RiskMon

Continuous and automated risk assessment of mobile applications

Yiming Jing, Gail-Joon Ahn, Ziming Zhao, Hongxin Hu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

39 Citations (Scopus)

Abstract

Mobile operating systems, such as Apple's iOS and Google's Android, have supported a ballooning market of feature-rich mobile applications. However, helping users understand security risks of mobile applications is still an ongoing challenge. While recent work has developed various techniques to reveal suspicious behaviors of mobile applications, there exists little work to answer the following question: are those behaviors necessarily inappropriate? In this paper, we seek an approach to cope with such a challenge and present a continuous and automated risk assessment framework called RiskMon that uses machine-learned ranking to assess risks incurred by users' mobile applications, especially Android applications. RiskMon combines users' coarse expectations and runtime behaviors of trusted applications to generate a risk assessment baseline that captures appropriate behaviors of applications. With the baseline, RiskMon assigns a risk score on every access attempt on sensitive information and ranks applications by their cumulative risk scores. We also discuss a proof-of-concept implementation of Risk- Mon as an extension of the Android mobile platform and provide both system evaluation and usability study of our methodology.

Original languageEnglish (US)
Title of host publicationCODASPY 2014 - Proceedings of the 4th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery
Pages99-110
Number of pages12
DOIs
StatePublished - 2014
Event4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 - San Antonio, TX, United States
Duration: Mar 3 2014Mar 5 2014

Other

Other4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014
CountryUnited States
CitySan Antonio, TX
Period3/3/143/5/14

Fingerprint

Risk assessment

Keywords

  • Android
  • Risk Assessment
  • Smartphones

ASJC Scopus subject areas

  • Software

Cite this

Jing, Y., Ahn, G-J., Zhao, Z., & Hu, H. (2014). RiskMon: Continuous and automated risk assessment of mobile applications. In CODASPY 2014 - Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (pp. 99-110). Association for Computing Machinery. https://doi.org/10.1145/2557547.2557549

RiskMon : Continuous and automated risk assessment of mobile applications. / Jing, Yiming; Ahn, Gail-Joon; Zhao, Ziming; Hu, Hongxin.

CODASPY 2014 - Proceedings of the 4th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, 2014. p. 99-110.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Jing, Y, Ahn, G-J, Zhao, Z & Hu, H 2014, RiskMon: Continuous and automated risk assessment of mobile applications. in CODASPY 2014 - Proceedings of the 4th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, pp. 99-110, 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014, San Antonio, TX, United States, 3/3/14. https://doi.org/10.1145/2557547.2557549
Jing Y, Ahn G-J, Zhao Z, Hu H. RiskMon: Continuous and automated risk assessment of mobile applications. In CODASPY 2014 - Proceedings of the 4th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery. 2014. p. 99-110 https://doi.org/10.1145/2557547.2557549
Jing, Yiming ; Ahn, Gail-Joon ; Zhao, Ziming ; Hu, Hongxin. / RiskMon : Continuous and automated risk assessment of mobile applications. CODASPY 2014 - Proceedings of the 4th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, 2014. pp. 99-110
@inproceedings{c0c670dee088416e9109a0e1e637b8a8,
title = "RiskMon: Continuous and automated risk assessment of mobile applications",
abstract = "Mobile operating systems, such as Apple's iOS and Google's Android, have supported a ballooning market of feature-rich mobile applications. However, helping users understand security risks of mobile applications is still an ongoing challenge. While recent work has developed various techniques to reveal suspicious behaviors of mobile applications, there exists little work to answer the following question: are those behaviors necessarily inappropriate? In this paper, we seek an approach to cope with such a challenge and present a continuous and automated risk assessment framework called RiskMon that uses machine-learned ranking to assess risks incurred by users' mobile applications, especially Android applications. RiskMon combines users' coarse expectations and runtime behaviors of trusted applications to generate a risk assessment baseline that captures appropriate behaviors of applications. With the baseline, RiskMon assigns a risk score on every access attempt on sensitive information and ranks applications by their cumulative risk scores. We also discuss a proof-of-concept implementation of Risk- Mon as an extension of the Android mobile platform and provide both system evaluation and usability study of our methodology.",
keywords = "Android, Risk Assessment, Smartphones",
author = "Yiming Jing and Gail-Joon Ahn and Ziming Zhao and Hongxin Hu",
year = "2014",
doi = "10.1145/2557547.2557549",
language = "English (US)",
pages = "99--110",
booktitle = "CODASPY 2014 - Proceedings of the 4th ACM Conference on Data and Application Security and Privacy",
publisher = "Association for Computing Machinery",

}

TY - GEN

T1 - RiskMon

T2 - Continuous and automated risk assessment of mobile applications

AU - Jing, Yiming

AU - Ahn, Gail-Joon

AU - Zhao, Ziming

AU - Hu, Hongxin

PY - 2014

Y1 - 2014

N2 - Mobile operating systems, such as Apple's iOS and Google's Android, have supported a ballooning market of feature-rich mobile applications. However, helping users understand security risks of mobile applications is still an ongoing challenge. While recent work has developed various techniques to reveal suspicious behaviors of mobile applications, there exists little work to answer the following question: are those behaviors necessarily inappropriate? In this paper, we seek an approach to cope with such a challenge and present a continuous and automated risk assessment framework called RiskMon that uses machine-learned ranking to assess risks incurred by users' mobile applications, especially Android applications. RiskMon combines users' coarse expectations and runtime behaviors of trusted applications to generate a risk assessment baseline that captures appropriate behaviors of applications. With the baseline, RiskMon assigns a risk score on every access attempt on sensitive information and ranks applications by their cumulative risk scores. We also discuss a proof-of-concept implementation of Risk- Mon as an extension of the Android mobile platform and provide both system evaluation and usability study of our methodology.

AB - Mobile operating systems, such as Apple's iOS and Google's Android, have supported a ballooning market of feature-rich mobile applications. However, helping users understand security risks of mobile applications is still an ongoing challenge. While recent work has developed various techniques to reveal suspicious behaviors of mobile applications, there exists little work to answer the following question: are those behaviors necessarily inappropriate? In this paper, we seek an approach to cope with such a challenge and present a continuous and automated risk assessment framework called RiskMon that uses machine-learned ranking to assess risks incurred by users' mobile applications, especially Android applications. RiskMon combines users' coarse expectations and runtime behaviors of trusted applications to generate a risk assessment baseline that captures appropriate behaviors of applications. With the baseline, RiskMon assigns a risk score on every access attempt on sensitive information and ranks applications by their cumulative risk scores. We also discuss a proof-of-concept implementation of Risk- Mon as an extension of the Android mobile platform and provide both system evaluation and usability study of our methodology.

KW - Android

KW - Risk Assessment

KW - Smartphones

UR - http://www.scopus.com/inward/record.url?scp=84898941163&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84898941163&partnerID=8YFLogxK

U2 - 10.1145/2557547.2557549

DO - 10.1145/2557547.2557549

M3 - Conference contribution

SP - 99

EP - 110

BT - CODASPY 2014 - Proceedings of the 4th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery

ER -