Abstract
With users’ increasing awareness of security and privacy issues, Android’s permission mechanism and other existing methods fall short to provide effective protection over user data. This paper presents SARRE, a Semantics-Aware Rule Recommendation and Enforcement system to detect critical information outflows and prevent information leakage. SARRE leverages runtime monitoring and statistical analysis to identify system event paths. Then, an online recommendation algorithm is developed to automatically assign and enforce a semantics-aware security rule to each event path. Our preliminary results on real-world malware samples and popular apps from Google Play show that the recommended rules by our system are effective in preventing information leakage and enabling protection policies for users’ private data.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Android still triggers the most mobile malware. http://goo.gl/FXTGsi
Malware with package name com.nicky.lyyws.xmall. http://goo.gl/U7D2FW
Malware with package name com.yxx.jiejie. http://goo.gl/CpkioI
Mobile malware sharing website. http://goo.gl/YNIOLg
Chakraborty, S., Shen, C., Raghavan, K.R., Shoukry, Y., Millar, M., Srivastava, M.: ipShield: a framework for enforcing context-aware privacy. In: NSDI (2014). USENIX
Demetriou, S., Zhou, X., Naveed, M., Lee, Y., Yuan, K., Wang, X., Gunter, C.A.: What’s in your dongle and bank account? mandatory and discretionary protection of android external resources. In: NDSS (2015)
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: ACM TOCS (2014)
Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Li, Y., Yao, F., Lan, T., Venkataramani, G. (2015). POSTER: Semantics-Aware Rule Recommendation and Enforcement for Event Paths. In: Thuraisingham, B., Wang, X., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 164. Springer, Cham. https://doi.org/10.1007/978-3-319-28865-9_33
Download citation
DOI: https://doi.org/10.1007/978-3-319-28865-9_33
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-28864-2
Online ISBN: 978-3-319-28865-9
eBook Packages: Computer ScienceComputer Science (R0)