Ask a(n)droid to tell you the odds: probabilistic security-by-contract for mobile devices

被引：4

作者：

Aldini, Alessandro ^{[2
]}

La Marra, Antonio ^{[3
]}

Martinelli, Fabio ^{[1
]}

Saracino, Andrea ^{[1
]}

机构：

[1] CNR, Ist Informat & Telemat, Pisa, Italy

[2] Univ Urbino, Dipartimento Sci Pure & Applicate, Urbino, Italy

[3] Secur Forge Srl, Pisa, Italy

来源：

SOFT COMPUTING | 2021年 / 25卷 / 03期

基金：

欧盟地平线“2020”;

关键词：

Security-by-contract; Android; Statistical analysis; Probabilistic model checking; MALWARE; SYSTEM;

D O I：

10.1007/s00500-020-05299-4

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Security-by-contract is a paradigm proposed for the secure installation, usage, and monitoring of apps into mobile devices, with the aim of establishing, controlling, and, if necessary, enforcing security-critical behaviors. In this paper, we extend this paradigm with new functionalities allowing for a quantitative estimation of such behaviors, in order to reveal in real time the more and more challenging subtleties of new-generation malware and repackaged apps. The novel paradigm is based on formal means and techniques ranging from statistical analysis to probabilistic model checking. The framework, deployed in the Android environment, is evaluated by examining both its effectiveness with respect to a benchmark of real-world malware and its effect on the execution of genuine, secure apps.

引用

页码：2295 / 2314

页数：20

共 43 条

[1]

Aldini A, 2004, LECT NOTES ARTIF INT, V2946, P1

[2]

Aldini A., 2004, ELECT NOTES THEORETI, V99, P155

[3] A formal approach to the integrated analysis of security and QoS [J].

Aldini, Alessandro ;

Bernardo, Marco .

RELIABILITY ENGINEERING & SYSTEM SAFETY, 2007, 92 (11) :1503-1520

[4] Design and validation of a trust-based opportunity-enabled risk management system [J].

Aldini A. ;

Seigneur J.-M. ;

Lafuente C.B. ;

Titi X. ;

Guislain J. .

Information and Computer Security, 2017, 25 (01) :2-25

[5] Detection of repackaged mobile applications through a collaborative approach [J].

Aldini, Alessandro ;

Martinelli, Fabio ;

Saracino, Andrea ;

Sgandurra, Daniele .

CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2015, 27 (11) :2818-2838

[6]

[Anonymous], 2015, TECH REP

[7]

[Anonymous], 2007, Int J Math Models Methods Appl Sci, DOI DOI 10.1007/S00167-009-0884-Z

[8]

[Anonymous], 2013, P 2013 ACM WORKSH AR

[9] R-Droid: Leveraging Android App Analysis with Static Slice Optimization [J].

Backes, Michael ;

Bugiel, Sven ;

Derr, Erik ;

Gerling, Sebastian ;

Hammer, Christian .

ASIA CCS'16: PROCEEDINGS OF THE 11TH ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2016, :129-140

[10]

Baier C, 2008, PRINCIPLES OF MODEL CHECKING, P1

← 1 2 3 4 5 →