Abstract
Mobile operating systems, such as Apple's iOS and Google's Android, have supported a ballooning market of feature-rich mobile applications. However, helping users understand security risks of mobile applications is still an ongoing challenge. While recent work has developed various techniques to reveal suspicious behaviors of mobile applications, there exists little work to answer the following question: are those behaviors necessarily inappropriate? In this paper, we seek an approach to cope with such a challenge and present a continuous and automated risk assessment framework called RiskMon that uses machine-learned ranking to assess risks incurred by users' mobile applications, especially Android applications. RiskMon combines users' coarse expectations and runtime behaviors of trusted applications to generate a risk assessment baseline that captures appropriate behaviors of applications. With the baseline, RiskMon assigns a risk score on every access attempt on sensitive information and ranks applications by their cumulative risk scores. We also discuss a proof-of-concept implementation of Risk- Mon as an extension of the Android mobile platform and provide both system evaluation and usability study of our methodology.
Original language | English (US) |
---|---|
Title of host publication | CODASPY 2014 - Proceedings of the 4th ACM Conference on Data and Application Security and Privacy |
Publisher | Association for Computing Machinery |
Pages | 99-110 |
Number of pages | 12 |
DOIs | |
State | Published - 2014 |
Event | 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 - San Antonio, TX, United States Duration: Mar 3 2014 → Mar 5 2014 |
Other
Other | 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 |
---|---|
Country/Territory | United States |
City | San Antonio, TX |
Period | 3/3/14 → 3/5/14 |
Keywords
- Android
- Risk Assessment
- Smartphones
ASJC Scopus subject areas
- Software