AppGuard - Fine-Grained Policy Enforcement for Untrusted Android Applications

  title={AppGuard - Fine-Grained Policy Enforcement for Untrusted Android Applications},
  author={Michael Backes and Sebastian Gerling and Christian Hammer and Matteo Maffei and Philipp von Styp-Rekowsky},
Android's success makes it a prominent target for malicious software. However, the user has very limited control over security-relevant operations. This work presents AppGuard, a powerful and flexible security system that overcomes these deficiencies. It enforces user-defined security policies on untrusted Android applications without requiring any changes to a smartphone's firmware, root access, or the like. Fine-grained and stateful security policies are expressed in a formal specification… 

Quantitative bounds on the security-critical resource consumption of JavaScript apps

PhoneWrap is the first system using the lightweight wrapping method to inject policies directly into mobile apps and the first to combine quantitative policies with interaction-dependencies and the correctness of these bounds is proven in relation to a resource-aware operational semantics.

Context Aware Dynamic Permission Model: A Retrospect of Privacy and Security in Android System

This paper inspects the emerging issues in permission based security mechanisms and proposes the concept of context aware dynamic permissions model (CAPM) for Android systems that can be proved helpful in protecting user's private data from being leaked simply by modifying the existing resource access mechanism.

Towards Mining Comprehensive Android Sandboxes

This work addresses the limitation of Jamrozik et al.'s work by considering input parameters of many different types of API methods for mining a more comprehensive sandbox that can protect users from malicious behaviors.

Institutional Knowledge at Singapore Management University Towards mining comprehensive Android sandboxes

—Android is the most widely used mobile operating system with billions of users and devices. The popularity of Android apps have enticed malware writers to target them. Recently, Jamrozik et al.

PhoneWrap - Injecting the "How Often" into Mobile Apps

The tool PhoneWrap is presented, which inserts fine-grained ticket-based policies into mobile JavaScript apps written with the PhoneGap framework and applied successfully to hand-crafted examples and real-world Android apps to show that accurate policies can be retrofitted.

A Large-Scale Investigation to Identify the Pattern of Permissions in Obfuscated Android Malwares

A large-scale investigation has been performed by developing python scripts to extract the pattern of permissions from an obfuscated malwares dataset named Android PRAGuard Dataset, and the patterns in a matrix form has been found and stored in a Comma Separated Values (CSV) file which will lead to the fundamental basis of detecting the obfuscatedmalwares.

Securing Android

This article distills the state of the art in Android security research and identifies potential research directions for safeguarding billions (and keep counting) of Android-run devices.

CA-ARBAC: privacy preserving using context-aware role-based access control on Android permission system

A context-aware role-based access control model that can provide dynamic permission granting and revoking while keeping the number of policies as small as possible is proposed.

MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention

MADAM is a novel host-based malware detection system for Android devices which simultaneously analyzes and correlates features at four levels: kernel, application, user and package, to detect and stop malicious behaviors.

Test Complement Exclusion: Guarantees from Dynamic Analysis

  • A. Zeller
  • Computer Science
    2015 IEEE 23rd International Conference on Program Comprehension
  • 2015
This talk introduces a method called Test Complement Exclusion that combines test generation and sand boxing to provide such a guarantee in the security domain, as it effectively detects and protects against unexpected changes of program behavior.



AppGuard - Enforcing User Requirements on Android Apps

This work presents AppGuard, a powerful and flexible system for the enforcement of user-customizable security policies on untrusted Android applications, which offers complete mediation of security-relevant methods based on callee-site inline reference monitoring.

I-ARM-Droid : A Rewriting Framework for In-App Reference Monitors for Android Applications

A rewriting framework for embedding In-App Reference Monitors (I-ARM) into Android applications to protect users from untrusted and potentially malicious applications is designed and implemented.

XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks

The design and implementation of XManDroid (eXtended Monitoring on Android), a security framework that extends the monitoring mechanism of Android to detect and prevent application-level privilege escalation attacks at runtime based on a system-centric system policy is presented.

Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android

This work presents a novel system that can replace existing platform permissions with finer-grained permissions, and found that it can replace many commonly used “dangerous” permissions with stricter permissions.

Towards Taming Privilege-Escalation Attacks on Android

A heuristic analysis of Android's system behavior is conducted to identify attack patterns, classify different adversary models, and point out the challenges to be tackled, and a system-centric and policy-driven runtime monitoring of communication channels between applications at multiple layers is proposed.

Android permissions demystified

Stowaway, a tool that detects overprivilege in compiled Android applications, is built and finds that about one-third of applications are overprivileged.

Dr. Android and Mr. Hide: fine-grained permissions in android applications

A suite of tools that allow fine-grained permissions to be inferred on existing apps; to be enforced by developers on their own apps; and to be retrofitted by users to increase security of existing apps without affecting functionality are developed.

Permission Re-Delegation: Attacks and Defenses

IPC Inspection prevents opportunities for permission redelegation by reducing an application's permissions after it receives communication from a less privileged application, and it is shown that it prevents the attacks found in the Android system applications.

Idea: Callee-Site Rewriting of Sealed System Libraries

This work proposes a novel approach to inline reference monitoring that abstains from caller-site instrumentation even in the case where the monitored method is part of a sealed library and effectively allows callee-site rewriting.

On lightweight mobile phone application certification

The Kirin security service for Android is proposed, which performs lightweight certification of applications to mitigate malware at install time and indicates that security configuration bundled with Android applications provides practical means of detecting malware.