Open Access. Powered by Scholars. Published by Universities.®
- Discipline
- Institution
Articles 1 - 6 of 6
Full-Text Articles in Information Security
Teaching Android Security Through Examples: A Publicly Available Database Of Vulnerable Apps, Daniel E. Krutz, Samuel A. Malachowsky
Teaching Android Security Through Examples: A Publicly Available Database Of Vulnerable Apps, Daniel E. Krutz, Samuel A. Malachowsky
Articles
Security is hard, and teaching security can be even harder. Here we describe a public educational activity to assist in the instruction of both students and developers in creating secure Android apps. Our set of activities includes example vulnerable applications, information about each vulnerability, steps on how to repair the vulnerabilities, and information about how to confirm that the vulnerability has been properly repaired. Our primary goal is to make these activities available to other instructors for use in their classrooms ranging from the K-12 to university settings. A secondary goal of this project is to foster interest in security …
Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu
Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu
Department of Computer Science and Engineering: Dissertations, Theses, and Student Research
Software repackaging is a common approach for creating malware. In this approach, malware authors inject malicious payloads into legitimate applications; then, to ren- der security analysis more difficult, they obfuscate most or all of the code. This forces analysts to spend a large amount of effort filtering out benign obfuscated methods in order to locate potentially malicious methods for further analysis. If an effective mechanism for filtering out benign obfuscated methods were available, the number of methods that must be analyzed could be reduced, allowing analysts to be more productive. In this thesis, we introduce SEMEO, a highly effective and …
A Study On A Feasible No-Root Approach On Android, Yao Cheng, Yingjiu Li, Deng, Robert H., Lingyun Ying, Wei He
A Study On A Feasible No-Root Approach On Android, Yao Cheng, Yingjiu Li, Deng, Robert H., Lingyun Ying, Wei He
Research Collection School Of Computing and Information Systems
Root is the administrative privilege on Android, which is however inaccessible on stock Android devices. Due to the desire for privileged functionalities and the reluctance of rooting their devices, Android users seek for no-root approaches, which provide users with part of root privileges without rooting their devices. Existing no-root approaches require users to launch a separate service via Android Debug Bridge (ADB) on an Android device, which would perform user-desired tasks. However, it is unusual for a third-party Android application to work with a separate native service via sockets, and it requires the application developers to have extra knowledge such …
A Feasible No-Root Approach On Android, Yao Cheng, Yingjiu Li, Robert H. Deng
A Feasible No-Root Approach On Android, Yao Cheng, Yingjiu Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
Root is the administrative privilege on Android, which is however inaccessible on stock Android devices. Due to the desire for privileged functionalities and the reluctance of rooting their devices, Android users seek for no-root approaches, which provide users with part of root privileges without rooting their devices. In this paper, we newly discover a feasible no-root approach based on the ADB loopback. To ensure such no-root approach is not misused proactively, we examine its dark side, including privacy leakage via logs and user input inference. Finally, we discuss the solutions and suggestions from different perspectives.
Significant Permission Identification For Android Malware Detection, Lichao Sun
Significant Permission Identification For Android Malware Detection, Lichao Sun
Department of Computer Science and Engineering: Dissertations, Theses, and Student Research
A recent report indicates that a newly developed malicious app for Android is introduced every 11 seconds. To combat this alarming rate of malware creation, we need a scalable malware detection approach that is effective and efficient. In this thesis, we introduce SigPID, a malware detection system based on permission analysis to cope with the rapid increase in the number of Android malware. Instead of analyzing all 135 Android permissions, our approach applies 3-level pruning by mining the permission data to identify only significant permissions that can be effective in distinguishing benign and malicious apps. Based on the identified significant …
Iccdetector: Icc-Based Malware Detection On Android, Xu Ke, Yingjiu Li, Robert H. Deng
Iccdetector: Icc-Based Malware Detection On Android, Xu Ke, Yingjiu Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
Most existing mobile malware detection methods (e.g., Kirin and DroidMat) are designed based on the resources required by malwares (e.g., permissions, application programming interface (API) calls, and system calls). These methods capture the interactions between mobile apps and Android system, but ignore the communications among components within or cross application boundaries. As a consequence, the majority of the existing methods are less effective in identifying many typical malwares, which require a few or no suspicious resources, but leverage on inter-component communication (ICC) mechanism when launching stealthy attacks. To address this challenge, we propose a new malware detection method, named ICCDetector. …