RTPDroid:在运行时权限模型下检测隐式恶意行为

2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2020-12-01 DOI:10.1109/QRS51102.2020.00027

Jie Zhang, Cong Tian, Zhenhua Duan, Liang Zhao

{"title":"RTPDroid:在运行时权限模型下检测隐式恶意行为","authors":"Jie Zhang, Cong Tian, Zhenhua Duan, Liang Zhao","doi":"10.1109/QRS51102.2020.00027","DOIUrl":null,"url":null,"abstract":"In Android 6.0 and above, Install-time Permission Model is replaced with Runtime Permission Model (RPM) where permission requesting is performed at runtime, rather than at install-time, to protect users' privacy. RPM brings certain benefits to security, but still has drawbacks that are exploitable by malware. The permission could be attained under a reasonable context and then be freely used under another context for executing malicious behavior without notifying users. In addition, RPM may cause bugs when developers forget to add permission checking before using the permission. Motivated by these problems, we propose RTPDroid, an approach to the detection of implicitly malicious behaviors and bugs brought by RPM. In this approach, these implicitly malicious behaviors and bugs are defined formally. Then, notions of user-aware contexts as well as user-aware call graphs are utilized for the detection. Experiments on 221 real-world apps reveal 131 bugs and 174 implicitly malicious behaviors under RPM.","PeriodicalId":301814,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)","volume":"170 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"RTPDroid: Detecting Implicitly Malicious Behaviors Under Runtime Permission Model\",\"authors\":\"Jie Zhang, Cong Tian, Zhenhua Duan, Liang Zhao\",\"doi\":\"10.1109/QRS51102.2020.00027\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In Android 6.0 and above, Install-time Permission Model is replaced with Runtime Permission Model (RPM) where permission requesting is performed at runtime, rather than at install-time, to protect users' privacy. RPM brings certain benefits to security, but still has drawbacks that are exploitable by malware. The permission could be attained under a reasonable context and then be freely used under another context for executing malicious behavior without notifying users. In addition, RPM may cause bugs when developers forget to add permission checking before using the permission. Motivated by these problems, we propose RTPDroid, an approach to the detection of implicitly malicious behaviors and bugs brought by RPM. In this approach, these implicitly malicious behaviors and bugs are defined formally. Then, notions of user-aware contexts as well as user-aware call graphs are utilized for the detection. Experiments on 221 real-world apps reveal 131 bugs and 174 implicitly malicious behaviors under RPM.\",\"PeriodicalId\":301814,\"journal\":{\"name\":\"2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)\",\"volume\":\"170 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/QRS51102.2020.00027\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS51102.2020.00027","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

在Android 6.0及以上版本中，安装时权限模型被运行时权限模型(Runtime Permission Model, RPM)所取代，在运行时而不是安装时执行权限请求，以保护用户隐私。RPM为安全性带来了一定的好处，但仍然存在可被恶意软件利用的缺点。可以在一个合理的上下文中获得许可，然后在另一个上下文中自由地用于执行恶意行为而不通知用户。此外，当开发人员在使用权限之前忘记添加权限检查时，RPM可能会导致错误。基于这些问题，我们提出了RTPDroid，一种检测RPM带来的隐式恶意行为和错误的方法。在这种方法中，这些隐式恶意行为和错误被正式定义。然后，利用用户感知上下文和用户感知调用图的概念进行检测。对221个真实应用程序的实验揭示了RPM下的131个bug和174个隐式恶意行为。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

RTPDroid: Detecting Implicitly Malicious Behaviors Under Runtime Permission Model

In Android 6.0 and above, Install-time Permission Model is replaced with Runtime Permission Model (RPM) where permission requesting is performed at runtime, rather than at install-time, to protect users' privacy. RPM brings certain benefits to security, but still has drawbacks that are exploitable by malware. The permission could be attained under a reasonable context and then be freely used under another context for executing malicious behavior without notifying users. In addition, RPM may cause bugs when developers forget to add permission checking before using the permission. Motivated by these problems, we propose RTPDroid, an approach to the detection of implicitly malicious behaviors and bugs brought by RPM. In this approach, these implicitly malicious behaviors and bugs are defined formally. Then, notions of user-aware contexts as well as user-aware call graphs are utilized for the detection. Experiments on 221 real-world apps reveal 131 bugs and 174 implicitly malicious behaviors under RPM.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)

自引率

0.00%

发文量