ConXsense - Automated Context Classification for Context-Aware Access Control

We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context sensing and machine learning to automatically classify contexts according to their security and privacy-related properties. We apply the framework to two important smartphone-related use cases: protection against device misuse using a dynamic device lock and protection against sensory malware. We ground our analysis on a sociological survey examining the perceptions and concerns of users related to contextual smartphone security and analyze the effectiveness of our approach with real-world context data. We also demonstrate the integration of our framework with the FlaskDroid architecture for fine-grained access control enforcement on the Android platform.Comment: Recipient of the Best Paper Awar

Android Applications Security

The use of smartphones worldwide is growing very fast and also the malicious attacks have increased. The mobile security applications development keeps the pace with this trend. The paper presents the vulnerabilities of mobile applications. The Android applications and devices are analyzed through the security perspective. The usage of restricted API is also presented. The paper also focuses on how users can prevent these malicious attacks and propose some prevention measures, including the architecture of a mobile security system for Android devices.Mobile Application, Security, Malware, Android, Permissions

Investigation into Mobile Learning Framework in Cloud Computing Platform

Abstract—Cloud computing infrastructure is increasingly used for distributed applications. Mobile learning applications deployed in the cloud are a new research direction. The applications require specific development approaches for effective and reliable communication. This paper proposes an interdisciplinary approach for design and development of mobile applications in the cloud. The approach includes front service toolkit and backend service toolkit. The front service toolkit packages data and sends it to a backend deployed in a cloud computing platform. The backend service toolkit manages rules and workflow, and then transmits required results to the front service toolkit. To further show feasibility of the approach, the paper introduces a case study and shows its performance

A Study of Android Malware Detection Techniques and Machine Learning

Android OS is one of the widely used mobile Operating Systems. The number of malicious applications and adwares are increasing constantly on par with the number of mobile devices. A great number of commercial signature based tools are available on the market which prevent to an extent the penetration and distribution of malicious applications. Numerous researches have been conducted which claims that traditional signature based detection system work well up to certain level and malware authors use numerous techniques to evade these tools. So given this state of affairs, there is an increasing need for an alternative, really tough malware detection system to complement and rectify the signature based system. Recent substantial research focused on machine learning algorithms that analyze features from malicious application and use those features to classify and detect unknown malicious applications. This study summarizes the evolution of malware detection techniques based on machine learning algorithms focused on the Android OS

Exploring Photo Privacy Protection on Smartphones

The proliferation of modern smartphone camera use in the past decade has resulted in unprecedented numbers of personal photos being taken and stored on popular devices. However, it has also caused privacy concerns. These photos sometimes contain potentially harmful information if they were to be leaked such as the personally identifiable information found on ID cards or in legal documents. With current security measures on iOS and Android phones, it is possible for 3rd party apps downloaded from official app stores or other locations to access the photo libraries on these devices without user knowledge or consent. Additionally, the prevalence of smartphone cameras in public has reduced personal privacy, as strangers are commonly photographed without permission. To mitigate the privacy risk posed by apps and unwanted public photos, this research project explores 3 main topics: developing a two-step method including permission analysis and system call analysis to identify the possibility of 3rd party applications accessing sensitive photos without user knowledge, developing an automated classifier to identify and protect private photos in smartphone media storage, and creating an accurate computer vision model for identifying bystanders in photos, so that their faces might be later blurred or otherwise obfuscated to protect their privacy. The resulting data from the system call analysis will hopefully improve public awareness on the vulnerabilities created by downloading untrustworthy apps. The private photo classifier and bystander detection model are able to achieve acceptable accuracy on the test datasets and can be used in future works to implement working systems to protect individual privacy in the aforementioned threat cases

A Survey on Android Malware Detection

Malwares are spreading around the world and infecting not only the end users but also large organizations and service providers. Android operating system seems to have attracted the most attention from Malicious code writer due to its popularity. Earlier, Signature based detection techniques were used to detect unknown malwares. But it was insufficient because these techniques were not able to detect unknown malwares (0-day attack). To analyze the malwares, static and dynamic techniques are used. Static analysis has advantage of being undetectable, as malware cannot modify its behavior during analysis. Despite number of detections and analysis techniques are in place, high detection accuracy of new malwares are still a critical issue. This survey paper highlights the existing detection and existing analysis methods used for the android Malicious code