MagnetDroid: security-oriented analysis for bridging privacy and law for Android applications
Pages 123 - 132
Abstract
MagnetDroid is a novel artificial intelligence framework that integrates a security ontology, a multi-agent organisation, and a logical reasoning procedure to help build a bridge between the worlds of Android application analysis and law, with respect to privacy. Our contribution helps identify violations of the law by Android applications, as well as predict legal consequences. The resulting implementation of MagnetDroid can be useful to privacy-concerned users in order to acknowledge problems with the privacy of the applications they use, to application developers/publishers to help them identify which problems to fix, and to lawyers in order to provide an additional level of interpretation for any court when considering the privacy of Android applications.
References
[1]
{n.d.}. 2018 UK Data Protection Act. https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted Available at https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted.
[2]
{n.d.}. Android Market Share. https://www.statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems Available at https://www.statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems.
[3]
{n.d.}. The Network and Information Systems Regulations 2018. http://www.legislation.gov.uk/uksi/2018/506/made Available at http://www.legislation.gov.uk/uksi/2018/506/made.
[4]
{n.d.}. Security | Android Open Source Project. https://source.android.com/security Available at https://source.android.com/security.
[5]
{n.d.}. The Transport Layer Security (TLS) Protocol Version 1.3. https://tools.ietf.org/html/rfc8446 Available at https://tools.ietf.org/html/rfc8446.
[6]
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Acm Sigplan Notices 49, 6 (2014), 259--269.
[7]
Alexandre Bartel, Jacques Klein, Yves Le Traon, and Martin Monperrus. 2012. Dexpler: converting android dalvik bytecode to jimple for static analysis with soot. In Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis. ACM, 27--38.
[8]
Trevor Bench-Capon. 1997. Argument in Artificial Intelligence and Law. Artificial Intelligence and Law 5, 4 (Dec 1997), 249--261.
[9]
Trevor Bench-Capon and Marek Sergot. 1989. Towards a Rule Based Representation of Open Texture in Law. In Computing Power and Legal Reasoning, Charles Walter (Ed.). Greenwood Press, Chapter 6, 39--60.
[10]
Michael Bierma, Eric Gustafson, Jeremy Erickson, David Fritz, and Yung Ryn Choe. 2014. Andlantis: Large-scale Android dynamic analysis. arXiv preprint arXiv:1410.7751 (2014).
[11]
Stefano Bromuri and Kostas Stathis. 2008. Situating cognitive agents in GOLEM. Engineering environment-mediated multi-agent systems (2008), 115--134.
[12]
Keith L. Clark. 1977. Negation as Failure. In Logic and Data Bases, Symposium on Logic and Data Bases, Centre d'études et de recherches de Toulouse, France, 1977. (Advances in Data Base Theory), Hervé Gallaire and Jack Minker (Eds.). Plemum Press, New York, 293--322.
[13]
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280. RFC Editor. http://www.rfc-editor.org/rfc/rfc5280.txt http://www.rfc-editor.org/rfc/rfc5280.txt.
[14]
Anthony Desnos et al. 2011. Androguard. URL: https://github.com/androguard/androguard (2011).
[15]
Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2012. A survey on automated dynamic malware-analysis techniques and tools. ACM computing surveys (CSUR) 44, 2 (2012), 6.
[16]
William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. 2014. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS) 32, 2 (2014), 5.
[17]
2016. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union L119 (4 May 2016), 1--88. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC
[18]
Sascha Fahl, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, and Matthew Smith. 2012. Why Eve and Mallory love Android: An analysis of Android SSL (in) security. In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 50--61.
[19]
Yu Feng, Saswat Anand, Isil Dillig, and Alex Aiken. 2014. Apposcopy: Semantics-based detection of android malware through static analysis. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, 576--587.
[20]
Andrea Gianazza, Federico Maggi, Aristide Fattori, Lorenzo Cavallaro, and Stefano Zanero. 2014. Puppetdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applications. arXiv preprint arXiv:1402.4826 (2014).
[21]
Lance J Hoffman. 2012. Building in big brother: the cryptographic policy debate. Springer Science & Business Media.
[22]
Hideaki Ishii and Roberto Tempo. 2014. The PageRank problem, multiagent consensus, and web aggregation: A systems and control viewpoint. IEEE Control Systems 34, 3 (2014), 34--53.
[23]
Antonis C. Kakas, Paolo Mancarella, Fariba Sadri, Kostas Stathis, and Francesca Toni. 2008. Computational Logic Foundations of KGP Agents. J. Artif. Intell. Res. (JAIR) 33 (2008), 285--348.
[24]
S Karthika, S Gunanandhini, and Mr A Vijayanarayanan. 2013. Android Based Effective and Efficient Search Engine Retrieval System Using Ontology. IJREAT International Journal of Research in Engineering & Advanced Technology 1, 1 (2013).
[25]
Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor Van Der Veen, and Christian Platzer. 2014. Andrubis--1,000,000 apps later: A view on current Android malware behaviors. In Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2014 Third International Workshop on. IEEE, 3--17.
[26]
Federico Maggi, Andrea Valdi, and Stefano Zanero. 2013. AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors. In Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices. ACM, 49--54.
[27]
Bodo Möller, Thai Duong, and Krzysztof Kotowicz. 2014. This POODLE bites: exploiting the SSL 3.0 fallback. Security Advisory (2014).
[28]
Juan Antonio Morente-Molinera, Robin Wikström, Enrique Herrera-Viedma, and Christer Carlsson. 2016. A linguistic mobile decision support system based on fuzzy ontology to facilitate knowledge mobilization. Decision Support Systems 81 (2016), 66--75.
[29]
Nils J. Nilsson. 1994. Teleo-reactive Programs for Agent Control. J. Artif. Int. Res. 1, 1 (Jan. 1994), 139--158.
[30]
H. Prakken and G. Sartor. 1997. A Dialectical Model of Assessing Conflicting Arguments in Legal Reasoning. Springer Netherlands, Dordrecht, 175--211.
[31]
Claudio Rizzo, Lorenzo Cavallaro, and Johannes Kinder. 2018. BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews. In Research in Attacks, Intrusions, and Defenses, Michael Bailey, Thorsten Holz, Manolis Stamatogiannakis, and Sotiris Ioannidis (Eds.). Springer International Publishing, Cham, 25--46.
[32]
Pedro Sánchez, Bárbara Álvarez, Ramón Martínez, and Andrés Iborra. 2017. Embedding statecharts into Teleo-Reactive programs to model interactions between agents. Journal of Systems and Software 131 (2017), 78--97.
[33]
Ferial Shayeganfar, Amin Anjomshoaa, and A Min Tjoa. 2008. A smart indoor navigation solution based on building information model and google android. In International Conference on Computers for Handicapped Persons. Springer, 1050--1056.
[34]
Kerry-Louise Skillen, Liming Chen, Chris D Nugent, Mark P Donnelly, and Ivar Solheim. 2012. A user profile ontology based approach for assisting people with dementia in mobile environments. In Engineering in Medicine and Biology Society (EMBC), 2012 Annual International Conference of the IEEE. IEEE, 6390--6393.
[35]
David Sounthiraraj, Justin Sahs, Garret Greenwood, Zhiqiang Lin, and Latifur Khan. 2014. Smv-hunter: Large scale, automated detection of ssl/tls man-in-the-middle vulnerabilities in android apps. In In Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSSâĂŹ14. Citeseer.
[36]
Kostas Stathis. 2000. A Game-based Architecture for Developing Interactive Components in Computational Logic. Journal of Functional and Logic Programming 2000, 5 (March 2000).
[37]
Kostas Stathis and Marek Sergot. 1996. Games as a Metaphor for Interactive Systems. In People and Computers XI, Martina Angela Sasse, R. Jim Cunningham, and Russel L. Winder (Eds.). Springer London, London, 19--33.
[38]
Kimberly Tam, Salahuddin J Khan, Aristide Fattori, and Lorenzo Cavallaro. 2015. CopperDroid: Automatic Reconstruction of Android Malware Behaviors. In NDSS.
[39]
Francesca Toni, Mary Grammatikou, Stella Kafetzoglou, Leonidas Lymberopoulos, Symeon Papavassileiou, Dorian Gaertner, Maxime Morge, Stefano Bromuri, Jarred McGinnis, Kostas Stathis, Vasa Curcin, Moustafa Ghanem, and Li Guo. 2008. The ArguGRID Platform: An Overview. In Grid Economics and Business Models, Jörn Altmann, Dirk Neumann, and Thomas Fahringer (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 217--225.
[40]
Edgaras Valincius, Hai H Nguyen, and Jeff Z Pan. 2015. A Power Consumption Benchmark Framework for Ontology Reasoning on Android Devices. In ORE. 80--86.
[41]
Johann Vincent, Christine Porquet, Maroua Borsali, and Harold Leboulanger. 2011. Privacy protection for smartphones: an ontology-based firewall. In IFIP International Workshop on Information Security Theory and Practices. Springer, 371--380.
[42]
Douglas Walton. 2005. Argumentation methods for artificial intelligence in law. Springer Science & Business Media.
[43]
Mark Witkowski and Kostas Stathis. 2004. A Dialectic Architecture for Computational Autonomy. In Agents and Computational Autonomy, Matthias Nickles, Michael Rovatsos, and Gerhard Weiss (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 261--273.
[44]
Michelle Y Wong and David Lie. 2016. IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware. In NDSS, Vol. 16. 21--24.
[45]
Lok-Kwong Yan and Heng Yin. 2012. DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis. In USENIX security symposium. 569--584.
[46]
Roberto Yus, Carlos Bobed, Guillermo Esteban, Fernando Bobillo, and Eduardo Mena. 2013. Android goes Semantic: DL Reasoners on Smartphones. In Ore. Citeseer, 46--52.
[47]
Min Zheng, Mingshen Sun, and John CS Lui. 2014. DroidTrace: A ptrace based Android dynamic analysis system with forward execution capability. In Wireless Communications and Mobile Computing Conference (IWCMC), 2014 International. IEEE, 128--133.
Index Terms
- MagnetDroid: security-oriented analysis for bridging privacy and law for Android applications
Recommendations
Enforcing fine-grained security and privacy policies in an ecosystem within an ecosystem
MobileDeLi 2015: Proceedings of the 3rd International Workshop on Mobile Development LifecycleSmart home automation and IoT promise to bring many advantages but they also expose their users to certain security and privacy vulnerabilities. For example, leaking the information about the absence of a person from home or the medicine somebody is ...
Legal issues surrounding monitoring during network research
IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurementThis work was motivated by a discussion that two of the coauthors (computer science professors) had with the other coauthor (a law professor and a former computer crime Trial Attorney at the U.S. Department of Justice), in which it was pointed out that ...
Comments
Information & Contributors
Information
Published In
June 2019
312 pages
ISBN:9781450367547
DOI:10.1145/3322640
Copyright © 2019 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
- Univ. of Montreal: University of Montreal
- AAAI
- IAAIL: Intl Asso for Artifical Intel & Law
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 17 June 2019
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
Conference
ICAIL '19
Sponsor:
ICAIL '19: Seventeenth International Conference on Artificial Intelligence and Law
June 17 - 21, 2019
QC, Montreal, Canada
Acceptance Rates
Overall Acceptance Rate 69 of 169 submissions, 41%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 135Total Downloads
- Downloads (Last 12 months)8
- Downloads (Last 6 weeks)2
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in