Not So Great Expectations: Why Application Markets Haven't Failed Security
ABSTRACT Application markets have rapidly become a widely popular mechanism for expanding the features and utility of mobile devices such as cell phones. The cottage industries that sprung up around these markets serve millions of Patrick McDaniel and William Enck Pennsylvania State University applications daily to a ready user audience. Markets entice developers by placing low economic and technical barriers to entry, thereby fostering fast-paced innovation. They streamline purchase and installation to serve even the most casual users with ease. Simply put, markets make producing and consuming applications easy. Markets also present obvious security concerns-users are trained to download applications with impunity from a huge number of developers about which they know little. Moreover, these applications often request nearly unfettered access to the data and device interfaces (for example, texting, voice-dialing, or GPS location), which seems to invite malicious applications and questionable functionality. Not surprisingly, such fears have been substantiated. A recent discovery of numerous applications sharing GPS locations and other personal information with online advertisers is just one example of dubious features found in market applications. The public reaction to these stories is often the same: users and pundits decry markets for their failure to properly vet the applications or developers. This underscores the widely held expectation that security is the market's responsibility.
- SourceAvailable from: cse.psu.edu[Show abstract] [Hide abstract]
ABSTRACT: The Android OS has emerged as the leading platform for Smart-Phone applications. However, because Android applications are compiled from Java source into platform-specific Dalvik bytecode, existing program analysis tools cannot be used to evaluate their behavior. This paper develops and evaluates algorithms for retar-geting Android applications received from markets to Java class files. The resulting Dare tool uses a new intermediate representa-tion to enable fast and accurate retargeting. Dare further applies strong constraint solving to infer typing information and translates the 257 DVM opcodes using only 9 translation rules. It also han-dles cases where the input Dalvik bytecode is unverifiable. We evaluate Dare on 1,100 of the top applications found in the free section of the Android market and successfully retarget 99.99% of the 262,110 associated classes. Further, whereas existing tools can only fully retarget about half of these applications, Dare can re-cover over 99% of them. In this way, we open the door to users, developers and markets to use the vast array of program analysis tools to ensure the correct operation of Android applications.11/2012;
Conference Paper: WHYPER: Towards Automating Risk Assessment of Mobile Applications[Show abstract] [Hide abstract]
ABSTRACT: Application markets such as Apple's App Store and Google's Play Store have played an important role in the popularity of smartphones and mobile devices. However, keeping malware out of application markets is an ongo-ing challenge. While recent work has developed various techniques to determine what applications do, no work has provided a technical approach to answer, what do users expect? In this paper, we present the first step in addressing this challenge. Specifically, we focus on per-missions for a given application and examine whether the application description provides any indication for why the application needs a permission. We present WHY-PER, a framework using Natural Language Processing (NLP) techniques to identify sentences that describe the need for a given permission in an application description. WHYPER achieves an average precision of 82.8%, and an average recall of 81.5% for three permissions (address book, calendar, and record audio) that protect frequently-used security and privacy sensitive resources. These re-sults demonstrate great promise in using NLP techniques to bridge the semantic gap between user expectations and application functionality, further aiding the risk assess-ment of mobile applications.Proceedings of the 22nd USENIX Security Symposium (USENIX Security 2013); 01/2013
Conference Paper: Towards Security Certification Schemas for the Internet of Services[Show abstract] [Hide abstract]
ABSTRACT: The Internet of Services (IoS) has become the dominant paradigm for building applications in an ad-hoc, dynamic fashion by composing services from a variety of different providers. While the business value of the IoS is undoubted, security and trustworthiness concerns still constitute an obstacle for uptake. In this paper we argue that security certification is a valid means to address these issues. However, existing certification schemes addressing static systems and environments do not scale to the IoS and, thus, cannot be straightforwardly adapted. We investigate into the reasons for the lack of scale and conclude that three areas need to be addressed: explicit representation, machine readability, and advanced composition support. For each of these areas, we sketch solutions and identify further challenges.New Technologies, Mobility and Security (NTMS), 2012 5th International Conference on; 01/2012