Safe Android App Store - fsktm

publicyardΚινητά – Ασύρματες Τεχνολογίες

10 Δεκ 2013 (πριν από 3 χρόνια και 10 μήνες)

80 εμφανίσεις


1

Introduction


Explosive

growth

in

mobile

phones

and

tablets

popularity


Google

Android,

the

most

popular


Android,

top

mobile

malware

platform


FBI

warns

users

of

mobile

malware

2

Problem Statement


The

wild

growth

in

usage

of

smart

phones

has

greatly

stimulated

the

distribution

of

malicious

activities


400
%

increase

in

Android
-
based

malware

since

summer

2010


Lack

of

safe

android

safe

market

3

Scope of the research


This

research

will

conducted

based

on

Android

platform

only


4

5

Android Safe App Store

6

Number of Malware Articles in Topics

7

Number of Forensic Articles in Topics

Related Works


(
Burguera

et

al
.
,

2011
)

Crowdroid

Malware

Detection

System

for

Android


(Felt

et

al
.
,

2011
)

Android

permissions

demystified


(Grace

et

al
.
,

2012
)

Unsafe

exposure

analysis

of

mobile

in
-
app

advertisements


(Zhou

et

al
.
,

2012
b)

Detecting

malicious

apps

in

Android

markets


(
Enck

et

al
.
,

2011
)

A

study

of

android

application

security




8

9

Crowdroid vs. MoDroid

(CONTRIBUTIONS)



MoDroid

has

improved

accuracy

in

compare

to

Crowdroid


MoDroid

prevent

the

attack

while

Crowdroid

only

detect


MoDroid

is

completely

server

based

and

do

not

consume

android

device

resources


MoDroid

insure

the

safety

of

the

user

while

Crowdroid

do

not


MoDroid

database

is

safe

against

poisonous

records


Objectives


The

main

objective

of

this

research

is

to

propose

a

model

for

forensic

investigation

of

android

malwares
.


Expected

Outcomes
:


1

Thesis


1

Copyright


1

Conference

paper


1

Scopus

Indexed

Journal


1

ISI

Indexed

Journal

10

Methodology

i.
Problem

identification

using

related

works

ii.
Framework

design

iii.
Implementation

iv.
Evaluation

v.
Improvement

vi.
Documentation

11

Work plan

12

References

Al
-
Zarouni
,

M
.
,

2006
.

Mobile

Handset

Forensic

Evidence
:

a

challenge

for

Law

Enforcement
.

Australian

Digital

Forensics

Conference
.

At

least

34
%

of

Android

malware

is

stealing

your

data

[WWW

Document],

n
.
d
.

Kaspersky

Lab
.

URL

http
:
//www
.
kaspersky
.
com/about/news/virus/
2011
/Number_of_the_Week_at_Least_
34
_of_Android_Malware_Is_Stealing_Your_Data

(accessed

12
.
25
.
12
)
.

Becher
,

M
.
,

Freiling
,

F
.
C
.
,

Hoffmann,

J
.
,

Holz
,

T
.
,

Uellenbeck
,

S
.
,

Wolf,

C
.
,

2011
.

Mobile

security

catching

up?

revealing

the

nuts

and

bolts

of

the

security

of

mobile

devices,

in
:

Security

and

Privacy

(SP),

2011

IEEE

Symposium

On
.

pp
.

96

111
.

Bugiel
,

S
.
,

Davi
,

L
.
,

Dmitrienko
,

A
.
,

Fischer,

T
.
,

Sadeghi
,

A
.
R
.
,

Shastry
,

B
.
,

2012
.

Towards

taming

privilege
-
escalation

attacks

on

Android,

in
:

Proceedings

of

the

19
th

Annual

Symposium

on

Network

and

Distributed

System

Security
.

Burguera
,

I
.
,

Zurutuza
,

U
.
,

Nadjm
-
Tehrani
,

S
.
,

2011
.

Crowdroid
:

behavior
-
based

malware

detection

system

for

Android,

in
:

Proceedings

of

the

1
st

ACM

Workshop

on

Security

and

Privacy

in

Smartphones

and

Mobile

Devices,

SPSM


11
.

ACM,

New

York,

NY,

USA,

pp
.

15

26
.

Chin,

E
.
,

Felt,

A
.
P
.
,

Greenwood,

K
.
,

Wagner,

D
.
,

2011
.

Analyzing

inter
-
application

communication

in

Android,

in
:

Proceedings

of

the

9
th

International

Conference

on

Mobile

Systems,

Applications,

and

Services
.

pp
.

239

252
.

Dietz,

M
.
,

Shekhar
,

S
.
,

Pisetsky
,

Y
.
,

Shu
,

A
.
,

Wallach,

D
.
S
.
,

2011
.

Quire
:

Lightweight

provenance

for

smart

phone

operating

systems,

in
:

20
th

USENIX

Security

Symposium
.

Egele
,

M
.
,

Kruegel
,

C
.
,

Kirda
,

E
.
,

Vigna
,

G
.
,

2011
.

PiOS
:

Detecting

privacy

leaks

in

iOS

applications,

in
:

Proceedings

of

the

Network

and

Distributed

System

Security

Symposium
.

Enck
,

W
.
,

Gilbert,

P
.
,

Chun,

B
.
G
.
,

Cox,

L
.
P
.
,

Jung,

J
.
,

McDaniel,

P
.
,

Sheth
,

A
.
N
.
,

2010
.

TaintDroid
:

an

information
-
flow

tracking

system

for

realtime

privacy

monitoring

on

smartphones,

in
:

Proceedings

of

the

9
th

USENIX

Conference

on

Operating

Systems

Design

and

Implementation
.

pp
.

1

6
.

Enck
,

W
.
,

Octeau
,

D
.
,

McDaniel,

P
.
,

Chaudhuri
,

S
.
,

2011
.

A

study

of

android

application

security,

in
:

Proceedings

of

the

20
th

USENIX

Security

Symposium
.

FBI

warns

users

of

mobile

malware

[WWW

Document],

n
.
d
.

CNET
.

URL

http
:
//news
.
cnet
.
com/
8301
-
1009
_
3
-
57532937
-
83
/fbi
-
warns
-
users
-
of
-
mobile
-
malware/

(accessed

12
.
30
.
12
)
.

13

References (cont’d)


Felt,

A
.
P
.
,

Chin,

E
.
,

Hanna,

S
.
,

Song,

D
.
,

Wagner,

D
.
,

2011
a
.

Android

permissions

demystified,

in
:

Proceedings

of

the

18
th

ACM

Conference

on

Computer

and

Communications

Security,

CCS


11
.

ACM,

New

York,

NY,

USA,

pp
.

627

638
.

Felt,

A
.
P
.
,

Finifter
,

M
.
,

Chin,

E
.
,

Hanna,

S
.
,

Wagner,

D
.
,

2011
b
.

A

survey

of

mobile

malware

in

the

wild,

in
:

Proceedings

of

the

1
st

ACM

Workshop

on

Security

and

Privacy

in

Smartphones

and

Mobile

Devices
.

pp
.

3

14
.

Felt,

A
.
P
.
,

Wang,

H
.
J
.
,

Moshchuk
,

A
.
,

Hanna,

S
.
,

Chin,

E
.
,

2011
c
.

Permission

re
-
delegation
:

Attacks

and

defenses,

in
:

Proceedings

of

the

20
th

USENIX

Security

Symposium
.

pp
.

22

37
.

Google’s

Android

becomes

the

world’s

leading

smart

phone

platform,

2011
.

.

Goutam

Das,

2012
.

Cyber

crime

to

be

a

bigger

security

concern

in

2013
.

Living

Media

India

Limited
.

Grace,

M
.
,

Zhou,

Y
.
,

Wang,

Z
.
,

Jiang,

X
.
,

2012
a
.

Systematic

detection

of

capability

leaks

in

stock

Android

smartphones,

in
:

Proceedings

of

the

19
th

Annual

Symposium

on

Network

and

Distributed

System

Security
.

Grace,

M
.
C
.
,

Zhou,

W
.
,

Jiang,

X
.
,

Sadeghi
,

A
.
R
.
,

2012
b
.

Unsafe

exposure

analysis

of

mobile

in
-
app

advertisements,

in
:

Proceedings

of

the

Fifth

ACM

Conference

on

Security

and

Privacy

in

Wireless

and

Mobile

Networks
.

pp
.

101

112
.

Hardy,

N
.
,

1988
.

The

Confused

Deputy
:
(or

why

capabilities

might

have

been

invented)
.

ACM

SIGOPS

Operating

Systems

Review

22
,

36

38
.

Juniper

Networks,

2010
.

Malicious

Mobile

Threats

Report

2010
/
2011
.

Li,

J
.
,

Gu
,

D
.
,

Luo
,

Y
.
,

2012
.

Android

Malware

Forensics
:

Reconstruction

of

Malicious

Events,

in
:

2012

32
nd

International

Conference

on

Distributed

Computing

Systems

Workshops

(ICDCSW)
.

Presented

at

the

2012

32
nd

International

Conference

on

Distributed

Computing

Systems

Workshops

(ICDCSW),

pp
.

552


558
.

Mansfield
-
Devine,

S
.
,

2012
.

Paranoid

Android
:

just

how

insecure

is

the

most

popular

mobile

platform?

Network

Security

2012
,

5

10
.

Schmidt,

A
.
-
D
.
,

Bye,

R
.
,

Schmidt,

H
.
-
G
.
,

Clausen,

J
.
,

Kiraz
,

O
.
,

Yuksel
,

K
.
A
.
,

Camtepe
,

S
.
A
.
,

Albayrak
,

S
.
,

2009
a
.

Static

Analysis

of

Executables

for

Collaborative

Malware

Detection

on

Android,

in
:

IEEE

International

Conference

on

Communications,

2009
.

ICC


09
.

Presented

at

the

IEEE

International

Conference

on

Communications,

2009
.

ICC


09
,

pp
.

1


5
.

14

References (cont’d)

Schmidt,

A
.
D
.
,

Schmidt,

H
.
G
.
,

Batyuk
,

L
.
,

Clausen,

J
.
H
.
,

Camtepe
,

S
.
A
.
,

Albayrak
,

S
.
,

Yildizli
,

C
.
,

2009
b
.

Smartphone

malware

evolution

revisited
:

Android

next

target?,

in
:

Malicious

and

Unwanted

Software

(MALWARE),

2009

4
th

International

Conference

On
.

pp
.

1

7
.

Schmitt,

S
.
,

2011
.

Mobile

Phone

Forensics
:

Analysis

of

the

Android

Filesystem

(YAFFS
2
)
.

Schrittwieser
,

S
.
,

Frühwirt
,

P
.
,

Kieseberg
,

P
.
,

Leithner
,

M
.
,

Mulazzani
,

M
.
,

Huber,

M
.
,

Weippl
,

E
.
,

2012
.

Guess

Who’s

Texting

You?

Evaluating

the

Security

of

Smartphone

Messaging

Applications,

in
:

Proceedings

of

the

19
th

Annual

Symposium

on

Network

and

Distributed

System

Security
.

Shabtai
,

A
.
,

Kanonov
,

U
.
,

Elovici
,

Y
.
,

Glezer
,

C
.
,

Weiss,

Y
.
,

2012
.


Andromaly

:

a

behavioral

malware

detection

framework

for

android

devices
.

J

Intell

Inf

Syst

38
,

161

190
.

Shaoyan
,

C
.
,

Xianwei
,

H
.
,

Ming,

L
.
,

2009
.

Research

of

Mobile

Forensic

Software

System

Based

on

Windows

Mobile
.

IEEE,

pp
.

366

369
.

Smartphone

shipments

tripled

since


08
.

Dumb

phones

are

flat

-

Apple

2
.
0

-

Fortune

Tech

[WWW

Document],

n
.
d
.

.

URL

http
:
//tech
.
fortune
.
cnn
.
com/
2011
/
11
/
01
/smartphone
-
shipments
-
tripled
-
since
-
08
-
dumb
-
phones
-
are
-
flat/

(accessed

12
.
25
.
12
)
.

Thomas,

P
.
,

Owen,

P
.
,

McPhee,

D
.
,

2010
.

An

Analysis

of

the

Digital

Forensic

Examination

of

Mobile

Phones,

in
:

Next

Generation

Mobile

Applications,

Services

and

Technologies

(NGMAST),

2010

Fourth

International

Conference

On
.

pp
.

25

29
.

Traynor
,

P
.
,

Lin,

M
.
,

Ongtang
,

M
.
,

Rao
,

V
.
,

Jaeger,

T
.
,

McDaniel,

P
.
,

La

Porta
,

T
.
,

2009
.

On

cellular

botnets
:

Measuring

the

impact

of

malicious

devices

on

a

cellular

network

core,

in
:

Proceedings

of

the

16
th

ACM

Conference

on

Computer

and

Communications

Security
.

pp
.

223

234
.

VARGHESE,

V
.
J
.
,

2011
.

DISSECTING

ANDRO

MALWARE
.

Walls,

R
.
J
.
,

Learned
-
Miller,

E
.
,

Levine,

B
.
N
.
,

2011
.

Forensic

triage

for

mobile

phones

with

DEC
0
DE,

in
:

Proc
.

USENIX

Security

Symposium
.

Zhou,

W
.
,

Zhou,

Y
.
,

Jiang,

X
.
,

Ning
,

P
.
,

2012
a
.

Detecting

repackaged

smartphone

applications

in

third
-
party

android

marketplaces,

in
:

Proceedings

of

the

Second

ACM

Conference

on

Data

and

Application

Security

and

Privacy
.

pp
.

317

326
.

Zhou,

Y
.
,

Jiang,

X
.
,

2012
.

Dissecting

Android

Malware
:

Characterization

and

Evolution,

in
:

2012

IEEE

Symposium

on

Security

and

Privacy

(SP)
.

Presented

at

the

2012

IEEE

Symposium

on

Security

and

Privacy

(SP),

pp
.

95


109
.

Zhou,

Y
.
,

Wang,

Z
.
,

Zhou,

W
.
,

Jiang,

X
.
,

2012
b
.

Hey,

you,

get

off

of

my

market
:

Detecting

malicious

apps

in

official

and

alternative

Android

markets,

in
:

Proc
.

of

the

19
th

Annual

Network

and

Distributed

System

Security

Symposium

(NDSS
)
.

15

16