Android App Permission Manager

Slides:

Advertisements

Similar presentations

Pat Langley Computational Learning Laboratory Center for the Study of Language and Information Stanford University, Stanford, California

Advertisements

By James Kasten.  Motivation and Proposed Solution  Common Reputation System Errors  Design Principles and Considerations  Specific Design Specifications.

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

BYOD: RISKS, MATURITY, AND SOLUTIONS ADAM ELY

How to avoid Viruses and Malware on your Computer Use a firewall Using a firewall is like locking the front door to your house—it helps keep intruders.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

Optimize tomorrow today. TM 1 Optimize tomorrow today. Arlene Minkiewicz, Chief Scientist PRICE Systems, LLC Software.

CS691 Robin Kimzey Cell Phone Security a little computer in your pocket an easy target for malcontents.

H-1 Network Management Network management is the process of controlling a complex data network to maximize its efficiency and productivity The overall.

William Enck, Machigar Ongtang, and Patrick McDaniel.

Sophos Mobile Security

Introduction Our Topic: Mobile Security Why is mobile security important?

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 17: Code Mining.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

Lightweight Mobile Applications Certification: Prepared By: Rahul Biswas.

COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Protecting Mobile Users From Visual Privacy Attacks Mahmud Al-Noor Tareq Department of Computer Science and Engineering.

Permission-based Malware Detection in Android Devices REU fellow: Nadeen Saleh 1, Faculty mentor: Dr. Wenjia Li 2 Affiliation: 1. Florida Atlantic University,

Joseph Eckstrom. The issue  A Dr. Xuxian Jiang at NCSU studied 100,000 apps and the ad libraries that they used. He made some unsettling discoveries.

ACT: Attachment Chain Tracing Scheme for Virus Detection and Control Jintao Xiong Proceedings of the 2004 ACM workshop on Rapid malcode Presented.

Frequently Asked Questions NCSC Product Certification Payroll Anytime, Anywhere!

Can Change this on the Master Slide Monday, August 20, 2007Can change this on the Master Slide0 A Distributed Ranking Algorithm for the iTrust Information.

CompSci 725 RiskRanker Authors Michael Grace - North Carolina State University, Raleigh, NC, USA & NQ Mobile Security Research Center, Beijing, China Yajin.

Arpit Jain Mtech2. Outline Introduction Attacks Solution Experimental Evaluation References.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

A Framework for Detection and Measurement of Phishing Attacks Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 2/25/2016 Slide.

KASPERSKY INTERNET SECURITY multi-device  Average number of devices in households: 4.5  Consumer device diversity will continue to expand.

KASPERSKY INTERNET SECURITY FOR ANDROID. YOUR MOBILE DEVICES NEED PROTECTION More online communications and transaction are happening on tablets and phones.

DOWeR Detecting Outliers in Web Service Requests Master’s Presentation of Christian Blass.

WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE.

What is System Design? In System design, we use the requirements we developed in system analysis to create a blueprint of the future system Successful.

Windows Tutorial 5 Protecting Your Computer

Secure Connected Cars – SONG LI

The Price of Free Privacy Leakage in Personalized Mobile In-App Ads

Queensland University of Technology

Barracuda Web Security Flex

TriggerScope: Towards Detecting Logic Bombs in Android Applications

What is System Design? In System design, we use the requirements we developed in system analysis to create a blueprint of the future system Successful.

Homeland Security: Computer Protection

Investigation of Instructions for Password Generation

Lightweight Application Classification for Network Management

Protecting your mobile devices away from virus by a cloud-based approach Wei Wu.

Trends in my profession, Information Technology

Chapter 18 MobileApp Design

Android Application Permission Manager

Are these Ads Safe: Detecting Hidden A4acks through Mobile App-Web Interfaces Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, and Ryan Riley.

NEED OF JAILBREAKING IN IOS PENETRATION TESTING

Pradeo Security Systems

Cybersecurity Awareness

Methodologies for Data Preservation in IoT Platform

Project Management Complexity, Risks, Failure and Technology

Detecting Insider Information Theft Using Features from File Access Logs Every action, on your phone, on your computer, online, has some risk associated.

A survey of network anomaly detection techniques

Course Project Topics for CSE5469

What's in an Ad? Connor Leonhardt.

کتابهای تازه خریداری شده دروس عمومی 1397

Binghui Wang, Le Zhang, Neil Zhenqiang Gong

Mobile App Advertisements

CS-3013 Operating Systems Hugh C. Lauer

Attack and defense on learning-based security system

DEPLOYING SECURITY CONFIGURATION

The MobileIron® Threat Detection difference:

ELE 523E COMPUTATIONAL NANOELECTRONICS

Detection Detect the breach and protect the data. By,

The basics of Social Science Research Lecture 3

User-Centric Web Search: We-Centric Aspect

Chapter 10. Mobile Device Security

Practical Hidden Voice Attacks against Speech and Speaker Recognition Systems NDSS 2019 Hadi Abdullah, Washington Garcia, Christian Peeters, Patrick.

Windows 10 An Operating System

Presentation transcript:

Android App Permission Manager Katherine Schwartz Eralda Caushaj

The Goals Categorize apps into risk categories based on five factors Inform the user about possible threats to security and privacy Give the user control over the information accessed by their apps

Current Progress Basic functionalities of the app were already near completion Research into the area, examining various past approaches Working on explanation and pseudocode for the risk categorization algorithm

The App so far User can view any app’s permissions User is alerted about potential security threats Unnecessary risky functions in red text

Previous Works Kirin- Evaluates app permissions vs. a group of set rules Only looks at app permission combinations Probabilistic Generative Models- apply a machine learning model to app permissions to find anomalous apps Complex Requires large, high-quality training set Accuracy “in the wild” is unknown Benefit-adjusted Risk Signals- Risk is evaluated based on how rare a “critical” permission is in the app’s category Risk signals based solely on rarity of selected permissions, no other factors

The AAPM Approach

Categorizing Apps: The basics AAPM will examine a set of factors to compute risk categorization to show the user Algorithm will determine whether each factor in an app poses a risk. More risks leads to the app getting a higher risk categorization Safe – Benign – Malicious

Categorizing apps: The Factors Unnecessary app permissions Total number of privacy threats Number of dangerous permission combinations Number of ad networks How many permissions compared to category average

Advantages Takes multiple factors into account Easy to understand for both users and app developers Identifies not only malicious apps, but otherwise-benign apps that could pose a security risk Allows users to immediately mitigate security risks without removing the app in question (if their OS supports the feature)

References W. Enck, M. Ongtang, and P. McDaniel. “On lightweight mobile phone application certification,” in Proceedings of the 16th ACM conference on Computer and communications security, pp. 235–245, 2009. H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Using probabilistic generative models for ranking risks of Android apps. In Proceedings of the 2012 ACM conference on Computer and communications security, 2012. K. Allix, T. F. Bissyande, Q. Jérome, J. Klein, R. State, and Y. Le Traon. “Empirical assessment of machine learning-based malware detectors for android,” in Empirical Software Engineering, 2014. B. Pratim Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru and I. Molloy, "Android permissions: a perspective combining risks and benefits", SACMAT '12 Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pp. 13-22, 2012. Felt, A.P., Greenwood, K., Wagner, D. “The Effectiveness of Application Permissions,” in Proceedings of the USENIX Conference on Web Application Development, 2011.