Modeling and Analysis of Intentional And Unintentional Security Vulnerabilities in a Mobile Platform Page: 39
xi, 149 pages : illustrations (chiefly color)View a full description of this dissertation.
Extracted Text
The following text was automatically extracted from the image on this page using optical character recognition software:
CHAPTER 5
ANDROID APP PERMISSIONS AND I-SHAPE ANALYSIS FOR MALWARE DETECTION
I-shape is a key component in identifying malicious apps in my malware detection ap-
proach. In chapter 2, section 2.4, I have introduced the concept of I-shape. In this chapter, I
discuss how I extracted the permission requests from the applications in the dataset and used them
to create the I-shapes.
5.1. Permission Extraction & I-Shape Construction
Every android app consists of a file named AndroidManifest . xml which describes
the important information of an app to the Android OS. The Android OS security feature al-
lows the app to access critical functionalities on a need basis, which are requested via this
AndroidManifest . xml. Thus, in this file, under the tag <uses-permission /> one can
find different types of access permission request the app requesting from the OS for it to execute.
If a permission is not defined in this manifest file, even if the app's java code attempt to access the
resource with APIs, the OS will refuse these requests and will throw a runtime exception. There-
fore, the manifest file is the most reliable place to look for what type of permissions are required
by the app to execute on an Android operating system.
I-shape is composed of an app's permission requests. In general, I-shape represents the
shape of the permission requests probability distribution in a group of apps. Here, the app group
must be homogeneous, in order for the I-shape to represent a meaningful information. Thus, I
grouped the apps based on its task-intentions such that it forms a cohesive homogeneous group.
Now, when the I-shapes are constructed for each of these task-intention groups, the I-shape dictates
that this is the most probable permission request signature these type of apps request. It will be
very useful in determining the malicious behavior of an unknown app. This is discussed in the next
chapter.
The content in this chapter is reproduced from Mohamed Fazeen and Ram Dantu, "Another free app: Does it have the
right intentions?", Privacy, Security and Trust (PST), 2014 Twelfth Annual International Conference on, July 2014,
pp. 282-289, with permission from IEEE.39
Upcoming Pages
Here’s what’s next.
Search Inside
This dissertation can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Dissertation.
Mohamed Issadeen, Mohamed Fazeen. Modeling and Analysis of Intentional And Unintentional Security Vulnerabilities in a Mobile Platform, dissertation, December 2014; Denton, Texas. (https://digital.library.unt.edu/ark:/67531/metadc700067/m1/53/: accessed July 18, 2024), University of North Texas Libraries, UNT Digital Library, https://digital.library.unt.edu; .