{"title":"移动应用程序的概率合同遵从性","authors":"G. Dini, F. Martinelli, A. Saracino, D. Sgandurra","doi":"10.1109/ARES.2013.79","DOIUrl":null,"url":null,"abstract":"We propose PICARD (ProbabIlistic Contract on Android), a framework to generate probabilistic contracts to detect repackaged applications for Android smart phones. A contract describes the sequences of actions that an application is allowed to perform at run-time, i.e. its legal behavior. In PICARD, contracts are generated from the set of traces that represent the usage profile of the application. Both the contract and the application's run-time behavior are represented through clustered probabilistic automata. At run-time, the PICARD monitoring system verifies the compliance of the application trace with the contract. This approach is useful in detecting repackaged applications, whose behavior is strongly similar to the original application but it differs only from small paths in the traces. In this paper, we discuss the framework of PICARD for describing and generating contracts through probabilistic automata and introduce the notion of Action Node, a cluster of related system calls, used to represent high level operations. Then, we present a first set of preliminary experiments on repackaged applications, to evaluate the viability of the proposed approach.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Probabilistic Contract Compliance for Mobile Applications\",\"authors\":\"G. Dini, F. Martinelli, A. Saracino, D. Sgandurra\",\"doi\":\"10.1109/ARES.2013.79\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We propose PICARD (ProbabIlistic Contract on Android), a framework to generate probabilistic contracts to detect repackaged applications for Android smart phones. A contract describes the sequences of actions that an application is allowed to perform at run-time, i.e. its legal behavior. In PICARD, contracts are generated from the set of traces that represent the usage profile of the application. Both the contract and the application's run-time behavior are represented through clustered probabilistic automata. At run-time, the PICARD monitoring system verifies the compliance of the application trace with the contract. This approach is useful in detecting repackaged applications, whose behavior is strongly similar to the original application but it differs only from small paths in the traces. In this paper, we discuss the framework of PICARD for describing and generating contracts through probabilistic automata and introduce the notion of Action Node, a cluster of related system calls, used to represent high level operations. Then, we present a first set of preliminary experiments on repackaged applications, to evaluate the viability of the proposed approach.\",\"PeriodicalId\":302747,\"journal\":{\"name\":\"2013 International Conference on Availability, Reliability and Security\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-09-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2013.79\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2013.79","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8
摘要
我们提出了PICARD (ProbabIlistic Contract on Android),这是一个生成概率契约的框架,用于检测Android智能手机的重新打包应用程序。契约描述了允许应用程序在运行时执行的操作序列,即其合法行为。在PICARD中,契约是从表示应用程序使用概况的跟踪集生成的。合约和应用程序的运行时行为都是通过聚类概率自动机表示的。在运行时,PICARD监视系统验证应用程序跟踪是否符合合同。这种方法在检测重新打包的应用程序时非常有用,这些应用程序的行为与原始应用程序非常相似,但与跟踪中的小路径不同。在本文中,我们讨论了通过概率自动机描述和生成契约的PICARD框架,并引入了动作节点的概念,动作节点是一组相关的系统调用,用于表示高级操作。然后,我们在重新打包的应用程序上进行了第一组初步实验,以评估所提出方法的可行性。
Probabilistic Contract Compliance for Mobile Applications
We propose PICARD (ProbabIlistic Contract on Android), a framework to generate probabilistic contracts to detect repackaged applications for Android smart phones. A contract describes the sequences of actions that an application is allowed to perform at run-time, i.e. its legal behavior. In PICARD, contracts are generated from the set of traces that represent the usage profile of the application. Both the contract and the application's run-time behavior are represented through clustered probabilistic automata. At run-time, the PICARD monitoring system verifies the compliance of the application trace with the contract. This approach is useful in detecting repackaged applications, whose behavior is strongly similar to the original application but it differs only from small paths in the traces. In this paper, we discuss the framework of PICARD for describing and generating contracts through probabilistic automata and introduce the notion of Action Node, a cluster of related system calls, used to represent high level operations. Then, we present a first set of preliminary experiments on repackaged applications, to evaluate the viability of the proposed approach.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
