ABSTRACT
MagnetDroid is a novel artificial intelligence framework that integrates a security ontology, a multi-agent organisation, and a logical reasoning procedure to help build a bridge between the worlds of Android application analysis and law, with respect to privacy. Our contribution helps identify violations of the law by Android applications, as well as predict legal consequences. The resulting implementation of MagnetDroid can be useful to privacy-concerned users in order to acknowledge problems with the privacy of the applications they use, to application developers/publishers to help them identify which problems to fix, and to lawyers in order to provide an additional level of interpretation for any court when considering the privacy of Android applications.
- {n.d.}. 2018 UK Data Protection Act. https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted Available at https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted.Google Scholar
- {n.d.}. Android Market Share. https://www.statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems Available at https://www.statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems.Google Scholar
- {n.d.}. The Network and Information Systems Regulations 2018. http://www.legislation.gov.uk/uksi/2018/506/made Available at http://www.legislation.gov.uk/uksi/2018/506/made.Google Scholar
- {n.d.}. Security | Android Open Source Project. https://source.android.com/security Available at https://source.android.com/security.Google Scholar
- {n.d.}. The Transport Layer Security (TLS) Protocol Version 1.3. https://tools.ietf.org/html/rfc8446 Available at https://tools.ietf.org/html/rfc8446.Google Scholar
- Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Acm Sigplan Notices 49, 6 (2014), 259--269. Google ScholarDigital Library
- Alexandre Bartel, Jacques Klein, Yves Le Traon, and Martin Monperrus. 2012. Dexpler: converting android dalvik bytecode to jimple for static analysis with soot. In Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis. ACM, 27--38. Google ScholarDigital Library
- Trevor Bench-Capon. 1997. Argument in Artificial Intelligence and Law. Artificial Intelligence and Law 5, 4 (Dec 1997), 249--261. Google ScholarDigital Library
- Trevor Bench-Capon and Marek Sergot. 1989. Towards a Rule Based Representation of Open Texture in Law. In Computing Power and Legal Reasoning, Charles Walter (Ed.). Greenwood Press, Chapter 6, 39--60.Google Scholar
- Michael Bierma, Eric Gustafson, Jeremy Erickson, David Fritz, and Yung Ryn Choe. 2014. Andlantis: Large-scale Android dynamic analysis. arXiv preprint arXiv:1410.7751 (2014).Google Scholar
- Stefano Bromuri and Kostas Stathis. 2008. Situating cognitive agents in GOLEM. Engineering environment-mediated multi-agent systems (2008), 115--134.Google Scholar
- Keith L. Clark. 1977. Negation as Failure. In Logic and Data Bases, Symposium on Logic and Data Bases, Centre d'études et de recherches de Toulouse, France, 1977. (Advances in Data Base Theory), Hervé Gallaire and Jack Minker (Eds.). Plemum Press, New York, 293--322.Google Scholar
- D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280. RFC Editor. http://www.rfc-editor.org/rfc/rfc5280.txt http://www.rfc-editor.org/rfc/rfc5280.txt.Google Scholar
- Anthony Desnos et al. 2011. Androguard. URL: https://github.com/androguard/androguard (2011).Google Scholar
- Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2012. A survey on automated dynamic malware-analysis techniques and tools. ACM computing surveys (CSUR) 44, 2 (2012), 6. Google ScholarDigital Library
- William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. 2014. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS) 32, 2 (2014), 5. Google ScholarDigital Library
- 2016. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union L119 (4 May 2016), 1--88. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOCGoogle Scholar
- Sascha Fahl, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, and Matthew Smith. 2012. Why Eve and Mallory love Android: An analysis of Android SSL (in) security. In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 50--61. Google ScholarDigital Library
- Yu Feng, Saswat Anand, Isil Dillig, and Alex Aiken. 2014. Apposcopy: Semantics-based detection of android malware through static analysis. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, 576--587. Google ScholarDigital Library
- Andrea Gianazza, Federico Maggi, Aristide Fattori, Lorenzo Cavallaro, and Stefano Zanero. 2014. Puppetdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applications. arXiv preprint arXiv:1402.4826 (2014).Google Scholar
- Lance J Hoffman. 2012. Building in big brother: the cryptographic policy debate. Springer Science & Business Media.Google Scholar
- Hideaki Ishii and Roberto Tempo. 2014. The PageRank problem, multiagent consensus, and web aggregation: A systems and control viewpoint. IEEE Control Systems 34, 3 (2014), 34--53.Google ScholarCross Ref
- Antonis C. Kakas, Paolo Mancarella, Fariba Sadri, Kostas Stathis, and Francesca Toni. 2008. Computational Logic Foundations of KGP Agents. J. Artif. Intell. Res. (JAIR) 33 (2008), 285--348. Google ScholarDigital Library
- S Karthika, S Gunanandhini, and Mr A Vijayanarayanan. 2013. Android Based Effective and Efficient Search Engine Retrieval System Using Ontology. IJREAT International Journal of Research in Engineering & Advanced Technology 1, 1 (2013).Google Scholar
- Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor Van Der Veen, and Christian Platzer. 2014. Andrubis--1,000,000 apps later: A view on current Android malware behaviors. In Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2014 Third International Workshop on. IEEE, 3--17. Google ScholarDigital Library
- Federico Maggi, Andrea Valdi, and Stefano Zanero. 2013. AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors. In Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices. ACM, 49--54. Google ScholarDigital Library
- Bodo Möller, Thai Duong, and Krzysztof Kotowicz. 2014. This POODLE bites: exploiting the SSL 3.0 fallback. Security Advisory (2014).Google Scholar
- Juan Antonio Morente-Molinera, Robin Wikström, Enrique Herrera-Viedma, and Christer Carlsson. 2016. A linguistic mobile decision support system based on fuzzy ontology to facilitate knowledge mobilization. Decision Support Systems 81 (2016), 66--75. Google ScholarDigital Library
- Nils J. Nilsson. 1994. Teleo-reactive Programs for Agent Control. J. Artif. Int. Res. 1, 1 (Jan. 1994), 139--158. Google ScholarDigital Library
- H. Prakken and G. Sartor. 1997. A Dialectical Model of Assessing Conflicting Arguments in Legal Reasoning. Springer Netherlands, Dordrecht, 175--211.Google Scholar
- Claudio Rizzo, Lorenzo Cavallaro, and Johannes Kinder. 2018. BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews. In Research in Attacks, Intrusions, and Defenses, Michael Bailey, Thorsten Holz, Manolis Stamatogiannakis, and Sotiris Ioannidis (Eds.). Springer International Publishing, Cham, 25--46.Google Scholar
- Pedro Sánchez, Bárbara Álvarez, Ramón Martínez, and Andrés Iborra. 2017. Embedding statecharts into Teleo-Reactive programs to model interactions between agents. Journal of Systems and Software 131 (2017), 78--97. Google ScholarDigital Library
- Ferial Shayeganfar, Amin Anjomshoaa, and A Min Tjoa. 2008. A smart indoor navigation solution based on building information model and google android. In International Conference on Computers for Handicapped Persons. Springer, 1050--1056. Google ScholarDigital Library
- Kerry-Louise Skillen, Liming Chen, Chris D Nugent, Mark P Donnelly, and Ivar Solheim. 2012. A user profile ontology based approach for assisting people with dementia in mobile environments. In Engineering in Medicine and Biology Society (EMBC), 2012 Annual International Conference of the IEEE. IEEE, 6390--6393.Google ScholarCross Ref
- David Sounthiraraj, Justin Sahs, Garret Greenwood, Zhiqiang Lin, and Latifur Khan. 2014. Smv-hunter: Large scale, automated detection of ssl/tls man-in-the-middle vulnerabilities in android apps. In In Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSSâĂŹ14. Citeseer.Google ScholarCross Ref
- Kostas Stathis. 2000. A Game-based Architecture for Developing Interactive Components in Computational Logic. Journal of Functional and Logic Programming 2000, 5 (March 2000).Google Scholar
- Kostas Stathis and Marek Sergot. 1996. Games as a Metaphor for Interactive Systems. In People and Computers XI, Martina Angela Sasse, R. Jim Cunningham, and Russel L. Winder (Eds.). Springer London, London, 19--33. Google ScholarDigital Library
- Kimberly Tam, Salahuddin J Khan, Aristide Fattori, and Lorenzo Cavallaro. 2015. CopperDroid: Automatic Reconstruction of Android Malware Behaviors.. In NDSS.Google Scholar
- Francesca Toni, Mary Grammatikou, Stella Kafetzoglou, Leonidas Lymberopoulos, Symeon Papavassileiou, Dorian Gaertner, Maxime Morge, Stefano Bromuri, Jarred McGinnis, Kostas Stathis, Vasa Curcin, Moustafa Ghanem, and Li Guo. 2008. The ArguGRID Platform: An Overview. In Grid Economics and Business Models, Jörn Altmann, Dirk Neumann, and Thomas Fahringer (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 217--225. Google ScholarDigital Library
- Edgaras Valincius, Hai H Nguyen, and Jeff Z Pan. 2015. A Power Consumption Benchmark Framework for Ontology Reasoning on Android Devices.. In ORE. 80--86.Google Scholar
- Johann Vincent, Christine Porquet, Maroua Borsali, and Harold Leboulanger. 2011. Privacy protection for smartphones: an ontology-based firewall. In IFIP International Workshop on Information Security Theory and Practices. Springer, 371--380. Google ScholarDigital Library
- Douglas Walton. 2005. Argumentation methods for artificial intelligence in law. Springer Science & Business Media. Google ScholarDigital Library
- Mark Witkowski and Kostas Stathis. 2004. A Dialectic Architecture for Computational Autonomy. In Agents and Computational Autonomy, Matthias Nickles, Michael Rovatsos, and Gerhard Weiss (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 261--273. Google ScholarDigital Library
- Michelle Y Wong and David Lie. 2016. IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware.. In NDSS, Vol. 16. 21--24.Google Scholar
- Lok-Kwong Yan and Heng Yin. 2012. DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis.. In USENIX security symposium. 569--584. Google ScholarDigital Library
- Roberto Yus, Carlos Bobed, Guillermo Esteban, Fernando Bobillo, and Eduardo Mena. 2013. Android goes Semantic: DL Reasoners on Smartphones.. In Ore. Citeseer, 46--52.Google Scholar
- Min Zheng, Mingshen Sun, and John CS Lui. 2014. DroidTrace: A ptrace based Android dynamic analysis system with forward execution capability. In Wireless Communications and Mobile Computing Conference (IWCMC), 2014 International. IEEE, 128--133.Google ScholarCross Ref
Index Terms
- MagnetDroid: security-oriented analysis for bridging privacy and law for Android applications
Recommendations
Enforcing fine-grained security and privacy policies in an ecosystem within an ecosystem
MobileDeLi 2015: Proceedings of the 3rd International Workshop on Mobile Development LifecycleSmart home automation and IoT promise to bring many advantages but they also expose their users to certain security and privacy vulnerabilities. For example, leaking the information about the absence of a person from home or the medicine somebody is ...
Legal issues surrounding monitoring during network research
IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurementThis work was motivated by a discussion that two of the coauthors (computer science professors) had with the other coauthor (a law professor and a former computer crime Trial Attorney at the U.S. Department of Justice), in which it was pointed out that ...
Comments