• Title/Summary/Keyword: Android security platform

Search Result 62, Processing Time 0.028 seconds

Design and Implementation of an Enhanced Secure Android-Based Smartphone using LIDS

  • Lee, Sang Hun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.8 no.3
    • /
    • pp.49-55
    • /
    • 2012
  • Recently, with the rapid development of android-based smartphones, it is becomes a major security issue that the case of Android platform is an open platform. so it is easy to be a target of mobile virus penetration and hacking. Even there are a variety of security mechanisms to prevent the vulnerable points of the Android platform but the reason of most of the security mechanisms were designed at application-level that highly vulnerable to the attacks directly to the operating system or attacks using the disadvantages of an application's. It is necessary that the complementary of the android platform kernel blocks the kernel vulnerability and the application vulnerability. In this paper, we proposed a secure system using linux-based android kernel applied to LIDS(Linux Intrusion Detection and Defense System) and applied a smart phone with s5pc110 chip. As a result, the unauthorized alteration of the application was prevented with a proposed secure system.

Palliates the Attack by Hacker of Android Application through UID and Antimalware Cloud Computing

  • Zamani, Abu Sarwar;Ahmad, Sultan;Uddin, Mohammed Yousuf;Ansari, Asrar Ahmad;Akhtar, Shagufta
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.8
    • /
    • pp.182-186
    • /
    • 2021
  • The market for smart phones has been booming in the past few years. There are now over 400,000 applications on the Android market. Over 10 billion Android applications have been downloaded from the Android market. Due to the Android popularity, there are now a large number of malicious vendors targeting the platform. Many honest end users are being successfully hacked on a regular basis. In this work, a cloud based reputation security model has been proposed as a solution which greatly mitigates the malicious attacks targeting the Android market. Our security solution takes advantage of the fact that each application in the android platform is assigned a unique user id (UID). Our solution stores the reputation of Android applications in an anti-malware providers' cloud (AM Cloud). The experimental results witness that the proposed model could well identify the reputation index of a given application and hence its potential of being risky or not.

A Study on Implementation of Android Security System Based on SELinux (SELinux 기반 안드로이드 보안시스템 구축에 관한 연구)

  • Jeong, Seong-Hwa;Lho, Tae-Jung
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.11 no.8
    • /
    • pp.3005-3011
    • /
    • 2010
  • As soon as high-performanced smart phones is rapidly emerging in recent, its security problems come to the front. Especially in case of an open platform, it is easy to be a target of virus. Many security solution industries such as Symantec and Ahnlab are developing a mobile security system, but they have not yet a commercial product. We developed the effective security function of Android system based on SELinux to solve this problem, and verified its performance by applying the user applications developed to S3C6410 board.

Mandatory Access Control for Android Application Security (안드로이드 애플리케이션 보안 강화를 위한 강제적 접근 제어 기법)

  • Na, June-sung;Kim, Do-Yun;Pak, Wooguil;Choi, Young-June
    • Journal of KIISE
    • /
    • v.43 no.3
    • /
    • pp.275-288
    • /
    • 2016
  • In this paper, we investigate the security issues of the Android platform which dominates the global market of smart mobile devices. The current permission model for Android security is not powerful and has two problems. One is the coarse-grained relationship between permissions and methods which require them. The other is that mobile users do not have rights to control the permissions of the application. To solve these problems, we propose MacDroid which can control the platform's resources for accessing installed applications. Users can control the application's behavior via MacDroid's policy. We have divided the permission set into method units. The results of the performance test using a pure Android platform show that our proposed scheme can improve security within a short time.

On Security of Android Smartphone Apps Employing Cryptography (안드로이드 스마트폰 암호 사용 앱 보안 분석 및 대응)

  • Park, Sang-Ho;Kim, Hyeonjin;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.6
    • /
    • pp.1049-1055
    • /
    • 2013
  • Smartphones are rapidly growing because of easy installation of the apps (application software) that users actually want. There are increasingly many apps that require cryptographic suites to be installed, for instance, for protecting account and financial data. Android platform provides protection mechanisms for memory and storage based on Linux kernel, but they are vulnerable to rooting attacks. In this paper, we analyze security mechanisms of Android platform and point out security problems. We show the security vulnerabilities of several commercial apps and suggest appropriate countermeasures.

Feature Selection to Mine Joint Features from High-dimension Space for Android Malware Detection

  • Xu, Yanping;Wu, Chunhua;Zheng, Kangfeng;Niu, Xinxin;Lu, Tianling
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.9
    • /
    • pp.4658-4679
    • /
    • 2017
  • Android is now the most popular smartphone platform and remains rapid growth. There are huge number of sensitive privacy information stored in Android devices. Kinds of methods have been proposed to detect Android malicious applications and protect the privacy information. In this work, we focus on extracting the fine-grained features to maximize the information of Android malware detection, and selecting the least joint features to minimize the number of features. Firstly, permissions and APIs, not only from Android permissions and SDK APIs but also from the developer-defined permissions and third-party library APIs, are extracted as features from the decompiled source codes. Secondly, feature selection methods, including information gain (IG), regularization and particle swarm optimization (PSO) algorithms, are used to analyze and utilize the correlation between the features to eliminate the redundant data, reduce the feature dimension and mine the useful joint features. Furthermore, regularization and PSO are integrated to create a new joint feature mining method. Experiment results show that the joint feature mining method can utilize the advantages of regularization and PSO, and ensure good performance and efficiency for Android malware detection.

Study to detect and block leakage of personal information : Android-platform environment (개인정보 유출 탐지 및 차단에 관한 연구 : 안드로이드 플랫폼 환경)

  • Choi, Youngseok;Kim, Sunghoon;Lee, Dong Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.4
    • /
    • pp.757-766
    • /
    • 2013
  • The Malicious code that targets Android is growing dramatically as the number of Android users are increasing. Most of the malicious code have an intention of leaking personal information. Recently in Korea, a malicious code 'chest' has appeared and generated monetary damages by using malicious code to leak personal information and try to make small purchases. A variety of techniques to detect personal information leaks have been proposed on Android platform. However, the existing techniques are hard to apply to the user's smart-phone due to the characteristics of Android security model. This paper proposed a technique that detects and blocks file approaches and internet connections that are not allowed access to personal information by using the system call hooking in the kernel and white-list based approach policy. In addition, this paper proved the possibility of a real application on smart-phone through the implementation.

IU_AMDroid : An Integrated User Authority Manager Model for the Android Platform (안드로이드 플랫폼을 위한 통합적인 사용자 인증 관리 모델)

  • Nam, Choon-Sung;Jang, Kyung-Soo;Shin, Dong-Ryeol
    • The Journal of the Korea Contents Association
    • /
    • v.13 no.11
    • /
    • pp.533-540
    • /
    • 2013
  • Currently, as the Android platform only supports single-user protection, it needs security solution for multi-users. Specially, it has to protect specific applications which have personal and financial information, and be available to support authority management for contents access. Thus, this paper proposes an integrated user authority manger model for the Android platform. It helps application authority which is capable to divide into three statuses: installation, execution, deletion with the help of information technology.

An analysis of vulnerability and the method to secure on Android SNS applications from alteration of the code segments (안드로이드 기반 SNS 어플리케이션의 코드 변조를 통한 취약점 분석 및 보안 기법 연구)

  • Lee, Sang Ho;Ju, Da Young
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.2
    • /
    • pp.213-221
    • /
    • 2013
  • According to the rapid growth of the number of SNS(Social Networking Service) applications based on Android OS, the importance of its security is also raised. Especially, many applications using KaKaoTalk platform has been released in these days, and these are top ranked in the relative markets. However, security issues on SNS applications have not been resolved clearly. Therefore, it is crucial to provide means to cope with the security threats posed by code-segment modification in the development stage of Android OS based SNS applications. In this paper, we analyze the security threats by modifying SNS application code segments and suggest effective security techniques.

Solutions for Adjusting SELinux To Android-Powered Devices (안드로이드 응용 단말기를 위한 SELinux 환경설정 방법)

  • Vu, Anh-Duy;Han, Jea-Il;Kim, Young-Man
    • Proceedings of the KAIS Fall Conference
    • /
    • 2011.12b
    • /
    • pp.565-568
    • /
    • 2011
  • Google Android framework consists of an operating system and software platform for mobile devices. Using a general-purpose Linux operating system in mobile device has some advantages but also security risks. Security-Enhanced Linux (SELinux) is a kernel-based protection approach which can help to reduce potential damage from successful attacks. However, there are some challenges to integrate SELinux in Android. In this research, we do a study on how to do the integration and find out four challenges. The first one is that the Android file system (yaff2) does not support security namespace for extended attribute (xattr) which is required by SELinux. The second one is that it's difficult to apply SELinux policy to Dalvik process on which an Android application runs on. The third one is that Android lacks methods, tools and libraries to interact with SELinux. The last one is how to update the SELinux policy automatically when installing or removing an application. In this paper, we propose solutions for the above limitations that make the SELinux more adaptive and suitable for Android framework.

  • PDF