NICOP - Predicting the Security Behaviour of Mobile Apps

Abstract

Smartphones and other smart devices are increasingly a part of IT infrastructure across many sec- tors, including corporate, gove""rnment and military, alongside their use for civilian personal com- munications. End users or their employers can find applications" for almost any purpose from app stores like Google Play and Apple~s App Store. This bounty of software puts a serious responsi- bility on app store owners or mobile device management regimes to establish that apps are secure and safe for their intended purpose." Although app store owners are working hard to tackle this problem, there are regular cases where badly programmed or malicious ap"ps enter the most widely used official app stores. Security companies report finding millions of mobile malware samples in circulati"on, on web sites, unofficial app stores, or accessible via drive-by downloads.Modern operating systems like Android and iOS contai"n strong security features. Permissions controls guard (or warn the user) about access to powerful sensors such as GPS or microphon"es. Although permissions are strong, they provide only coarse control. For example, it is not enough to know that an application w""ill access a microphone, we need to know when and how the resource will be used, to believe that the app is harmless. These aspect"s can be captured with behavioural security policies which are written in a precise mathematical language.This project will undert"ake fundamental research on behavioural security policies, including how to design them automatically using large sets of existing"" applications known to be good or bad. Ultimately, behavioural security policies can be used ahead of time to prohibit apps from ev"er running (enforcement); during execution to prevent bad behaviour occurring (monitoring); after- the-fact to determine what actio"ns a potentially bad app took (forensics); or further in advance, to determine what potentially bad apps may do next (a form of pr"edictive analytics).

Document Details

Document Type
DoD Grant Award
Publication Date
May 10, 2017
Source ID
N629091712065

Entities

People

  • David Aspinall

Organizations

  • Office of Naval Research
  • United States Navy
  • University of Edinburgh

Tags

Fields of Study

  • Computer science

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Cybersecurity.
  • Educational Psychology

Technology Areas

  • Cyber
  • Space