research-article

Paranoid Android: versatile protection for smartphones

Authors:

Georgios Portokalidis,

Philip Homburg,

Kostas Anagnostakis,

Herbert BosAuthors Info & Claims

ACSAC '10: Proceedings of the 26th Annual Computer Security Applications Conference

Pages 347 - 356

https://doi.org/10.1145/1920261.1920313

Published: 06 December 2010 Publication History

Abstract

Smartphone usage has been continuously increasing in recent years. Moreover, smartphones are often used for privacy-sensitive tasks, becoming highly valuable targets for attackers. They are also quite different from PCs, so that PC-oriented solutions are not always applicable, or do not offer comprehensive security. We propose an alternative solution, where security checks are applied on remote security servers that host exact replicas of the phones in virtual environments. The servers are not subject to the same constraints, allowing us to apply multiple detection techniques simultaneously. We implemented a prototype of this security model for Android phones, and show that it is both practical and scalable: we generate no more than 2KiB/s and 64B/s of trace data for high-loads and idle operation respectively, and are able to support more than a hundred replicas running on a single server.

References

[1]

F. Bellard. QEMU, a fast and portable dynamic translator. In Proc. of USENIX'05, April 2005.

Digital Library

[2]

M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. In Proc. of Crypto'96, pages 1--15, August 1996.

Digital Library

[3]

BlackBerry, Inc. BlackBerry Enterprise Server. http://na.blackberry.com/eng/services/business/server/full/.

[4]

J. Cheng, S. H. Wong, H. Yang, and S. Lu. SmartSiren: virus detection and alert for smartphones. In Proc. of MobiSys'07, pages 258--271, June 2007.

Digital Library

[5]

J. Chow, T. Garfinkel, and P. M. Chen. Decoupling dynamic program analysis from execution in virtual environments. In Proc. of USENIX'08, pages 1--14, June 2008.

Digital Library

[6]

B.-G. Chun and P. Maniatis. Augmented smartphone applications through clone cloud execution. In Proc. of HotOS XII, May 2009.

Digital Library

[7]

A. T. W. I. company. Top 500 global sites. http://www.alexa.com/topsites.

[8]

M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-end containment of internet worm epidemics. In Proc. of SOSP'05, October 2005.

Digital Library

[9]

P. J. Courtois, F. Heymans, and D. L. Parnas. Concurrent control with "readers" and "writers". Commun. ACM, 14(10):667--668, 1971.

Digital Library

[10]

D. E. Denning. A lattice model of secure information flow. Commun. ACM, 19(5):236--243, 1976.

Digital Library

[11]

G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. Revirt: Enabling intrusion analysis through virtual-machine logging and replay. In Proc. of OSDI'02, pages 211--224, December 2002.

Digital Library

[12]

G. W. Dunlap, D. G. Lucchetti, M. A. Fetterman, and P. M. Chen. Execution replay of multiprocessor virtual machines. In Proc. of VEE '08, pages 121--130, March 2008.

Digital Library

[13]

W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proc. of CCS, pages 235--245, 2009.

Digital Library

[14]

F-Secure. "sexy view" trojan on symbian s60 3rd edition. http://www.f-secure.com/weblog/archives/00001609.html, February 2008.

[15]

J. Giffin, S. Jha, and B. Miller. Efficient context-sensitive intrusion detection. In Proc of NDSS'04, February 2004.

[16]

Z. Guo, X. Wang, J. Tang, X. Liu, Z. Xu, M. Wu, M. F. Kaashoek, and Z. Zhang. R2: An application-level kernel for record and replay. In Proc. of OSDI, 2008.

Digital Library

[17]

L. Hatton. Reexamining the fault density component size connection. Software, IEEE, 14(2):89--97, 1997.

Digital Library

[18]

V. Kiriansky, D. Bruening, and S. P. Amarasinghe. Secure execution via program shepherding. In Proc. of the 11^th USENIX Security Symposium, pages 191--206, August 2002.

Digital Library

[19]

T. Leblanc and J. Mellor-Crummey. Debugging parallel programs with instant replay. IEEE Transactions on Computers, 36(4):471--482, 1987.

Digital Library

[20]

G. Legg. The bluejacking, bluesnarfing, bluebugging blues: Bluetooth faces perception of vulnerability. http://www.wirelessnetdesignline.com/192200279?printableArticle=true, August 2005.

[21]

L. Liu, G. Yan, X. Zhang, and S. Chen. VirusMeter: Preventing your cellphone from spies. In Proc. of RAID, pages 244--264, 2009.

Digital Library

[22]

D. Malkhi and M. K. Reiter. Secure execution of java applets using a remote playground. IEEE Trans. Softw. Eng., 26(12):1197--1209, 2000.

Digital Library

[23]

P. Montesinos, M. Hicks, S. T. King, and J. Torrellas. Capo: a software-hardware interface for practical deterministic multiprocessor replay. In Proc. of ASPLOS '09, pages 73--84, March 2009.

Digital Library

[24]

H. Moore. Cracking the iPhone (part 1). http://blog.metasploit.com/2007/10/cracking-iphone-part-1.html, October 2007.

[25]

R. Naraine. Google Android vulnerable to drive-by browser exploit. http://blogs.zdnet.com/security/?p=2067, October 2008.

[26]

S. Narayanasamy, G. Pokam, and B. Calder. BugNet: Continuously recording program execution for deterministic replay debugging. SIGARCH Comput. Archit. News, 33(2):284--295, 2005.

Digital Library

[27]

J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proc. of NDSS'05, February 2005.

[28]

Niacin and Dre. The iPhone/iTouch tif exploit is now officially released. Available at http://toc2rta.com/?q=node/23, October 2007.

[29]

J. Oberheide, E. Cooke, and F. Jahanian. CloudAV: N-version antivirus in the network cloud. In Proc. of the 17^th USENIX Security Symposium, San Jose, CA, July 2008.

Digital Library

[30]

J. Oberheide, K. Veeraraghavan, E. Cooke, J. Flinn, and F. Jahanian. Virtualized in-cloud security services for mobile devices. In Proc. of MobiVirt '08, pages 31--35, June 2008.

Digital Library

[31]

oCERT. CVE-2009-0475: OpenCORE insufficient boundary checking during MP3 decoding. http://www.ocert.org/advisories/ocert-2009-002.html, January 2009.

[32]

A. Ozment and S. E. Schechter. Milk or wine: Does software security improve with age? In Proc. of the 15^th USENIX Security Symposium, July 2006.

Digital Library

[33]

I. PalmSource. OpenBinder. http://www.angryredplanet.com/~hackbod/openbinder/docs/html/index.html, 2005.

[34]

G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid Android: Zero-day protection for smartphones using the cloud. Technical report, Vrije Universiteit Amsterdam, 2010.

[35]

G. Portokalidis, A. Slowinska, and H. Bos. Argos: an emulator for fingerprinting zero-day attacks. In Proc. of ACM EuroSys, April 2006.

Digital Library

[36]

N. Provos. Improving host security with system call policies. In Proc. of the 12^th USENIX Security Symposium, August 2003.

Digital Library

[37]

M. Ronsse and K. De Bosschere. RecPlay: a fully integrated practical record/replay system. ACM Trans. Comput. Syst., 17(2):133--152, 1999.

Digital Library

[38]

M. Russinovich and B. Cogswell. Replay for concurrent non-deterministic shared-memory applications. In Proc. of PLDI '96, pages 258--266, May 1996.

Digital Library

[39]

V3.co.uk. BlackBerry 'kill pill' vital for IT security. http://www.v3.co.uk/vnunet/news/2159105/blackberry-kill-pill-vital.

[40]

K. Vikram, A. Prateek, and B. Livshits. Ripley: automatically securing web 2.0 applications through replicated execution. In Proc. of CCS, pages 173--186, 2009.

Digital Library

[41]

J. Xu and N. Nakka. Defeating memory corruption attacks via pointer taintedness detection. In Proc. of DSN '05, pages 378--387, June 2005.

Digital Library

[42]

M. Xu, R. Bodik, and M. D. Hill. A "flight data recorder" for enabling full-system multiprocessor deterministic replay. SIGARCH Comput. Archit. News, 31(2):122--135, 2003.

Digital Library

Cited By

Yıldırım MDemirer V(2024)A Scale Development and Application Study on Smartphone Security AwarenessGazi University Journal of Science10.35378/gujs.142798437:4(1691-1705)Online publication date: 1-Dec-2024
https://doi.org/10.35378/gujs.1427984
George B(2024)Evaluating features of mobile phone technology needed to access library services in Mount Kenya University library in KenyaIP Indian Journal of Library Science and Information Technology10.18231/j.ijlsit.2023.0178:2(99-104)Online publication date: 15-Jan-2024
https://doi.org/10.18231/j.ijlsit.2023.017
Mahindru AArora HKumar AGupta SMahajan SKadry SKim J(2024)PermDroid a framework developed using proposed feature selection approach and machine learning techniques for Android malware detectionScientific Reports10.1038/s41598-024-60982-y14:1Online publication date: 10-May-2024
https://doi.org/10.1038/s41598-024-60982-y
Show More Cited By

Index Terms

Paranoid Android: versatile protection for smartphones
1. Software and its engineering

Recommendations

Android: Changing the Mobile Landscape

The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...
Detecting repackaged smartphone applications in third-party android marketplaces
CODASPY '12: Proceedings of the second ACM conference on Data and Application Security and Privacy

Recent years have witnessed incredible popularity and adoption of smartphones and mobile devices, which is accompanied by large amount and wide variety of feature-rich smartphone applications. These smartphone applications (or apps), typically organized ...
A bundle protocol implementation for android devices
Mobicom '12: Proceedings of the 18th annual international conference on Mobile computing and networking

In this demo we present IBR-DTN for Android: IBR-DTN is a fully featured RFC5050 compliant Bundle Protocol implementation that can run on un-rooted Android devices starting from Android Version 2.3 (Gingerbread). IBR-DTN for Android supports all ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '10: Proceedings of the 26th Annual Computer Security Applications Conference

December 2010

419 pages

ISBN:9781450301336

DOI:10.1145/1920261

Conference Chair:
Carrie Gates
CA Labs
,
Program Chairs:
Michael Franz
University of California, Irvine
,
John McDermott
Naval Research Lab

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 December 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Seventh Framework Programme

Conference

ACSAC '10

Sponsor:

ACSA

ACSAC '10: 2010 Annual Computer Security Applications Conference

December 6 - 10, 2010

Texas, Austin, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

227
Total Citations
View Citations
3,084
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)4

Reflects downloads up to 27 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yıldırım MDemirer V(2024)A Scale Development and Application Study on Smartphone Security AwarenessGazi University Journal of Science10.35378/gujs.142798437:4(1691-1705)Online publication date: 1-Dec-2024
https://doi.org/10.35378/gujs.1427984
George B(2024)Evaluating features of mobile phone technology needed to access library services in Mount Kenya University library in KenyaIP Indian Journal of Library Science and Information Technology10.18231/j.ijlsit.2023.0178:2(99-104)Online publication date: 15-Jan-2024
https://doi.org/10.18231/j.ijlsit.2023.017
Mahindru AArora HKumar AGupta SMahajan SKadry SKim J(2024)PermDroid a framework developed using proposed feature selection approach and machine learning techniques for Android malware detectionScientific Reports10.1038/s41598-024-60982-y14:1Online publication date: 10-May-2024
https://doi.org/10.1038/s41598-024-60982-y
Mahindru ASharma SMittal M(2023)YarowskyDroid: Semi-supervised based Android malware detection using federation learning2023 International Conference on Advancement in Computation & Computer Technologies (InCACCT)10.1109/InCACCT57535.2023.10141735(380-385)Online publication date: 5-May-2023
https://doi.org/10.1109/InCACCT57535.2023.10141735
Mahindru A(2023)ANNDroid: A Framework for Android Malware Detection Using Feature Selection Techniques and Machine Learning AlgorithmsMobile Application Development: Practice and Experience10.1007/978-981-19-6893-8_5(47-69)Online publication date: 1-Jan-2023
https://doi.org/10.1007/978-981-19-6893-8_5
Mahindru AArora H(2023)DNNdroid: Android Malware Detection Framework Based on Federated Learning and Edge ComputingAdvancements in Smart Computing and Information Security10.1007/978-3-031-23095-0_7(96-107)Online publication date: 11-Jan-2023
https://doi.org/10.1007/978-3-031-23095-0_7
Okebule TAdeyemo OOlatunji KAwe A(2022)Review of Works Content Analyzer for Information Leakage Detection and Prevention in Android Smart DevicesABUAD International Journal of Natural and Applied Sciences10.53982/aijnas.2022.0201.02-j2:1(12-28)Online publication date: 30-Mar-2022
https://doi.org/10.53982/aijnas.2022.0201.02-j
Yadav CSingh JYadav APattanayak HKumar RKhan AHaq MAlhussen AAlharby S(2022)Malware Analysis in IoT & Android Systems with Defensive MechanismElectronics10.3390/electronics1115235411:15(2354)Online publication date: 28-Jul-2022
https://doi.org/10.3390/electronics11152354
Ali HBatool KYousaf MIslam Satti MNaseer SZahid SGardezi AShafiq MChoi J(2022)Security Hardened and Privacy Preserved Android Malware Detection Using Fuzzy Hash of Reverse Engineered Source CodeSecurity and Communication Networks10.1155/2022/79722302022(1-11)Online publication date: 12-Sep-2022
https://doi.org/10.1155/2022/7972230
Yadav CGupta S(2022)A Review on Malware Analysis for IoT and Android SystemSN Computer Science10.1007/s42979-022-01543-w4:2Online publication date: 21-Dec-2022
https://doi.org/10.1007/s42979-022-01543-w
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten