short-paper

DroidBarrier: know what is executing on your android

Authors:

Hussain M.J. Almohri,

Danfeng (Daphne) Yao,

Dennis KafuraAuthors Info & Claims

CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy

Pages 257 - 264

https://doi.org/10.1145/2557547.2557571

Published: 03 March 2014 Publication History

Abstract

Many Android vulnerabilities share a root cause of malicious unauthorized applications executing without user's consent. In this paper, we propose the use of a technique called process authentication for Android applications to overcome the shortcomings of current Android security practices. We demonstrate the process authentication model for Android by designing and implementing our runtime authentication and detection system referred to as DroidBarrier. Our malware analysis shows that DroidBarrier is capable of detecting real Android malware at the time of creating independent processes. A

References

[1]

H. Almohri, D. Yao, and D. Kafura. Process authentication for high system assurance. IEEE Transactions on Dependable and Secure Computing, PP(99), 2013.

Digital Library

[2]

H. M. Almohri, D. Yao, and D. Kafura. Identifying native applications with high assurance. In Proceedings of the second ACM conference on Data and Application Security and Privacy, pages 275--282, New York, NY, USA, 2012. ACM.

Digital Library

[3]

K. Barr, P. Bungale, S. Deasy, V. Gyuris, P. Hung, C. Newell, H. Tuch, and B. Zoppis. The VMware mobile virtualization platform: is that a hypervisor in your pocket? ACM SIGOPS Operating Systems Review, 44(4):124--135, Dec. 2010.

Digital Library

[4]

S. Bugiel, L. Davi, A. Dmitrienko, S. Heuser, A.-R. Sadeghi, and B. Shastry. Practical and lightweight domain isolation on Android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM'11, pages 51--62, New York, NY, USA, 2011. ACM.

Digital Library

[5]

S. Bugiel, S. Heuser, and A.-R. Sadeghi. Flexible and fine-grained mandatory access control on android for diverse security and privacy policies. In 22nd USENIX Security Symposium (USENIX Security '13). USENIX, Aug. 2013.

Digital Library

[6]

E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in Android. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys '11, pages 239--252, New York, NY, USA, 2011. ACM.

Digital Library

[7]

C. Dall, J. Andrus, A. Van't Hof, O. Laadan, and J. Nieh. The design, implementation, and evaluation of cells: A virtual smartphone architecture. ACM Trans. Comput. Syst., 30(3):9:1--9:31, Aug. 2012.

Digital Library

[8]

M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach. Quire: lightweight provenance for smart phone operating systems. In Proceedings of the 20th USENIX Conference on Security, SEC'11, pages 23--23, Berkeley, CA, USA, 2011. USENIX Association.

Digital Library

[9]

K. O. Elish, D. Yao, and B. G. Ryder. User-centric dependence analysis for identifying malicious mobile apps. In Proceedings of the Workshop on Mobile Security Technologies (MoST), May 2012. In conjunction with the IEEE Symposium on Security and Privacy.

[10]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI'10, pages 1--6, Berkeley, CA, USA, 2010. USENIX Association.

Digital Library

[11]

W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS '09, pages 235--245, New York, NY, USA, 2009. ACM.

Digital Library

[12]

W. Enck, M. Ongtang, and P. McDaniel. Understanding Android Security. IEEE Security and Privacy, 7(1):50--57, Jan. 2009.

Digital Library

[13]

A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '11, pages 3--14, New York, NY, USA, 2011. ACM.

Digital Library

[14]

M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang. RiskRanker: scalable and accurate zero-day Android malware detection. In Proceedings of the 10th international conference on Mobile systems, applications, and services, MobiSys '12, pages 281--294, New York, NY, USA, 2012. ACM.

Digital Library

[15]

K. Gudeth, M. Pirretti, K. Hoeper, and R. Buskey. Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM '11, pages 33--38, New York, NY, USA, 2011. ACM.

Digital Library

[16]

R. Hund, T. Holz, and F. C. Freiling. Return-oriented rootkits: bypassing kernel code integrity protection mechanisms. In Proceedings of the 18th conference on USENIX security symposium, SSYM'09, pages 383--398, Berkeley, CA, USA, 2009. USENIX Association.

Digital Library

[17]

T. Jaeger, R. Sailer, and U. Shankar. PRIMA: policy-reduced integrity measurement architecture. In Proceedings of the 11th ACM symposium on Access control models and technologies, SACMAT '06, pages 19--28, New York, NY, USA, 2006. ACM.

Digital Library

[18]

T. Luo, H. Hao, W. Du, Y. Wang, and H. Yin. Attacks on webview in the Android system. In Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC '11, pages 343--352, New York, NY, USA, 2011. ACM.

Digital Library

[19]

Y. Park, C. Lee, C. Lee, J. Lim, S. Han, M. Park, and S.-J. Cho. RGBDroid: a novel response-based approach to Android privilege escalation attacks. In Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats, LEET'12, pages 9--9, Berkeley, CA, USA, 2012. USENIX Association.

Digital Library

[20]

G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid Android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 347--356, New York, NY, USA, 2010. ACM.

Digital Library

[21]

M. Rajagopalan, M. Hiltunen, T. Jim, and R. Schlichting. Authenticated system calls. In Proceedings of the 2005 International Conference on Dependable Systems and Networks, pages 358--367, June 2005.

Digital Library

[22]

R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13, SSYM'04, pages 16--16, Berkeley, CA, USA, 2004. USENIX Association.

Digital Library

[23]

A. Shabtai, Y. Fledel, and Y. Elovici. Securing Android-powered mobile devices using SELinux. Security Privacy, IEEE, 8(3):36--44, may-june 2010.

Digital Library

[24]

S. Smalley and R. Craig. Security enhanced (se) android: Bringing flexible mac to android. In NDSS, 2013.

[25]

A. Srivastava, A. Lanzi, J. Giffin, and D. Balzarotti. Operating system interface obfuscation and the revealing of hidden operations. In Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment, DIMVA'11, pages 214--233, Berlin, Heidelberg, 2011. Springer-Verlag.

Digital Library

[26]

T. Vidas, D. Votipka, and N. Christin. All your droid are belong to us: a survey of current Android attacks. In Proceedings of the 5th USENIX conference on Offensive technologies, WOOT'11, pages 10--10, Berkeley, CA, USA, 2011. USENIX Association.

Digital Library

[27]

K. Xu, D. Yao, Q. Ma, and A. Crowell. Detecting infection onset with behavior-based policies. In 5th International Conference on Network and System Security (NSS), pages 57--64, 2011.

[28]

R. Xu, H. Saïdi, and R. Anderson. Aurasium: practical policy enforcement for Android applications. In Proceedings of the 21st USENIX conference on Security symposium, Security'12, pages 27--27, Berkeley, CA, USA, 2012. USENIX Association.

Digital Library

[29]

L. K. Yan and H. Yin. DroidScope: seamlessly reconstructing the os and dalvik semantic views for dynamic Android malware analysis. In Proceedings of the 21st USENIX conference on Security symposium, Security'12, pages 29--29, Berkeley, CA, USA, 2012. USENIX Association.

Digital Library

[30]

Y. Zhou and X. Jiang. Dissecting Android malware: Characterization and evolution. In 2012 IEEE Symposium on Security and Privacy (SP), pages 95--109, may 2012.

Digital Library

Cited By

Faruki PBhan RJain VBhatia SEl Madhoun NPamula R(2023)A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection FrameworksInformation10.3390/info1407037414:7(374)Online publication date: 30-Jun-2023
https://doi.org/10.3390/info14070374
Billah Karbab EDebbabi MDerhab AMouheb DKarbab EDebbabi MDerhab AMouheb D(2021)Background and Related WorkAndroid Malware Detection using Machine Learning10.1007/978-3-030-74664-3_2(7-39)Online publication date: 14-Apr-2021
https://doi.org/10.1007/978-3-030-74664-3_2
Wan ZBao LGao DToch EXia XMendel TLo D(2020)AppMoDProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/33698193:4(1-22)Online publication date: 14-Sep-2020
https://dl.acm.org/doi/10.1145/3369819
Show More Cited By

Index Terms

DroidBarrier: know what is executing on your android
1. Security and privacy
  1. Security services
    1. Access control
    2. Authentication
  2. Systems security
    1. Operating systems security

Recommendations

ScanMe mobile: a cloud-based Android malware analysis service

As mobile malware have increased in number and sophistication, it has become pertinent for users to have tools that can inform them of potentially malicious applications. To fulfill this need, we develop a cloud-based malware analysis service called ...
DroidOLytics: Robust Feature Signature for Repackaged Android Apps on Official and Third Party Android Markets
ADCONS '13: Proceedings of the 2013 2nd International Conference on Advanced Computing, Networking and Security

Popularity of Android smart phone has led to exponential increase of sophisticated malware threats prompting the academia research, security researchers and Anti Virus (AV) industry to look for smart detection methods to protect user against malware app ...
Anti-Hijack

According to studies, Android is having the highest market share in smartphone operating systems. The number of Android apps (i.e. applications) are increasing day by day. Consequent threats and attacks on Android are also rising. There are a large ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy

March 2014

368 pages

ISBN:9781450322782

DOI:10.1145/2557547

General Chairs:
Elisa Bertino
Purdue University, USA
,
Ravi Sandhu
University of Texas at San Antonio, USA
,
Program Chair:
Jaehong Park
University of Texas at San Antonio, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 March 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

CODASPY'14

Sponsor:

SIGSAC

CODASPY'14: Fourth ACM Conference on Data and Application Security and Privacy

March 3 - 5, 2014

Texas, San Antonio, USA

Acceptance Rates

CODASPY '14 Paper Acceptance Rate 19 of 119 submissions, 16%;

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
451
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Faruki PBhan RJain VBhatia SEl Madhoun NPamula R(2023)A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection FrameworksInformation10.3390/info1407037414:7(374)Online publication date: 30-Jun-2023
https://doi.org/10.3390/info14070374
Billah Karbab EDebbabi MDerhab AMouheb DKarbab EDebbabi MDerhab AMouheb D(2021)Background and Related WorkAndroid Malware Detection using Machine Learning10.1007/978-3-030-74664-3_2(7-39)Online publication date: 14-Apr-2021
https://doi.org/10.1007/978-3-030-74664-3_2
Wan ZBao LGao DToch EXia XMendel TLo D(2020)AppMoDProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/33698193:4(1-22)Online publication date: 14-Sep-2020
https://dl.acm.org/doi/10.1145/3369819
Wijesekera PReardon JReyes ITsai LChen JGood NWagner DBeznosov KEgelman SMandryk RHancock MPerry MCox A(2018)Contextualizing Privacy Decisions for Better Prediction (and Protection)Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems10.1145/3173574.3173842(1-13)Online publication date: 21-Apr-2018
https://dl.acm.org/doi/10.1145/3173574.3173842
Chen KZhang YLiu P(2018)Leveraging Information Asymmetry to Transform Android Apps into Self-Defending Code Against Repackaging AttacksIEEE Transactions on Mobile Computing10.1109/TMC.2017.278224917:8(1879-1893)Online publication date: 1-Aug-2018
https://doi.org/10.1109/TMC.2017.2782249
Feizollah AAnuar NSalleh RWahab A(2018)A review on feature selection in mobile malware detectionDigital Investigation: The International Journal of Digital Forensics & Incident Response10.1016/j.diin.2015.02.00113:C(22-37)Online publication date: 20-Dec-2018
https://dl.acm.org/doi/10.1016/j.diin.2015.02.001
Bonné BPeddinti SBilogrevic ITaft N(2017)Exploring decision making with android's runtime permission dialogs using in-context surveysProceedings of the Thirteenth USENIX Conference on Usable Privacy and Security10.5555/3235924.3235940(195-210)Online publication date: 12-Jul-2017
https://dl.acm.org/doi/10.5555/3235924.3235940
Tam KFeizollah AAnuar NSalleh RCavallaro L(2017)The Evolution of Android Malware and Android Analysis TechniquesACM Computing Surveys10.1145/301742749:4(1-41)Online publication date: 13-Jan-2017
https://dl.acm.org/doi/10.1145/3017427
Sadeghi ABagheri HGarcia JMalek S(2017)A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android SoftwareIEEE Transactions on Software Engineering10.1109/TSE.2016.261530743:6(492-530)Online publication date: 1-Jun-2017
https://doi.org/10.1109/TSE.2016.2615307
Wijesekera PBaokar ATsai LReardon JEgelman SWagner DBeznosov K(2017)The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences2017 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2017.51(1077-1093)Online publication date: May-2017
https://doi.org/10.1109/SP.2017.51
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents