Transcript A Methodology for Empirical Analysis of Permission
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID
David Barrera, H. Güne¸s Kayacık, P.C. van Oorschot, Anil Somayaji Carleton University, Ottawa, ON, Canada ACM CCS(2010)
Agenda
Introduction Access control systems Permission-Based Security Related Work Android Permission Model Self-Organizing Maps(SOM) Result Further Discussion&Conclusion
Introduction
Restrict actions on specific resources Access control lists (ACLs) permission-based security models Empirical analysis Objectives investigate how the permission-based system in Android is used in practice Identify the strengths and limitations of the current implementation
Introduction
Android uses ACLs extensively to mediate inter process communication (IPC) and to control access to special functionality on the device Advantages Prevent malware inform users what applications are capable of doing once installed Contribution a novel methodology for exploring and empirically analyzing permission-based models
Access control systems
Access control lists allows a subject to perform an action on an object only if the subject has been assigned the necessary permissions.
More sophisticated ACL-based systems allow the specification of a complex policy to control more parameters of how an object can be accessed.
Each ACL only restricts access to one action.
Permission-Based Security
Android requires that developers declare in a manifest a list of permissions which the user must accept prior to installing an application Google Chrome web browser uses a permission based architecture in its extension system Blackberry OS enforces through signature validation that an application has been granted permissions to access the controlled APIs
Related Work
Enck et al. describe the design and implementation of a framework to detect potentially malicious applications based on permissions requested by Android applications Barth et al. analyzed 25 browser extensions for Firefox and identified that 78% are given more privileges than necessary
Android Permission Model
Android Market Android applications are written in Java syntax and each run in a custom virtual machine known as Dalvik Any third party application can define new Functionality
Android Permission Model
Every application written for the Android platform must include an XML-formatted file named AndroidManifest.xml.
Permissions are enforced by Android at runtime, but must be accepted by the user at install time
Android Permission Model
we used the Android Asset Packaging Tool to extract the manifest and read all XML entries of type uses-permission x = [x 1 , x 2 , …, x j ] T ∈ {0, 1} j x j :the permission j is requested Some error Duplicate permission error Request permission that do not exist
Self-Organizing Maps(SOM)
SOM is a type of neural network algorithm, which employs unsupervised learning Characteristics: SOM provides a 2-dimensional visualization of the high dimensional data the component analysis of SOM can identify correlation between permissions.
Self-Organizing Maps(SOM)
Self-Organizing Maps(SOM)
Results
Effectively clustering the applications requesting similar permissions into the same neighborhood.
Winner-take-all Applications from different categories can request similar sets of permissions
Results
a.p.INTERNET permission is requested by the majority of applications in our dataset (over 60%)
Results
The analysis of component planes can reveal correlations between permissions a.p.INTERNET permission fails to provide sufficiently fine-grained control of the resources Many permissions are requested by only a few applications.
Further Discussion&Conclusion
Having finer-grained permissions in a permission-based system enables users to have detailed control over what actions are allowed to take place Enhancements: Logical permission grouping → fine-grained hierarchical permission Logically grouping all self-defined permissions under one category Hope that the SOM-based methodology, including visualization, is of use to others exploring independent permission-based models