AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
We have evaluated Aurasium on a collection of Android applications to ensure that the application repackaging succeeds and that our added code does not impede the original functionality of the application

Aurasium: practical policy enforcement for Android applications

USENIX Security Symposium, pp.27-27, (2012)

Cited by: 582|Views184
EI
Full Text
Bibtex
Weibo

Abstract

The increasing popularity of Google's mobile platform Android makes it the prime target of the latest surge in mobile malware. Most research on enhancing the platform's security and privacy controls requires extensive modification to the operating system, which has significant usability issues and hinders efforts for widespread adoption. ...More

Code:

Data:

0
Introduction
  • Google’s Android OS is undoubtedly the fastest growing mobile operating system in the world.
  • For the period ending in August, Nielsen found that Android has risen to 43 percent.
  • More important, among those who bought their phones in June, July, or August, Google had a formidable 56 percent market share.
  • Among those who bought their phones in June, July, or August, Google had a formidable 56 percent market share
  • This unprecedented growth in popularity, together with the openness of its application ecosystem, has attracted malicious entities to aggressively target Android.
  • Attacks on Android by malware writers have jumped by 76 percent over the past three months according to a report by
Highlights
  • Google’s Android OS is undoubtedly the fastest growing mobile operating system in the world
  • We evaluated Aurasium against a large number of real-world Android applications and achieved over 99 percent success rate
  • We have evaluated Aurasium on a collection of Android applications to ensure that the application repackaging succeeds and that our added code does not impede the original functionality of the application
  • Aurasium consists of scripts that implement the repackaging process described in Figure 2
  • We scripted to load the application onto the Nexus S phone, start the application automatically, and capture the logs generated by Aurasium
  • We have presented Aurasium, a robust and effective technology that protects users of the widely used Android OS from malicious and untrusted applications
Results
  • The authors have evaluated Aurasium on a collection of Android applications to ensure that the application repackaging succeeds and that the added code does not impede the original functionality of the application.
  • The authors have conducted a broad evaluation that includes a large number of benign applications as well as malware collection.
  • The authors' evaluation was conducted on a Samsung Nexus S phone running Android 2.3.6 “Gingerbread”.
  • Aurasium consists of scripts that implement the repackaging process described in Figure 2.
  • It transforms each.
  • The authors scripted to load the application onto the Nexus S phone, start the application automatically, and capture the logs generated by Aurasium.
  • Android Monkey [8] is used to randomly exercise the user interface (UI) of the application
Conclusion
  • Conclusion and Future

    Work

    The authors have presented Aurasium, a robust and effective technology that protects users of the widely used Android OS from malicious and untrusted applications.
  • By using the Aurasium security manager (ASM), the authors are able to apply policies at the individual application level but across multiple applications simultaneously.
  • This allows them to effectively orchestrate the execution of various applications on the device and mediate their access to critical resources and user’s private data.
  • With its overall low overhead and high repackaging success rate, it is possible to imagine Aurasium implementing an effective isolation and separation at the application layer without the need of complex virtualization technology
Tables
  • Table1: Repackaging Evaluation Results
  • Table2: Performance on Benchmark Applications
  • Table3: Performance on Synthesized Application
  • Table4: Permission Requested and Permissions Used Due to the random fuzzing nature of our evaluation, the accessed permission is most likely to be an underestimate. We also observed that 226 applications included native code libraries in their application bundle
Download tables as Excel
Related work
  • With the growing popularity of Android and the growing malware threat it is facing, many approaches to securing Android have been proposed recently. Many of the traditional security approaches adopted in desktops have been migrated to mobile phones in general and Android in particular. Probably the most standard approach is to use signature-based malware detection, which is in its infancy when it comes to mobile platforms. This approach is ineffective against zero-day attacks, and there is little reason to believe that it will be more successful in the mobile setting. Program analysis and behavioral analysis have been more successfully applied in the context of Android.

    Monitoring The bulk of research related to securing Android has been focused on security policy extension and enforcement for Android starting with [21]. TaintDroid [19] taints private data to detect leakage of users’ private information modifying both Binder and the Dalvik VM, but extends only partially to native code. Quire [17] uses provenance to track permissions across application boundaries through the IPC call chain to prevent permission escalation of privilege attacks. Crepe [15] allows access to system services requested through install-time permission only in a certain context at runtime. Similarly, Apex [33] uses user-defined runtime constraints to regulate applications’ access to system services. AppFence [27] blocks application access to data from imperious applications that demand information that is unnecessary to perform their advertised functionality, and covertly substitute shadow data in place. Airmid [32] uses cooperation between in-network sensors and smart devices to identify the provenance of malicious traffic.
Funding
  • This material is based on work supported by the Army Research Office under Cyber-TA Grant No W911NF06-1-0316 and by the National Science Foundation Grant No CNS-0716612
Reference
  • Android apktool: A tool for reengineering Android apk files. code.google.com/p/android-apktool/.
    Google ScholarFindings
  • Android.OS/Fakeplayer. www.f-secure.com/vdescs/trojan\_androidos\_fakeplayer\_a.shtml.
    Findings
  • Android.OS/NickiSpy. www.maikmorgenstern.de/
    Findings
  • Bothunter community http://www.bothunter.net. www.angryredplanet.com/~hackbod/
    Findings
  • [8] UI/Application exerciser Monkey. developer.android.com/ guide/developing/tools/monkey.html.
    Google ScholarFindings
  • [9] In U.S. market, new smartphone buyers increasingly embracing Android. blog.nielsen.com/nielsenwire/online_ mobile/, sep 2011.
    Google ScholarLocate open access versionFindings
  • [10] ANDROID OPEN SOURCE PROJECT. Platform versions. developer.android.com/resources/dashboard/ platform-versions.html.
    Google ScholarFindings
  • [11] ANDRUS, J., DALL, C., HOF, A. V., LAADAN, O., AND NIEH, J. Cells: a virtual mobile smartphone architecture. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (New York, NY, USA, 2011), SOSP ’11, ACM, pp. 173–187.
    Google ScholarLocate open access versionFindings
  • [12] BLA SING, T., SCHMIDT, A.-D., BATYUK, L., CAMTEPE, S. A., AND ALBAYRAK, S. An Android application sandbox system for suspicious software detection. In 5th International Conference on Malicious and Unwanted Software (MALWARE’2010) (Nancy, France, France, 2010).
    Google ScholarLocate open access versionFindings
  • [13] BURGUERA, I., ZURUTUZA, U., AND NADJM-TEHRANI, S. Crowdroid: behavior-based malware detection system for Android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile devices (New York, NY, USA, 2011), SPSM ’11, ACM, pp. 15–26.
    Google ScholarLocate open access versionFindings
  • [14] CHIN, E., FELT, A. P., GREENWOOD, K., AND WAGNER, D. Analyzing inter-application communication in Android. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services (New York, NY, USA, 2011), MobiSys ’11, ACM, pp. 239–252.
    Google ScholarLocate open access versionFindings
  • [15] CONTI, M., NGUYEN, V. T. N., AND CRISPO, B. Crepe: context-related policy enforcement for Android. In Proceedings of the 13th International Conference on Information Security (Berlin, Heidelberg, 2011), ISC’10, Springer-Verlag, pp. 331– 345.
    Google ScholarLocate open access versionFindings
  • [16] DEGUSTA, M. Android orphans: Visualizing a sad history of support. theunderstatement.com/post/11982112928/ android-orphans-visualizing-a-sad-history-ofsupport.
    Google ScholarFindings
  • [17] DIETZ, M., SHEKHAR, S., PISETSKY, Y., SHU, A., AND WALLACH, D. S. Quire: lightweight provenance for smart phone operating systems. In Proceedings of the 20th USENIX Conference on Security (Berkeley, CA, USA, 2011), SEC’11, USENIX Association, pp. 23–23.
    Google ScholarLocate open access versionFindings
  • [18] ENCK, W. Defending users against smartphone apps: Techniques and future directions. In Proceedings of the 7th International Conference on Information Systems Security (Kolkata, India, dec 2011), ICISS.
    Google ScholarLocate open access versionFindings
  • [19] ENCK, W., GILBERT, P., CHUN, B.-G., COX, L. P., JUNG, J., MCDANIEL, P., AND SHETH, A. N. TaintDroid: an informationflow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (Berkeley, CA, USA, 2010), OSDI’10, USENIX Association, pp. 1–6.
    Google ScholarLocate open access versionFindings
  • [20] ENCK, W., OCTEAU, D., MCDANIEL, P., AND CHAUDHURI, S. A study of Android application security. In Proceedings of the 20th USENIX conference on Security (Berkeley, CA, USA, 2011), SEC’11, USENIX Association, pp. 21–21.
    Google ScholarLocate open access versionFindings
  • [21] ENCK, W., ONGTANG, M., AND MCDANIEL, P. On lightweight mobile phone application certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security (New York, NY, USA, 2009), CCS ’09, ACM, pp. 235–245.
    Google ScholarLocate open access versionFindings
  • [22] ENCK, W., ONGTANG, M., AND MCDANIEL, P. Understanding Android security. IEEE Security and Privacy 7 (January 2009), 50–57.
    Google ScholarLocate open access versionFindings
  • [23] FELT, A. P., CHIN, E., HANNA, S., SONG, D., AND WAGNER, D. Android permissions demystified. In Proceedings of the 18th ACM Conference on Computer and Communications Security (New York, NY, USA, 2011), CCS ’11, ACM, pp. 627–638.
    Google ScholarLocate open access versionFindings
  • [24] FELT, A. P., FINIFTER, M., CHIN, E., HANNA, S., AND WAGNER, D. A survey of mobile malware in the wild. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (Oct. 2011), SPSM ’11, ACM, pp. 3– 14.
    Google ScholarLocate open access versionFindings
  • [25] GARFINKEL, T., PFAFF, B., AND ROSENBLUM, M. Ostia: A delegating architecture for secure system call interposition. In Proceedings of the Network and Distributed Systems Security Symposium (February 2004).
    Google ScholarLocate open access versionFindings
  • [26] GUDETH, K., PIRRETTI, M., HOEPER, K., AND BUSKEY, R. Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile devices (New York, NY, USA, 2011), SPSM ’11, ACM, pp. 33–38.
    Google ScholarLocate open access versionFindings
  • [27] HORNYACK, P., HAN, S., JUNG, J., SCHECHTER, S., AND WETHERALL, D. These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In Proceedings of the 18th ACM Conference on Computer and Communications Security (New York, NY, USA, 2011), CCS ’11, ACM, pp. 639–652.
    Google ScholarLocate open access versionFindings
  • [28] KIRIANSKY, V., BRUENING, D., AND AMARASINGHE, S. P. Secure execution via program shepherding. In Proceedings of the 11th USENIX Security Symposium (Berkeley, CA, USA, 2002), USENIX Association, pp. 191–206.
    Google ScholarLocate open access versionFindings
  • [29] LABS, M. McAfee threats report: Second quarter www.mcafee.com/us/resources/reports/rpquarterly-threat-q2-2011.pdf, aug 2011.
    Findings
  • [30] LANGE, M., LIEBERGELD, S., LACKORZYNSKI, A., WARG, A., AND PETER, M. L4Android: a generic operating system framework for secure smartphones. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile devices (New York, NY, USA, 2011), SPSM ’11, ACM, pp. 39–50.
    Google ScholarLocate open access versionFindings
  • [31] MOSER, A., KRUEGEL, C., AND KIRDA, E. Exploring multiple execution paths for malware analysis. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (Washington, DC, USA, 2007), SP ’07, IEEE Computer Society, pp. 231–245.
    Google ScholarLocate open access versionFindings
  • [32] NADJI, Y., GIFFIN, J., AND TRAYNOR, P. Automated remote repair for mobile malware. In Proceedings of the 2011 Annual Computer Security Applications Conference (Washington, DC, USA, 2011), ACSAC ’10, ACM.
    Google ScholarLocate open access versionFindings
  • [33] NAUMAN, M., KHAN, S., AND ZHANG, X. Apex: extending Android permission model and enforcement with user-defined runtime constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (New York, NY, USA, 2010), ASIACCS ’10, ACM, pp. 328–332.
    Google ScholarLocate open access versionFindings
  • [34] SCOTT, K., KUMAR, N., VELUSAMY, S., CHILDERS, B., DAVIDSON, J. W., AND SOFFA, M. L. Retargetable and reconfigurable software dynamic translation. In Proceedings of the international symposium on Code Generation and Optimization: feedback-directed and runtime optimization (Washington, DC, USA, 2003), CGO ’03, IEEE Computer Society, pp. 36–47.
    Google ScholarLocate open access versionFindings
  • [35] SVEN, B., LUCAS, D., ALEXANDRA, D., STEPHAN, H., AHMAD-REZA, S., AND BHARGAVA, S. Practical and lightweight domain isolation on Android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile devices (New York, NY, USA, 2011), SPSM ’11, ACM, pp. 51–62.
    Google ScholarLocate open access versionFindings
  • [36] THE HONEYNET PROJECT. Android reverse engineering virtual machine. www.honeynet.org/node/783.
    Findings
  • [37] VIDAS, T., VOTIPKA, D., AND CHRISTIN, N. All your droid are belong to us: a survey of current Android attacks. In Proceedings of the 5th USENIX Workshop On Offensive Technologies (Berkeley, CA, USA, 2011), WOOT’11, USENIX Association, pp. 10– 10.
    Google ScholarLocate open access versionFindings
  • [38] WATSON, R. N. M. Exploiting concurrency vulnerabilities in system call wrappers. In Proceedings of the first USENIX Workshop On Offensive Technologies (Berkeley, CA, USA, 2007), USENIX Association, pp. 2:1–2:8.
    Google ScholarLocate open access versionFindings
  • [39] YAJIN, Z., AND XUXIAN, J. Dissecting android malware: Characterization and evolution. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (may 2012).
    Google ScholarLocate open access versionFindings
  • [40] YEE, B., SEHR, D., DARDYK, G., CHEN, J. B., MUTH, R., ORMANDY, T., OKASAKA, S., NARULA, N., AND FULLAGAR, N. Native client: a sandbox for portable, untrusted x86 native code. Commun. ACM 53 (January 2010), 91–99.
    Google ScholarLocate open access versionFindings
  • [41] YOU, I., AND YIM, K. Malware obfuscation techniques: A brief survey. In Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (Washington, DC, USA, 2010), BWCCA ’10, IEEE Computer Society, pp. 297–300.
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科