A collaborative framework for generating probabilistic contracts

n/

Enforcing Application Security on Android Mobile Devices

Security in new generation mobile devices is currently a problem of capital importance. Smartphones and tablets have become extremely popular in the last years, especially in developed country where smartphones and tablets account for 95% of active mobile devices. Due to their popularity, these devices have fast drawn the attention of malicious developers. Attackers have started to implement and distribute applications able to harm user’s privacy, user’s money and even device and data integrity. Malicious developers have cleverly exploited the simplicity of app distribution, the sensitivity of information and operation accessible through mobile devices, together with the user limited attention to security issues. This thesis presents the study, design and implementation of a multi-component security framework for the popular Android operative system. The aim of this thesis is to provide a lightweight and user friendly security tool, extensible and modular, able to tackle current and future security threats on Android devices. The framework exploits white list-based methodologies to detect at runtime malicious behaviors of application, without being prone to the problem of zero-day-attacks (i.e. new threats not yet discovered by the community). The white-list approach is combined with a black-list security enforcement, to reduce the likelihood of false alarms and to tackle known misbehaviors before they effectively take place. Moreover the framework also combines static and dynamic analysis. It exploits probabilistic contract theory and app metadata to detect dangerous applications before they are installed (static analysis). Furthermore, detects and stop malicious kernel level events and API calls issued by applications at runtime (dynamic analysis), to avoid harm to user and her device. The framework is configurable and can be both totally transparent to the user, or have a stronger interaction when the user is more interested in a security awareness of her device. The presented security framework has been extensively tested against a testbed of more than 12000 applications including two large Android malware databases. Detection rate (95%) and false positive rate (1 per day) prove the effectiveness of the presented framework. Furthermore, a study of usability which includes energy evaluation and more than 200 user feedback is presented. These results show both the limited overhead (4% battery, 1.4% performance) imposed by the framework and the good user acceptance

A Collaborative Framework for Generating Probabilistic Contracts

We propose a collaborative framework for generating probabilistic contracts for Android smartphones aimed at detecting repackaged applications. To this end, a network of users sends to the application server the sequences of actions that represent the usage profile of the application. Then, the application server generates a contract from this set of traces. Contracts are represented through clustered probabilistic automata. At run-time, a monitoring system on the smartphone verifies the compliance of the running application against the contract through the Pearson's Chi Squared test. In the preliminary tests, the proposed framework has been able to detect repackaged applications whose behavior is strongly similar to the original application but hide malware