1 / 10

CloudAppSec : Cloud Based Application Security for Android Applications

CloudAppSec : Cloud Based Application Security for Android Applications. Animesh Nandanwar 85843974 Kshitij Desai 64167444 Mayuresh Randive 26924684. CloudAppSec. Cloud based service to analyze privileges required for an android mobile application

cfierro
Download Presentation

CloudAppSec : Cloud Based Application Security for Android Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CloudAppSec : Cloud Based Application Security for Android Applications Animesh Nandanwar 85843974 Kshitij Desai 64167444 Mayuresh Randive 26924684

  2. CloudAppSec • Cloud based service to analyze privileges required for an android mobile application • Protects and notifies mobile device user from malicious application that do not conform to security privileges

  3. Motivation • Widespread adoption of android devices • Large number of mobile applications and application developers • Open Source : Useful for attackers and defenders • But.. no way to verify authenticity of application • In past, many application like iCalendar compromised user security • Hence, design goal is to provide user security from applications

  4. Malware Analysis of android application • Applications use Manifest.xml to request permissions • All Android apps must declare the permissions they want to have • Maps directly to what’s displayed on-screen when you install the application • Nobody actually pays attention when they install them • Some permission applications just don’t require e.g. iCalendar requires SEND_SMS permission

  5. Static vs. Dynamic Malware Analysis • Two options when analyzing any given program: static or dynamic analysis • Static analysis = examining code, do analysis on android .Apk file, analyze APIs used in application • Dynamic analysis = running application and observing code paths, logging system calls

  6. CloudAppSec Design • Static analysis on app .APK file • Extract .apk and run static analysis to determine application permissions • Perform API search in extracted files, map searched APIs to permissions using API mapper • Notify user application permissions in users understandable manner and let users decide if they want to keep or uninstall application • iCalendar application analysis will return “Application is using SEND_SMS API” to user • User learns this and decides to uninstall application

  7. CloudApp Architecture 1. User selects .APK file 3. Access API mapping 2. Upload .APK Cloud Storage 5. Return APIs accessed by App and corresponding permissions 4. Return API mappings 6. User analyzes permission

  8. Placeholder for screenshots and Results

  9. Placeholder for screenshots and Results

  10. Thank you for your interest in our Project !!! ANY QUESTIONS??

More Related