基于交集自动机的Android应用程序合流模型

2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA) Pub Date : 2016-03-23 DOI:10.1109/AINA.2016.92

S. Bhandari, V. Laxmi, A. Zemmari, M. Gaur

{"title":"基于交集自动机的Android应用程序合流模型","authors":"S. Bhandari, V. Laxmi, A. Zemmari, M. Gaur","doi":"10.1109/AINA.2016.92","DOIUrl":null,"url":null,"abstract":"Android applications need to access and share user's sensitive data. To maintain user's privacy and related data security, it is essential to protect this data. Android security framework enforces permission protected model but it has been shown that applications can bypass this security model. Attacks based on such unauthorized privileges are known as Inter-Component Communication (ICC) Collusion Attacks. In this paper, we propose, a novel automaton framework that allows effective detection of intent based collusion. Our detection framework operates at the component-level. To evaluate our proposal, we developed 14 applications and took 4 applications from Google Play Store. We took all possible combinations from the set of 21 applications. We tested our approach on 210 pairs of applications derived from the set of 21 applications. Time and space complexity of our proposed approach is O(n) where n is the number of components in all the applications under analysis. The experimental results demonstrate that our technique is scalable to application sizing and more efficient as compared to other state of the art approaches.","PeriodicalId":438655,"journal":{"name":"2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA)","volume":"313 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Intersection Automata Based Model for Android Application Collusion\",\"authors\":\"S. Bhandari, V. Laxmi, A. Zemmari, M. Gaur\",\"doi\":\"10.1109/AINA.2016.92\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Android applications need to access and share user's sensitive data. To maintain user's privacy and related data security, it is essential to protect this data. Android security framework enforces permission protected model but it has been shown that applications can bypass this security model. Attacks based on such unauthorized privileges are known as Inter-Component Communication (ICC) Collusion Attacks. In this paper, we propose, a novel automaton framework that allows effective detection of intent based collusion. Our detection framework operates at the component-level. To evaluate our proposal, we developed 14 applications and took 4 applications from Google Play Store. We took all possible combinations from the set of 21 applications. We tested our approach on 210 pairs of applications derived from the set of 21 applications. Time and space complexity of our proposed approach is O(n) where n is the number of components in all the applications under analysis. The experimental results demonstrate that our technique is scalable to application sizing and more efficient as compared to other state of the art approaches.\",\"PeriodicalId\":438655,\"journal\":{\"name\":\"2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA)\",\"volume\":\"313 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-03-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AINA.2016.92\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AINA.2016.92","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

摘要

Android应用程序需要访问和共享用户的敏感数据。为了维护用户的隐私和相关数据的安全，必须保护这些数据。Android安全框架执行权限保护模型，但已经证明，应用程序可以绕过这个安全模型。基于这种未经授权的特权的攻击被称为组件间通信(ICC)合谋攻击。在本文中，我们提出了一种新的自动机框架，可以有效地检测基于意图的合谋。我们的检测框架在组件级运行。为了评估我们的提案，我们开发了14个应用程序，并从Google Play Store中选择了4个应用程序。我们从21个应用程序中选取所有可能的组合。我们在来自21个应用程序集的210对应用程序上测试了我们的方法。我们提出的方法的时间和空间复杂性是O(n)，其中n是在分析的所有应用程序中的组件数量。实验结果表明，与其他最先进的方法相比，我们的技术可扩展到应用程序的大小，并且效率更高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Intersection Automata Based Model for Android Application Collusion

Android applications need to access and share user's sensitive data. To maintain user's privacy and related data security, it is essential to protect this data. Android security framework enforces permission protected model but it has been shown that applications can bypass this security model. Attacks based on such unauthorized privileges are known as Inter-Component Communication (ICC) Collusion Attacks. In this paper, we propose, a novel automaton framework that allows effective detection of intent based collusion. Our detection framework operates at the component-level. To evaluate our proposal, we developed 14 applications and took 4 applications from Google Play Store. We took all possible combinations from the set of 21 applications. We tested our approach on 210 pairs of applications derived from the set of 21 applications. Time and space complexity of our proposed approach is O(n) where n is the number of components in all the applications under analysis. The experimental results demonstrate that our technique is scalable to application sizing and more efficient as compared to other state of the art approaches.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA)

自引率

0.00%

发文量