Mitigating Android Application Risk Through Permission Based Analysis And Risk Assessment Technique
Download Mitigating Android Application Risk Through Permission Based Analysis And Risk Assessment Technique PDF/ePub or read online books in Mobi eBooks. Click Download or Read Online button to get Mitigating Android Application Risk Through Permission Based Analysis And Risk Assessment Technique book now. This website allows unlimited access to, at the time of writing, more than 1.5 million titles, including hundreds of thousands of titles in various foreign languages.
Mitigating Android Application Risk Through Permission-based Analysis and Risk Assessment Technique
In this era, smartphones intrude upon our daily lives due to their computational capabilities and ease of use and carry. Almost everything can be accessed easily via smartphones such as emails, online banking, and health records. Therefore, a vast amount of valuable data ranging from personal information (e.g., text messages and contacts) to company information when companies utilize a bring your own device (BYOD) policy, are stored and handled by smartphones. This improvement and capabilities on smartphones encourage malware developers to develop more advanced attacks that are able to steal users' private information and cause financial losses to victims. Among different smartphone platforms, Android has become the most prevalent and fastest growing platform. Android devices, of which millions are in use today, are attractive due to their availability, lower cost, and open source philosophy. Thus, the popularity of Android has encouraged developers to create more applications to serve Android users. On the other hand, Android has become an attractive target for adversaries who construct different types of malicious applications and use different social engineering approaches to attract users to download and trust their applications. Importantly, malicious applications usually request permissions that are not related to their main functionality in order to access sensitive information or resources. Most users grant the requested permissions without understanding the potential harm of those applications and how the requested permissions can be misused to disclose private information. Built-in security mechanisms in the Android operating system (OS) provide various levels of protection for data and applications. One of these mechanisms is the permission model, which enables secure access to sensitive information and devices' resources. However, the Android permission model does not have specific professional standards that developers need to follow when they declare their applications' permissions. Consequently, this gives unscrupulous developers the flexibility to request permissions that are not related to their applications' main functionality. It is unfortunate that most users grant the requested permissions without understanding the potential harm of those applications and how the requested permissions can be misused to disclose private information. Moreover, the Android permission model does not impede privilege escalation or information leakage. In other words, the permission model is not fine-grained enough to provide sufficient means to control an application's activities and specify what private information or resources are accessible to the application. Therefore, considerable effort is needed to ensure the Android OS security, which has led to significant interest among researchers to alleviate its threats. Several proposed solutions have been introduced to address these issues. However, many of those solutions have crippling limitations that may invalidate their results. Therefore, there is a need for more powerful and effective solutions to mitigate the security challenges that the Android permission model causes. Hence, this research proposes a Permission Usage and Risk Estimation for Android (PUREDroid), a risk assessment model that informs the user about the risk level of an application and its requested permissions to help users make the right or better decision about whether to grant or deny a requested permission. PUREDroid measures the risk associated with the requested permissions within an application based on the application category. By constructing an optimal set of permissions for each category, each permission within an application from the same category is assigned to one of three security risk levels: Low, Moderate, or High risk level. PUREDroid measures the security risk of the Android application by extracting some information from inspected applications, including permissions, intents and APIs, and utilizing several supervised machine learning models to assign risk scores. PUREDroid is evaluated on more than 23000 applications, including 17316 benign applications and 5739 malware applications belonging to seven different categories, which are Books & Reference, Education, Entertainment, Lifestyle, Music & Audio, Photography, and Tools. The performance and evaluation shows that PUREDroid is able to predict risks for the applications based on their categories with a high accuracy rate and low false positive rate depending on the application's category. This outstanding performance is achieved by utilizing Extreme Gradient Boosting algorithm, which provides the highest performance among all of the other machine learning algorithms.
Detecting and Mitigating Robotic Cyber Security Risks
Risk detection and cyber security play a vital role in the use and success of contemporary computing. By utilizing the latest technological advances, more effective prevention techniques can be developed to protect against cyber threats. Detecting and Mitigating Robotic Cyber Security Risks is an essential reference publication for the latest research on new methodologies and applications in the areas of robotic and digital security. Featuring extensive coverage on a broad range of topics, such as authentication techniques, cloud security, and mobile robotics, this book is ideally designed for students, researchers, scientists, and engineers seeking current research on methods, models, and implementations of optimized security in digital contexts.
Application Security for the Android Platform
With the Android platform fast becoming a target of malicious hackers, application security is crucial. This concise book provides the knowledge you need to design and implement robust, rugged, and secure apps for any Android device. You’ll learn how to identify and manage the risks inherent in your design, and work to minimize a hacker’s opportunity to compromise your app and steal user data. How is the Android platform structured to handle security? What services and tools are available to help you protect data? Up until now, no single resource has provided this vital information. With this guide, you’ll learn how to address real threats to your app, whether or not you have previous experience with security issues. Examine Android’s architecture and security model, and how it isolates the filesystem and database Learn how to use Android permissions and restricted system APIs Explore Android component types, and learn how to secure communications in a multi-tier app Use cryptographic tools to protect data stored on an Android device Secure the data transmitted from the device to other parties, including the servers that interact with your app