A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID David Barrera, H. Güne¸s Kayacık, P.C. van Oorschot, Anil Somayaji Carleton University, Ottawa, ON, Canada ACM CCS(2010)

Agenda  Introduction  Access control systems  Permission-Based Security  Related Work  Android Permission Model  Self-Organizing Maps(SOM)  Result  Further Discussion&Conclusion

Introduction  Restrict actions on specific resources  Access control lists (ACLs)  permission-based security models  Empirical analysis  Objectives investigate how the permission-based system in Android is used in practice Identify the strengths and limitations of the current implementation

Introduction  Android uses ACLs extensively to mediate inter- process communication (IPC) and to control access to special functionality on the device  Advantages Prevent malware inform users what applications are capable of doing once installed  Contribution  a novel methodology for exploring and empirically analyzing permission-based models

 Access control lists allows a subject to perform an action on an object only if the subject has been assigned the necessary permissions.  More sophisticated ACL-based systems allow the specification of a complex policy to control more parameters of how an object can be accessed.  Each ACL only restricts access to one action. Access control systems

Permission-Based Security  Android requires that developers declare in a manifest a list of permissions which the user must accept prior to installing an application  Google Chrome web browser uses a permission- based architecture in its extension system  Blackberry OS enforces through signature validation that an application has been granted permissions to access the controlled APIs

Related Work  Enck et al. describe the design and implementation of a framework to detect potentially malicious applications based on permissions requested by Android applications  Barth et al. analyzed 25 browser extensions for Firefox and identified that 78% are given more privileges than necessary

Android Permission Model  Android Market  Android applications are written in Java syntax and each run in a custom virtual machine known as Dalvik  Any third party application can define new Functionality

Android Permission Model  Every application written for the Android platform must include an XML-formatted file named AndroidManifest.xml.  Permissions are enforced by Android at runtime, but must be accepted by the user at install time

Android Permission Model

Self-Organizing Maps(SOM)  SOM is a type of neural network algorithm, which employs unsupervised learning  Characteristics:  SOM provides a 2-dimensional visualization of the high dimensional data  the component analysis of SOM can identify correlation between permissions.

Self-Organizing Maps(SOM)    



Results  Effectively clustering the applications requesting similar permissions into the same neighborhood.  Winner-take-all  Applications from different categories can request similar sets of permissions

Results  a.p.INTERNET permission is requested by the majority of applications in our dataset (over 60%)

Results  The analysis of component planes can reveal correlations between permissions  a.p.INTERNET permission fails to provide sufficiently fine-grained control of the resources  Many permissions are requested by only a few applications.

Further Discussion&Conclusion  Having finer-grained permissions in a permission-based system enables users to have detailed control over what actions are allowed to take place  Enhancements:  Logical permission grouping → fine-grained hierarchical permission  Logically grouping all self-defined permissions under one category  Hope that the SOM-based methodology, including visualization, is of use to others exploring independent permission-based models