Design of authenticity evaluation metric for Android applications

Author

Won Shin ; Jin-Lee Lee ; Doo-Ho Park ; Chun-Hyon Chang

Author_Institution

NasTech Inc., Seoul, South Korea

fYear

2014

fDate

6-8 May 2014

Firstpage

275

Lastpage

278

Abstract

For enforcing security, Android platform uses authorizing system which grants permission per application at install-time. With authorized privilege, user applications can modify and delete user´s personal information. Therefore, inspection of granted permiss ion usage can be used to detect security vulnerabilities. ISO/IEC 25 010 defines software product security characteristic and provides g uidelines to evaluate software product quality. Among sub-characte ristics of security, Authenticity is related to Android permission sys tem. In this paper, we present authenticity metric for android application. This metric can quantify the permission usage of applicatio n and measured information can be used to classify the malware applications. To verify the applicability of metric, we perform evaluat ion to benign and malware application and compare its results.

Keywords

Android (operating system); authorisation; invasive software; software metrics; software quality; Android applications; Android permission system; Android platform; authenticity evaluation metric design; authorizing system; malware applications; security vulnerabilities; software product quality; software product security; user personal information; Androids; Humanoid robots; Malware; Measurement; Smart phones; Software; android; authenticity; least privilege; metric; permissions; security;

fLanguage

English

Publisher

ieee

Conference_Titel

Digital Information and Communication Technology and it's Applications (DICTAP), 2014 Fourth International Conference on

Conference_Location

Bangkok

Print_ISBN

978-1-4799-3723-3

Type

conf

DOI

10.1109/DICTAP.2014.6821695

Filename

6821695