A collaborative policy-based security scheme to enforce resource access controlling mechanism

Wireless Networks - Tập 26 - Trang 2537-2547 - 2019
K. Muthumanickam1, P. C. Senthil Mahesh2
1Department of Computer Science and Engineering, Arunai Engineering College, Tiruvannamalai, India
2Department of Computer Science and Engineering, Annamacharya Institute of Technology and Sciences, Rajampet, India

Tóm tắt

Advances in both telecommunications and Information technology have improved the way users do business online. Android, an open-source mobile operating system, is becoming an attractive target for cyber criminals to exploit due to its predefined permission model. Without classification, the mobile operating system permits installation of mobile applications of all kinds, including Trojans, thus making its trustworthiness into question. In this paper, we present a security system called collaborative policy-based security scheme (CSS) that permits users to customize the access permissions of Android applications during runtime. The proposed CSS security scheme validates the trustworthiness of each application before being installed. The experimental results show that the proposed CSS successfully detects all malicious applications with a run-time overhead of 2.7%.

Tài liệu tham khảo

Enck, W., Ongtang, M., & McDaniel, P. (2009) On lightweight mobile phone application certification. In Proceedings of the 16th ACM conference on computer and communications security ACM (pp. 235–245).

Jamaluddin, J., Zotou, N., & Coulton, P. (2004) Mobile phone vulnerabilities: A new generation of malware. In Proceedings of the IEEE international symposium on consumer electronics (pp. 199–202).

Zhang, Y., Wei, T., Song, D., Xue, H. (2013) Ad vulna: a vulnaggressive (vulnerable & aggressive) adware threatening millions. Threat Res.

Enck, W., Ongtang, M., & McDaniel, P. (2009). Understanding android security. IEEE Security & Privacy,7(1), 50–57.

Enck, W., Ongtang, M., & McDaniel, P. Mitigating android software misuse before it happens, Technical Report (NAS-TR-0094-2008), Network and Security Research center.

Crussell, J., Stevens, R., & Chen, H. (2014) MadFraud: investigating Ad Fraud in android applications. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services (pp. 123–134).

Chung, B., Jeon, Y., & Kim, J. (2014) User defined privilege restriction mechanism for secure execution environment on android. In Proceedings of the international conference on information and communication technology convergence (ICTC).

Zhang, Y., Yang, M., Yang, Z., Gu, G., Niry, P., & Zang, B. (2013) Permission use analysis to vetting undesirable behaviors in android applications. In Proceedings of the ACM SIGSAC conference on Computer & communications security (pp. 611–622).

Jain, A., & Prachi (2016) Android security: Permission based attacks. In Proceedimgs of the 3rd international conference on computing for sustainable global development (pp. 2754–2759).

Vecchiato, D., Vieira, M., & Martins, E. (2016). The perils of android security configuration. Computer,49, 15–21.

Sadeghi, A., Bagheri, H., Garcia, J., & Malek, S. (2017). A taxonomy and qualitative comparison of program analysis techniques for security assessment of Android software. IEEE Transactions on Software Engineering,43(6), 492–530.

Faruki, P., Bharmal, A., & Laxmi, V. (2015). Android security: a survey of issues, malware penetration, and defenses. IEEE Communications Surveys and Tutorials,17(2), 998–1022.

Wei, T. E., Tyan, H. R., Jeng, A. B., Lee, H. M., Liao, H. Y. M., & Wang, J. C. (2015) DroidExec: Root exploit malware recognition against wide variability via folding redundant functionrelation graph. In Proceedings of 17th international conference on advanced communication technology (ICACT) (pp. 161–169).

Zou, S., Zhang, J., & Lin, X. (2015). An effective behavior-based Android malware detection system. Security and Communication Networks,8(12), 2079–2089.

Zhan, Y., Yang, M., Yang, Z., Guofei, G., Ning, P., & Zang, B. (2014). Permission use analysis for vetting undesirable behaviors in android apps. IEEE Transactions on Information Forensics and Security,9(11), 1828–1842.

Russello, G., Jimenez, A. B., Naderi, H., & Vander Mark, W. (2013) FireDroid: Hardening security in almost stock android. In Proceedings of the 29th annual computer security applications conference (ACSAC’13) (pp. 319–328).

Liu, Y., Zhang, Y., Li, H., & Chen, X. (2016) A hybrid malware detecting scheme for mobile Android applications. In Proceedings of the IEEE international conference on consumer electronics (ICCE) (pp. 155–156).

Alatwi, H. A. (2016) Android malware detection using category-based machine learning classifiers. Master’s thesis.

Zarni Aung, W. Z. (2013) Permission-based android malware detection. In Proceedings of the international journal of scientific and technology research, (Vol. 2, No. 3, pp. 228–234).

Wang, Y., Zhang, J., & Sun, C. (2013) Quantative security risk assessment of android permissions and applications. In Proceedings of the 27th international conference on data and applications security and provacy (pp. 226–241).

Talha, K. A., Alpha, D. I., & Aydin, C. (2015). APK auditor: Permission based android malware detection system. Digital Investigation,13, 1–14.

Liu, B., Nath, S., Govinder, R., & Liu,J. (2014) DECAF: Detecting and characterizing adfraud in mobile application. In Proceedings of the 11th USENIX conference on networked systems design and implementation (NSDI’14) (pp. 57–70).

Rahman, M., Rahman, M., Carbunar, B., & Chau, D. H. (2017). Search rank fraud and malware detection in Google Play. IEEE Transactions on Knowledge and Data Engineering,29(6), 1329–1342.

Narayanan, A., Chandramohan, M., Chen, L., & Liu, Y. (2017). Context-aware, adaptive, and scalable Android malware detection through online learning. IEEE Transactions on Emerging Topics in Computational Intelligence,1(3), 157–175.

Pietraszek, T., & Tanner, A. (2005). Datamining and machine learning-towards reducing false positives in intrusion detection. Information Security Technical Report,10(3), 169–183.

Kramer, D., Kocurova, A., Oussena, S., Clark, T., & Komisarczuk, P. (2011) An extensible, self contained, layered approach to context acquisition. In Proceedings of the third international workshop on middleware for pervasive mobile and embedded computing (M-MPAC ‘11), (pp. 61–67).

Barr, K., Bungale, P., Deasy, S., Gyuris, V., Hung, P., Newell, C., et al. (2010). The VMware mobile virtualization platform: is that a hypervisor in your pocket. ACM SIGOPS Operating Systems Review,44(4), 124–135.

Android Open Source Project (ASOP). Available: http://source.android.com/. Accessed on March 2017.

Metula.E. (2009) Managed code rootkits: hooking into runtime environments. In: BlackHat USA.

Van Wissen, B., Palmer, N., Kemp, R., Kielmann, T., Bal, H., De Boelelaan, A. (2010) ContextDroid: An expression-based context framework for android. In proceedings of Phonesense (pp. 1–5).

Divide webpage. Available: http://www.divide.com/. Accessed on July 2017.

Thông tin
Thông tin xuất bản

Wireless Networks

Tập 26

2537-2547

Thông tin tác giả