Abstract #99Smartphones have become an emerging platform for both personal and business applications. As the most popular mobile operating system for smartphones, Android offers great flexibility not only for users but also for application developers. However, this flexibility exposes users to additional security threats. This poster describes our ongoing research effort towards Android security issues. We first instantiate two types of possible attacks that can be launched on current Android applications available on the market. To further explore the vulnerabilities, particularly in the finance and health sector, we are developing a tool that leverages data mining techniques to automatically extract and analyze the security information of these applications, in order to detect and report the potential security threats. Moreover, we have analyzed and categorized more than a dozen security solutions proposed by different research groups. This poster provides a concise overview of this survey result. Most tools prevent potentially malicious communication within the Android operating system by repeatedly checking all communication channels and making security decisions based on a predefined security policy. Addressing the limitations of the current approaches, we propose two directions for further research. First is to implement a probabilistic protection mechanism as part of the Android framework that leverages the historical data to make better security decisions while reducing the energy overhead. The second proposed research direction is developing an Eclipse plug-in to prevent attacks by educating developers to write more secure Android applications.
Multilevel Android Exploit Protection
Boston University – Metropolitan College (MET)
Felix Rohrer, Nebiyu Feleke, Kenneth Nimley
Supervised by: Yuting Zhang, Lou Chitkushev, Tanya Zlateva
Android Overview Two Proof of Concept Attacks Current solutions
Application Phishing
Our current research (focus: Finance and Medical sector)
Permission Re-delegation
Educate developers to write secure Code
App Security information
External DBs
Static Code Analysis
...
Application Analysisthrough Data mining
Web interface
Proposed work
● Provide Security on several levels● Create an access control based on roles in order to simplify dealing with permissions● Minimize energy consumption of solution by introducing probabilistic security checks
Malware analysis
Operating System for Mobile Devices
Based on Linux
- Send to premium number- Send to third-party
- Matches user expectation
SMS Trojans and how they operate
Real Fake
Each App runs in its own Virtual Machine (Dalvik), therefore isolated from other Apps.
Inter-application communication provided by Android Framework (very flexible but introduces vulnerabilities)
Resources are labelled with permissions(i.e. INTERNET, RECEIVE_SMS)
Unprivileged App
Resource
Privileged App
Resource requestRequest accepted
Request denied
Add a mock-up screen here
from the Eclipse Plugin
Analyzed 13 security solutions from different research groups
8 solutions introduce substantial overhead (delays or energy consumption)
11 solutions require modification of framework code and therefore difficult to distribute
PoC App: Mail Bomber
PoC App: Funny Game
1%
35%
1%
62%
Types of Malware (2011)
SMS FlooderSMS TrojanWormSpyware
47%
29%
2%
5%
17%
Market Share of Smartphones by Platform
GoogleAppleSymbianMicrosoftRIM
Juniper Networks – 2011 Mobile Thread Report
Android Market reached10 Billion App downloads by December 2011
Growth rate of 1 Billion App downloads per month
450'000 Apps
Android Security
Jun Jul Aug Sep Oct Nov Dec0%
500%
1,000%
1,500%
2,000%
2,500%
3,000%
3,500%
4,000%
Cumulative Android Malware IncreaseJune - December 2011
INTERNETACCESS_NETWORK_STATE
WRITE_EXTERNAL_STORAGEREAD_PHONE_STATE
GET_ACCOUNTSVIBRATE
WAKE_LOCKREAD_CONTACTS
ACCESS_FINE_LOCATIONRECORD_AUDIO
USE_CREDENTIALS
0 20 40 60 80 100
Commonly requested permissions
(Data: 50 medical Apps, 50 financial Apps)
FinanceMedicine
# Apps
69%
31%
Permission usage
(Data: 100 Apps, 165 Permissions)
Not used
Used
Deal with Privilege Escalation attacks
XManDroid Quire
IPC Inspection SELinux
TrustDroid
Rely on user/developer
CRePE Saint
Apex ComDroid
Quire
Reduce device functionality
XManDroid CRePE
Saint Apex
Subject to false-positive/false-negative
XManDroid
IPC Inspection ComDroid
Saint
Source: Juniper Networks – 2011 Mobile Thread Report
Top Related