 192-205, March 2015.
  5. Moonsamy V, Rong J, and Liu S, “Mining permission patterns for contrasting clean and malicious android applications,” Future Generation Computer Systems, vol. 36, pp. 122-132, July 2014.
  6. Choi J, Sung W, Choi C, et al., “Personal information leakage detection method using the inference-based access control model on the Android platform,” Pervasive and Mobile Computing, vol. 24, pp. 138-149, December 2015.
  7. Zhongyang Y, Xin Z, Mao B, et al., “DroidAlarm: an all-sided static analysis tool for Android privilege-escalation malware,” Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security. ACM, pp. 353-358, May 2013.
  8. Chin E, Felt A P, Greenwood K, et al., “Analyzing inter-application communication in Android,” Proceedings of the 9th international conference on Mobile systems, applications, and services. ACM, pp. 239-252, June 2011.
  9. Chan P P F, Hui L C K, and Yiu S M, “Droidchecker: analyzing android applications for capability leak,” Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. ACM, pp. 125-136, April 2012.
  10. Enck W, Gilbert P, Chun B G, et al., “TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones,” Communications of the ACM, vol. 57(3), pp. 99-106, June 2014.
  11. Bal G, Rannenberg K, and Hong J I, “Styx: Privacy risk communication for the Android smartphone platform based on apps’ data-access behavior patterns,” Computers & Security, vol. 53, pp. 182-202, September 2015.
  12. Fritz C, Arzt S, Rasthofer S, et al., “Highly precise taint analysis for Android applications,” EC SPRIDE, TU Darmstadt, Tech. Rep, 14 pages, May 2013.
  13. Shin W, Kiyomoto S, Fukushima K, et al., “A formal model to analyze the permission authorization and enforcement in the android framework,” Social Computing (SocialCom), 2010 IEEE Second International Conference on. IEEE, pp. 944-951, August 2010.
  14. Fragkaki E, Bauer L, Jia L, et al., “Modeling and enhancing Android’s permission system,” Computer Security–ESORICS 2012. Springer Berlin Heidelberg, vol. 7459, pp. 1-18, 2012.
  15. http://developer.android.com/guide/topics/manifest/action-element.html.
  16. http://developer.android.com/guide/topics/manifest/permission-element.html.
  17. http://developer.android.com/guide/components/intents-filters.html.