Abstract
With the rapid development of Android-based smart phones and pads, android applications show explosive growth. Because third-party application market regulation is lax, many normal applications are embedded malicious code and then many security issues occur. The existing antivirus software cannot intercept malicious behaviors from those repackaged applications in many cases. To solve these problems, we propose a new method called RbacIP, which integrates RBAC into intercept and disposal process of malicious android applications. In RbacIP, the malicious behaviors of applications are monitored by inserting Linux kernel function call dynamically. Exploiting the Netlike technology, the information of malicious behaviors are feedback from the kernel layer to the user layer. On the user layer, depending on the roles assigned, android applications are authorized to the corresponding permissions. According to the characteristics of RBAC, it can achieve the minimum authorization for malicious applications. Meanwhile, to balance the user experience and his privacy protection needs, users are allowed to make fine-grained decision based on RBAC policy, rather than permit or prohibit. Finally, we implemented RbacIP in real android platform. Comprehensive experiments have been conducted, which demonstrate the effectiveness of the proposed method by the comparison with traditional HIPS systems at the malicious programs detection performance and resource consumption.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alazab, M., Moonsamy, V., Batten, L., et al.: Analysis of malicious and benign android applications. In: 2012 32nd International Conference on Distributed Computing System Workshops, pp. 608–616 (2012)
Stephen, F., Dillon, S., Bing, W.: Manilyzer: automated android malware detection through manifest analysis. In: IEEE 11th International Conference on Mobile Ad Hoc and Sensor Systems, pp. 767–772 (2014)
Patrick, P., Wen-Kai, S.: Static detection of android malware by using permissions and API calls. In: International Conference on Machine Learning and Cybernetics, pp. 82–87 (2015)
Daiyong, Q., Lidong, Z., Fan, Y., et al.: Detection of android malicious apps based on the sensitive behaviors. In: IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom, pp. 877–883 (2014)
Mingshen, S., Min, Z., John, C., et al.: Design and implementation of an android host-based intrusion prevention system. In: Proceedings of the 30th Annual Computer Security Applications Conference (2014)
Wen-Chieh, W., Shih-Hao, H.: DroidDolphin: a dynamic android malware detection framework using big data and machine learning. In: Proceedings of the 2014 Conference on Research in Adaptive and Convergent Systems (2014)
Qiang, W., Jason, C., Konstantin, B., et al.: Authorization recycling in hierarchical RBAC systems. ACM Trans. Inf. Syst. Secur. 14, 3 (2011)
Reinhard, T., Julio, S., Wolfgang, S., et al.: Dead or alive: finding zombie features in the linux kernel. In: Proceedings of the First International Workshop on Feature-Oriented Software Development (2009)
Jemin, L., Hyungshin, K.: Framework for automated power estimation of android applications. In: Proceeding of the 11th Annual International Conference on Mobile Systems, Applications, and Services (2013)
Zheng, S., Shijia, P., Yu-Chi, S., et al.: Headio: zero-configured heading acquisition for indoor mobile devices through multimodal context sensing. In: Proceedings of the 2013 ACM International Joint Conference on Pervasive and Ubiquitous Computing (2013)
Sebastian, F., Bert, A., Gerhard, T., et al.: CoenoFire: monitoring performance indicators of firefighters in real-world missions using smartphones. In: Proceedings of the 2013 ACM International Joint Conference on Pervasive and Ubiquitous Computing (2013)
Chuangang, R., Kai, C., Peng, L.: Droidmarking: resilient software water-marking for impeding android application repackaging. In: Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering (2014)
Kun, Y., Jianwei, Z., Yongke, W.: IntentFuzzer: detecting capability leaks of android applications. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (2014)
Acknowledgement
This work is supported by grants from the China National Science Foundation (Project No. 61502017), China 863 High-tech Programme (Project No. 2015AA016002). The authors would like to thank the anonymous reviewers for their constructive comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Lin, L., Ni, J., Hu, J., Zhang, J. (2016). RbacIP: A RBAC-Based Method for Intercepting and Processing Malicious Applications in Android Platform. In: Yung, M., Zhang, J., Yang, Z. (eds) Trusted Systems. INTRUST 2015. Lecture Notes in Computer Science(), vol 9565. Springer, Cham. https://doi.org/10.1007/978-3-319-31550-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-31550-8_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31549-2
Online ISBN: 978-3-319-31550-8
eBook Packages: Computer ScienceComputer Science (R0)