TY - GEN
T1 - On lightweight mobile phone application certification
AU - Enck, William
AU - Ongtang, MacHigar
AU - McDaniel, Patrick
PY - 2009
Y1 - 2009
N2 - Users have begun downloading an increasingly large number of mobile phone applications in response to advancements in handsets and wireless networks. The increased number of applications results in a greater chance of installing Trojans and similar malware. In this paper, we propose the Kirin security service for Android, which performs lightweight certification of applications to mitigate malware at install time. Kirin certification uses security rules, which are templates designed to conservatively match undesirable properties in security configuration bundled with applications. We use a variant of security requirements engineering techniques to perform an in-depth security analysis of Android to produce a set of rules that match malware characteristics. In a sample of 311 of the most popular applications downloaded from the official Android Market, Kirin and our rules found 5 applications that implement dangerous functionality and therefore should be installed with extreme caution. Upon close inspection, another five applications asserted dangerous rights, but were within the scope of reasonable functional needs. These results indicate that security configuration bundled with Android applications provides practical means of detecting malware.
AB - Users have begun downloading an increasingly large number of mobile phone applications in response to advancements in handsets and wireless networks. The increased number of applications results in a greater chance of installing Trojans and similar malware. In this paper, we propose the Kirin security service for Android, which performs lightweight certification of applications to mitigate malware at install time. Kirin certification uses security rules, which are templates designed to conservatively match undesirable properties in security configuration bundled with applications. We use a variant of security requirements engineering techniques to perform an in-depth security analysis of Android to produce a set of rules that match malware characteristics. In a sample of 311 of the most popular applications downloaded from the official Android Market, Kirin and our rules found 5 applications that implement dangerous functionality and therefore should be installed with extreme caution. Upon close inspection, another five applications asserted dangerous rights, but were within the scope of reasonable functional needs. These results indicate that security configuration bundled with Android applications provides practical means of detecting malware.
UR - http://www.scopus.com/inward/record.url?scp=74049155830&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=74049155830&partnerID=8YFLogxK
U2 - 10.1145/1653662.1653691
DO - 10.1145/1653662.1653691
M3 - Conference contribution
AN - SCOPUS:74049155830
SN - 9781605583525
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 235
EP - 245
BT - CCS'09 - Proceedings of the 16th ACM Conference on Computer and Communications Security
T2 - 16th ACM Conference on Computer and Communications Security, CCS'09
Y2 - 9 November 2009 through 13 November 2009
ER -