research-article

MagnetDroid: security-oriented analysis for bridging privacy and law for Android applications

Authors:
Emanuele Uliana

Department of Computer Science, Royal Holloway University of London, UK

Department of Computer Science, Royal Holloway University of London, UK
View Profile

,
Kostas Stathis

Department of Computer Science, Royal Holloway University of London, UK

Department of Computer Science, Royal Holloway University of London, UK
View Profile

,
Robert Jago

School of Law, Royal Holloway University of London, UK

School of Law, Royal Holloway University of London, UK
View Profile

ICAIL '19: Proceedings of the Seventeenth International Conference on Artificial Intelligence and LawJune 2019Pages 123–132https://doi.org/10.1145/3322640.3326729

Published:17 June 2019Publication History

ICAIL '19: Proceedings of the Seventeenth International Conference on Artificial Intelligence and Law

Pages 123–132

ABSTRACT

MagnetDroid is a novel artificial intelligence framework that integrates a security ontology, a multi-agent organisation, and a logical reasoning procedure to help build a bridge between the worlds of Android application analysis and law, with respect to privacy. Our contribution helps identify violations of the law by Android applications, as well as predict legal consequences. The resulting implementation of MagnetDroid can be useful to privacy-concerned users in order to acknowledge problems with the privacy of the applications they use, to application developers/publishers to help them identify which problems to fix, and to lawyers in order to provide an additional level of interpretation for any court when considering the privacy of Android applications.

References

{n.d.}. 2018 UK Data Protection Act. https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted Available at https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted.Google Scholar
{n.d.}. Android Market Share. https://www.statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems Available at https://www.statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems.Google Scholar
{n.d.}. The Network and Information Systems Regulations 2018. http://www.legislation.gov.uk/uksi/2018/506/made Available at http://www.legislation.gov.uk/uksi/2018/506/made.Google Scholar
{n.d.}. Security | Android Open Source Project. https://source.android.com/security Available at https://source.android.com/security.Google Scholar
{n.d.}. The Transport Layer Security (TLS) Protocol Version 1.3. https://tools.ietf.org/html/rfc8446 Available at https://tools.ietf.org/html/rfc8446.Google Scholar
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Acm Sigplan Notices 49, 6 (2014), 259--269. Google ScholarDigital Library
Alexandre Bartel, Jacques Klein, Yves Le Traon, and Martin Monperrus. 2012. Dexpler: converting android dalvik bytecode to jimple for static analysis with soot. In Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis. ACM, 27--38. Google ScholarDigital Library
Trevor Bench-Capon. 1997. Argument in Artificial Intelligence and Law. Artificial Intelligence and Law 5, 4 (Dec 1997), 249--261. Google ScholarDigital Library
Trevor Bench-Capon and Marek Sergot. 1989. Towards a Rule Based Representation of Open Texture in Law. In Computing Power and Legal Reasoning, Charles Walter (Ed.). Greenwood Press, Chapter 6, 39--60.Google Scholar
Michael Bierma, Eric Gustafson, Jeremy Erickson, David Fritz, and Yung Ryn Choe. 2014. Andlantis: Large-scale Android dynamic analysis. arXiv preprint arXiv:1410.7751 (2014).Google Scholar
Stefano Bromuri and Kostas Stathis. 2008. Situating cognitive agents in GOLEM. Engineering environment-mediated multi-agent systems (2008), 115--134.Google Scholar
Keith L. Clark. 1977. Negation as Failure. In Logic and Data Bases, Symposium on Logic and Data Bases, Centre d'études et de recherches de Toulouse, France, 1977. (Advances in Data Base Theory), Hervé Gallaire and Jack Minker (Eds.). Plemum Press, New York, 293--322.Google Scholar
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280. RFC Editor. http://www.rfc-editor.org/rfc/rfc5280.txt http://www.rfc-editor.org/rfc/rfc5280.txt.Google Scholar
Anthony Desnos et al. 2011. Androguard. URL: https://github.com/androguard/androguard (2011).Google Scholar
Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2012. A survey on automated dynamic malware-analysis techniques and tools. ACM computing surveys (CSUR) 44, 2 (2012), 6. Google ScholarDigital Library
William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. 2014. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS) 32, 2 (2014), 5. Google ScholarDigital Library
2016. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union L119 (4 May 2016), 1--88. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOCGoogle Scholar
Sascha Fahl, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, and Matthew Smith. 2012. Why Eve and Mallory love Android: An analysis of Android SSL (in) security. In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 50--61. Google ScholarDigital Library
Yu Feng, Saswat Anand, Isil Dillig, and Alex Aiken. 2014. Apposcopy: Semantics-based detection of android malware through static analysis. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, 576--587. Google ScholarDigital Library
Andrea Gianazza, Federico Maggi, Aristide Fattori, Lorenzo Cavallaro, and Stefano Zanero. 2014. Puppetdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applications. arXiv preprint arXiv:1402.4826 (2014).Google Scholar
Lance J Hoffman. 2012. Building in big brother: the cryptographic policy debate. Springer Science & Business Media.Google Scholar
Hideaki Ishii and Roberto Tempo. 2014. The PageRank problem, multiagent consensus, and web aggregation: A systems and control viewpoint. IEEE Control Systems 34, 3 (2014), 34--53.Google ScholarCross Ref
Antonis C. Kakas, Paolo Mancarella, Fariba Sadri, Kostas Stathis, and Francesca Toni. 2008. Computational Logic Foundations of KGP Agents. J. Artif. Intell. Res. (JAIR) 33 (2008), 285--348. Google ScholarDigital Library
S Karthika, S Gunanandhini, and Mr A Vijayanarayanan. 2013. Android Based Effective and Efficient Search Engine Retrieval System Using Ontology. IJREAT International Journal of Research in Engineering & Advanced Technology 1, 1 (2013).Google Scholar
Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor Van Der Veen, and Christian Platzer. 2014. Andrubis--1,000,000 apps later: A view on current Android malware behaviors. In Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2014 Third International Workshop on. IEEE, 3--17. Google ScholarDigital Library
Federico Maggi, Andrea Valdi, and Stefano Zanero. 2013. AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors. In Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices. ACM, 49--54. Google ScholarDigital Library
Bodo Möller, Thai Duong, and Krzysztof Kotowicz. 2014. This POODLE bites: exploiting the SSL 3.0 fallback. Security Advisory (2014).Google Scholar
Juan Antonio Morente-Molinera, Robin Wikström, Enrique Herrera-Viedma, and Christer Carlsson. 2016. A linguistic mobile decision support system based on fuzzy ontology to facilitate knowledge mobilization. Decision Support Systems 81 (2016), 66--75. Google ScholarDigital Library
Nils J. Nilsson. 1994. Teleo-reactive Programs for Agent Control. J. Artif. Int. Res. 1, 1 (Jan. 1994), 139--158. Google ScholarDigital Library
H. Prakken and G. Sartor. 1997. A Dialectical Model of Assessing Conflicting Arguments in Legal Reasoning. Springer Netherlands, Dordrecht, 175--211.Google Scholar
Claudio Rizzo, Lorenzo Cavallaro, and Johannes Kinder. 2018. BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews. In Research in Attacks, Intrusions, and Defenses, Michael Bailey, Thorsten Holz, Manolis Stamatogiannakis, and Sotiris Ioannidis (Eds.). Springer International Publishing, Cham, 25--46.Google Scholar
Pedro Sánchez, Bárbara Álvarez, Ramón Martínez, and Andrés Iborra. 2017. Embedding statecharts into Teleo-Reactive programs to model interactions between agents. Journal of Systems and Software 131 (2017), 78--97. Google ScholarDigital Library
Ferial Shayeganfar, Amin Anjomshoaa, and A Min Tjoa. 2008. A smart indoor navigation solution based on building information model and google android. In International Conference on Computers for Handicapped Persons. Springer, 1050--1056. Google ScholarDigital Library
Kerry-Louise Skillen, Liming Chen, Chris D Nugent, Mark P Donnelly, and Ivar Solheim. 2012. A user profile ontology based approach for assisting people with dementia in mobile environments. In Engineering in Medicine and Biology Society (EMBC), 2012 Annual International Conference of the IEEE. IEEE, 6390--6393.Google ScholarCross Ref
David Sounthiraraj, Justin Sahs, Garret Greenwood, Zhiqiang Lin, and Latifur Khan. 2014. Smv-hunter: Large scale, automated detection of ssl/tls man-in-the-middle vulnerabilities in android apps. In In Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSSâĂ&Zacute;14. Citeseer.Google ScholarCross Ref
Kostas Stathis. 2000. A Game-based Architecture for Developing Interactive Components in Computational Logic. Journal of Functional and Logic Programming 2000, 5 (March 2000).Google Scholar
Kostas Stathis and Marek Sergot. 1996. Games as a Metaphor for Interactive Systems. In People and Computers XI, Martina Angela Sasse, R. Jim Cunningham, and Russel L. Winder (Eds.). Springer London, London, 19--33. Google ScholarDigital Library
Kimberly Tam, Salahuddin J Khan, Aristide Fattori, and Lorenzo Cavallaro. 2015. CopperDroid: Automatic Reconstruction of Android Malware Behaviors.. In NDSS.Google Scholar
Francesca Toni, Mary Grammatikou, Stella Kafetzoglou, Leonidas Lymberopoulos, Symeon Papavassileiou, Dorian Gaertner, Maxime Morge, Stefano Bromuri, Jarred McGinnis, Kostas Stathis, Vasa Curcin, Moustafa Ghanem, and Li Guo. 2008. The ArguGRID Platform: An Overview. In Grid Economics and Business Models, Jörn Altmann, Dirk Neumann, and Thomas Fahringer (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 217--225. Google ScholarDigital Library
Edgaras Valincius, Hai H Nguyen, and Jeff Z Pan. 2015. A Power Consumption Benchmark Framework for Ontology Reasoning on Android Devices.. In ORE. 80--86.Google Scholar
Johann Vincent, Christine Porquet, Maroua Borsali, and Harold Leboulanger. 2011. Privacy protection for smartphones: an ontology-based firewall. In IFIP International Workshop on Information Security Theory and Practices. Springer, 371--380. Google ScholarDigital Library
Douglas Walton. 2005. Argumentation methods for artificial intelligence in law. Springer Science & Business Media. Google ScholarDigital Library
Mark Witkowski and Kostas Stathis. 2004. A Dialectic Architecture for Computational Autonomy. In Agents and Computational Autonomy, Matthias Nickles, Michael Rovatsos, and Gerhard Weiss (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 261--273. Google ScholarDigital Library
Michelle Y Wong and David Lie. 2016. IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware.. In NDSS, Vol. 16. 21--24.Google Scholar
Lok-Kwong Yan and Heng Yin. 2012. DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis.. In USENIX security symposium. 569--584. Google ScholarDigital Library
Roberto Yus, Carlos Bobed, Guillermo Esteban, Fernando Bobillo, and Eduardo Mena. 2013. Android goes Semantic: DL Reasoners on Smartphones.. In Ore. Citeseer, 46--52.Google Scholar
Min Zheng, Mingshen Sun, and John CS Lui. 2014. DroidTrace: A ptrace based Android dynamic analysis system with forward execution capability. In Wireless Communications and Mobile Computing Conference (IWCMC), 2014 International. IEEE, 128--133.Google ScholarCross Ref

Index Terms

MagnetDroid: security-oriented analysis for bridging privacy and law for Android applications
1. Applied computing
  1. Law, social and behavioral sciences
    1. Law
2. Computing methodologies
  1. Artificial intelligence
    1. Distributed artificial intelligence
      1. Multi-agent systems

Recommendations

Scene of the Cybercrime
Read More
Enforcing fine-grained security and privacy policies in an ecosystem within an ecosystem
MobileDeLi 2015: Proceedings of the 3rd International Workshop on Mobile Development Lifecycle

Smart home automation and IoT promise to bring many advantages but they also expose their users to certain security and privacy vulnerabilities. For example, leaking the information about the absence of a person from home or the medicine somebody is ...
Read More
Legal issues surrounding monitoring during network research
IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement

This work was motivated by a discussion that two of the coauthors (computer science professors) had with the other coauthor (a law professor and a former computer crime Trial Attorney at the U.S. Department of Justice), in which it was pointed out that ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in

ICAIL '19: Proceedings of the Seventeenth International Conference on Artificial Intelligence and Law
June 2019
312 pages
ISBN:9781450367547
DOI:10.1145/3322640

Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 17 June 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Android
Intelligent Agents
Law
Logic Programming
Ontologies
Privacy
Security
Qualifiers
- research-article
- Research
- Refereed limited
Conference

Acceptance Rates
Overall Acceptance Rate69of169submissions,41%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 129
  Total Downloads
- Downloads (Last 12 months)7
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

MagnetDroid: security-oriented analysis for bridging privacy and law for Android applications

ICAIL '19: Proceedings of the Seventeenth International Conference on Artificial Intelligence and Law

ABSTRACT

References

Cited By

Index Terms

Recommendations

Scene of the Cybercrime

Enforcing fine-grained security and privacy policies in an ecosystem within an ecosystem

Legal issues surrounding monitoring during network research

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

MagnetDroid: security-oriented analysis for bridging privacy and law for Android applications

ICAIL '19: Proceedings of the Seventeenth International Conference on Artificial Intelligence and Law

ABSTRACT

References

Cited By

Index Terms

Recommendations

Scene of the Cybercrime

Enforcing fine-grained security and privacy policies in an ecosystem within an ecosystem

Legal issues surrounding monitoring during network research

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media