An Android runtime security policy enforcement framework

Today, smart phone’s malwares are deceptive enough to spoof itself as a legal mobile application. The front-end service of Trojans is attractive enough to deceive mobile users. Mobile users download similar malwares without knowing their illegitimate background threat. Unlike other vendors, Android...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Personal and ubiquitous computing 2012-08, Vol.16 (6), p.631-641
Hauptverfasser:	Banuri, Hammad, Alam, Masoom, Khan, Shahryar, Manzoor, Jawad, Ali, Bahar, Khan, Yasar, Yaseen, Mohsin, Tahir, Mir Nauman, Ali, Tamleek, Alam, Quratulain, Zhang, Xinwen
Format:	Artikel
Sprache:	eng
Schlagworte:	Computer programs Computer Science Computer viruses Cybersecurity Devices Malware Markets Mobile Computing Monitors Original Article Personal Computing Policies Security Smartphones Source code User Interfaces and Human Computer Interaction
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	641
container_issue	6
container_start_page	631
container_title	Personal and ubiquitous computing
container_volume	16
creator	Banuri, Hammad Alam, Masoom Khan, Shahryar Manzoor, Jawad Ali, Bahar Khan, Yasar Yaseen, Mohsin Tahir, Mir Nauman Ali, Tamleek Alam, Quratulain Zhang, Xinwen
description	Today, smart phone’s malwares are deceptive enough to spoof itself as a legal mobile application. The front-end service of Trojans is attractive enough to deceive mobile users. Mobile users download similar malwares without knowing their illegitimate background threat. Unlike other vendors, Android is an open-source mobile operating system, and hence, it lacks a dedicated team to analyze the application code and decide its trustworthiness. We propose an augmented framework for Android that monitors the dynamic behavior of application during its execution. Our proposed architecture called Security Enhanced Android Framework ( seaf ) validates the behavior of an application through its permissions exercising patterns. Based on the exercised permissions’ combination, the mobile user is intimated about the dangerous behavior of an application. We have implemented the proposed framework within Android software stack and ported it to device. Our initial investigation shows that our solution is practical enough to be used in the consumer market.
doi_str_mv	10.1007/s00779-011-0437-6
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1671350260</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2726563841</sourcerecordid><originalsourceid>FETCH-LOGICAL-c349t-4baeb3720adfd6e2c53319b97c1eaad4f4acb76a2995bd06570de93184c1369d3</originalsourceid><addsrcrecordid>eNp1kE1LxDAQhoMouK7-AG8FL16qmSZNNsdl8QsWvOg5pMlUum6TNWmR_fdmqYgIXmbm8Lwvw0PIJdAboFTepjykKilASTmTpTgiMxAgS65AHv_cVJ2Ss5Q2lIIUXMzIYumLpXcxdK6Iox-6HouEdozdsC92YdvZfYG-DdFij34o2mh6_Azx_ZyctGab8OJ7z8nr_d3L6rFcPz88rZbr0jKuhpI3BhsmK2pc6wRWtmYMVKOkBTTG8ZYb20hhKqXqxlFRS-pQMVhwC0wox-bkeurdxfAxYhp03yWL263xGMakQUhgNa0EzejVH3QTxujzdxooo_kJkHWmYKJsDClFbPUudr2J-wzpg0s9udTZpT641CJnqimTMuvfMP5u_i_0BfHSdiA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1030720175</pqid></control><display><type>article</type><title>An Android runtime security policy enforcement framework</title><source>Alma/SFX Local Collection</source><source>SpringerLink Journals - AutoHoldings</source><creator>Banuri, Hammad ; Alam, Masoom ; Khan, Shahryar ; Manzoor, Jawad ; Ali, Bahar ; Khan, Yasar ; Yaseen, Mohsin ; Tahir, Mir Nauman ; Ali, Tamleek ; Alam, Quratulain ; Zhang, Xinwen</creator><creatorcontrib>Banuri, Hammad ; Alam, Masoom ; Khan, Shahryar ; Manzoor, Jawad ; Ali, Bahar ; Khan, Yasar ; Yaseen, Mohsin ; Tahir, Mir Nauman ; Ali, Tamleek ; Alam, Quratulain ; Zhang, Xinwen</creatorcontrib><description>Today, smart phone’s malwares are deceptive enough to spoof itself as a legal mobile application. The front-end service of Trojans is attractive enough to deceive mobile users. Mobile users download similar malwares without knowing their illegitimate background threat. Unlike other vendors, Android is an open-source mobile operating system, and hence, it lacks a dedicated team to analyze the application code and decide its trustworthiness. We propose an augmented framework for Android that monitors the dynamic behavior of application during its execution. Our proposed architecture called Security Enhanced Android Framework ( seaf ) validates the behavior of an application through its permissions exercising patterns. Based on the exercised permissions’ combination, the mobile user is intimated about the dangerous behavior of an application. We have implemented the proposed framework within Android software stack and ported it to device. Our initial investigation shows that our solution is practical enough to be used in the consumer market.</description><identifier>ISSN: 1617-4909</identifier><identifier>EISSN: 1617-4917</identifier><identifier>DOI: 10.1007/s00779-011-0437-6</identifier><language>eng</language><publisher>London: Springer-Verlag</publisher><subject>Computer programs ; Computer Science ; Computer viruses ; Cybersecurity ; Devices ; Malware ; Markets ; Mobile Computing ; Monitors ; Original Article ; Personal Computing ; Policies ; Security ; Smartphones ; Source code ; User Interfaces and Human Computer Interaction</subject><ispartof>Personal and ubiquitous computing, 2012-08, Vol.16 (6), p.631-641</ispartof><rights>Springer-Verlag London Limited 2011</rights><rights>Springer-Verlag London Limited 2012</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c349t-4baeb3720adfd6e2c53319b97c1eaad4f4acb76a2995bd06570de93184c1369d3</citedby><cites>FETCH-LOGICAL-c349t-4baeb3720adfd6e2c53319b97c1eaad4f4acb76a2995bd06570de93184c1369d3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s00779-011-0437-6$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s00779-011-0437-6$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,776,780,27903,27904,41467,42536,51297</link.rule.ids></links><search><creatorcontrib>Banuri, Hammad</creatorcontrib><creatorcontrib>Alam, Masoom</creatorcontrib><creatorcontrib>Khan, Shahryar</creatorcontrib><creatorcontrib>Manzoor, Jawad</creatorcontrib><creatorcontrib>Ali, Bahar</creatorcontrib><creatorcontrib>Khan, Yasar</creatorcontrib><creatorcontrib>Yaseen, Mohsin</creatorcontrib><creatorcontrib>Tahir, Mir Nauman</creatorcontrib><creatorcontrib>Ali, Tamleek</creatorcontrib><creatorcontrib>Alam, Quratulain</creatorcontrib><creatorcontrib>Zhang, Xinwen</creatorcontrib><title>An Android runtime security policy enforcement framework</title><title>Personal and ubiquitous computing</title><addtitle>Pers Ubiquit Comput</addtitle><description>Today, smart phone’s malwares are deceptive enough to spoof itself as a legal mobile application. The front-end service of Trojans is attractive enough to deceive mobile users. Mobile users download similar malwares without knowing their illegitimate background threat. Unlike other vendors, Android is an open-source mobile operating system, and hence, it lacks a dedicated team to analyze the application code and decide its trustworthiness. We propose an augmented framework for Android that monitors the dynamic behavior of application during its execution. Our proposed architecture called Security Enhanced Android Framework ( seaf ) validates the behavior of an application through its permissions exercising patterns. Based on the exercised permissions’ combination, the mobile user is intimated about the dangerous behavior of an application. We have implemented the proposed framework within Android software stack and ported it to device. Our initial investigation shows that our solution is practical enough to be used in the consumer market.</description><subject>Computer programs</subject><subject>Computer Science</subject><subject>Computer viruses</subject><subject>Cybersecurity</subject><subject>Devices</subject><subject>Malware</subject><subject>Markets</subject><subject>Mobile Computing</subject><subject>Monitors</subject><subject>Original Article</subject><subject>Personal Computing</subject><subject>Policies</subject><subject>Security</subject><subject>Smartphones</subject><subject>Source code</subject><subject>User Interfaces and Human Computer Interaction</subject><issn>1617-4909</issn><issn>1617-4917</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2012</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNp1kE1LxDAQhoMouK7-AG8FL16qmSZNNsdl8QsWvOg5pMlUum6TNWmR_fdmqYgIXmbm8Lwvw0PIJdAboFTepjykKilASTmTpTgiMxAgS65AHv_cVJ2Ss5Q2lIIUXMzIYumLpXcxdK6Iox-6HouEdozdsC92YdvZfYG-DdFij34o2mh6_Azx_ZyctGab8OJ7z8nr_d3L6rFcPz88rZbr0jKuhpI3BhsmK2pc6wRWtmYMVKOkBTTG8ZYb20hhKqXqxlFRS-pQMVhwC0wox-bkeurdxfAxYhp03yWL263xGMakQUhgNa0EzejVH3QTxujzdxooo_kJkHWmYKJsDClFbPUudr2J-wzpg0s9udTZpT641CJnqimTMuvfMP5u_i_0BfHSdiA</recordid><startdate>20120801</startdate><enddate>20120801</enddate><creator>Banuri, Hammad</creator><creator>Alam, Masoom</creator><creator>Khan, Shahryar</creator><creator>Manzoor, Jawad</creator><creator>Ali, Bahar</creator><creator>Khan, Yasar</creator><creator>Yaseen, Mohsin</creator><creator>Tahir, Mir Nauman</creator><creator>Ali, Tamleek</creator><creator>Alam, Quratulain</creator><creator>Zhang, Xinwen</creator><general>Springer-Verlag</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7SC</scope><scope>7XB</scope><scope>8AL</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0N</scope><scope>P5Z</scope><scope>P62</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>Q9U</scope></search><sort><creationdate>20120801</creationdate><title>An Android runtime security policy enforcement framework</title><author>Banuri, Hammad ; Alam, Masoom ; Khan, Shahryar ; Manzoor, Jawad ; Ali, Bahar ; Khan, Yasar ; Yaseen, Mohsin ; Tahir, Mir Nauman ; Ali, Tamleek ; Alam, Quratulain ; Zhang, Xinwen</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c349t-4baeb3720adfd6e2c53319b97c1eaad4f4acb76a2995bd06570de93184c1369d3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2012</creationdate><topic>Computer programs</topic><topic>Computer Science</topic><topic>Computer viruses</topic><topic>Cybersecurity</topic><topic>Devices</topic><topic>Malware</topic><topic>Markets</topic><topic>Mobile Computing</topic><topic>Monitors</topic><topic>Original Article</topic><topic>Personal Computing</topic><topic>Policies</topic><topic>Security</topic><topic>Smartphones</topic><topic>Source code</topic><topic>User Interfaces and Human Computer Interaction</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Banuri, Hammad</creatorcontrib><creatorcontrib>Alam, Masoom</creatorcontrib><creatorcontrib>Khan, Shahryar</creatorcontrib><creatorcontrib>Manzoor, Jawad</creatorcontrib><creatorcontrib>Ali, Bahar</creatorcontrib><creatorcontrib>Khan, Yasar</creatorcontrib><creatorcontrib>Yaseen, Mohsin</creatorcontrib><creatorcontrib>Tahir, Mir Nauman</creatorcontrib><creatorcontrib>Ali, Tamleek</creatorcontrib><creatorcontrib>Alam, Quratulain</creatorcontrib><creatorcontrib>Zhang, Xinwen</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Computing Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>ProQuest Central Basic</collection><jtitle>Personal and ubiquitous computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Banuri, Hammad</au><au>Alam, Masoom</au><au>Khan, Shahryar</au><au>Manzoor, Jawad</au><au>Ali, Bahar</au><au>Khan, Yasar</au><au>Yaseen, Mohsin</au><au>Tahir, Mir Nauman</au><au>Ali, Tamleek</au><au>Alam, Quratulain</au><au>Zhang, Xinwen</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>An Android runtime security policy enforcement framework</atitle><jtitle>Personal and ubiquitous computing</jtitle><stitle>Pers Ubiquit Comput</stitle><date>2012-08-01</date><risdate>2012</risdate><volume>16</volume><issue>6</issue><spage>631</spage><epage>641</epage><pages>631-641</pages><issn>1617-4909</issn><eissn>1617-4917</eissn><abstract>Today, smart phone’s malwares are deceptive enough to spoof itself as a legal mobile application. The front-end service of Trojans is attractive enough to deceive mobile users. Mobile users download similar malwares without knowing their illegitimate background threat. Unlike other vendors, Android is an open-source mobile operating system, and hence, it lacks a dedicated team to analyze the application code and decide its trustworthiness. We propose an augmented framework for Android that monitors the dynamic behavior of application during its execution. Our proposed architecture called Security Enhanced Android Framework ( seaf ) validates the behavior of an application through its permissions exercising patterns. Based on the exercised permissions’ combination, the mobile user is intimated about the dangerous behavior of an application. We have implemented the proposed framework within Android software stack and ported it to device. Our initial investigation shows that our solution is practical enough to be used in the consumer market.</abstract><cop>London</cop><pub>Springer-Verlag</pub><doi>10.1007/s00779-011-0437-6</doi><tpages>11</tpages></addata></record>
fulltext	fulltext
identifier	ISSN: 1617-4909
ispartof	Personal and ubiquitous computing, 2012-08, Vol.16 (6), p.631-641
issn	1617-4909 1617-4917
language	eng
recordid	cdi_proquest_miscellaneous_1671350260
source	Alma/SFX Local Collection; SpringerLink Journals - AutoHoldings
subjects	Computer programs Computer Science Computer viruses Cybersecurity Devices Malware Markets Mobile Computing Monitors Original Article Personal Computing Policies Security Smartphones Source code User Interfaces and Human Computer Interaction
title	An Android runtime security policy enforcement framework
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-25T17%3A24%3A38IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=An%20Android%20runtime%20security%20policy%20enforcement%20framework&rft.jtitle=Personal%20and%20ubiquitous%20computing&rft.au=Banuri,%20Hammad&rft.date=2012-08-01&rft.volume=16&rft.issue=6&rft.spage=631&rft.epage=641&rft.pages=631-641&rft.issn=1617-4909&rft.eissn=1617-4917&rft_id=info:doi/10.1007/s00779-011-0437-6&rft_dat=%3Cproquest_cross%3E2726563841%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1030720175&rft_id=info:pmid/&rfr_iscdi=true