100 likes | 218 Views
CloudAppSec : Cloud Based Application Security for Android Applications. Animesh Nandanwar 85843974 Kshitij Desai 64167444 Mayuresh Randive 26924684. CloudAppSec. Cloud based service to analyze privileges required for an android mobile application
E N D
CloudAppSec : Cloud Based Application Security for Android Applications Animesh Nandanwar 85843974 Kshitij Desai 64167444 Mayuresh Randive 26924684
CloudAppSec • Cloud based service to analyze privileges required for an android mobile application • Protects and notifies mobile device user from malicious application that do not conform to security privileges
Motivation • Widespread adoption of android devices • Large number of mobile applications and application developers • Open Source : Useful for attackers and defenders • But.. no way to verify authenticity of application • In past, many application like iCalendar compromised user security • Hence, design goal is to provide user security from applications
Malware Analysis of android application • Applications use Manifest.xml to request permissions • All Android apps must declare the permissions they want to have • Maps directly to what’s displayed on-screen when you install the application • Nobody actually pays attention when they install them • Some permission applications just don’t require e.g. iCalendar requires SEND_SMS permission
Static vs. Dynamic Malware Analysis • Two options when analyzing any given program: static or dynamic analysis • Static analysis = examining code, do analysis on android .Apk file, analyze APIs used in application • Dynamic analysis = running application and observing code paths, logging system calls
CloudAppSec Design • Static analysis on app .APK file • Extract .apk and run static analysis to determine application permissions • Perform API search in extracted files, map searched APIs to permissions using API mapper • Notify user application permissions in users understandable manner and let users decide if they want to keep or uninstall application • iCalendar application analysis will return “Application is using SEND_SMS API” to user • User learns this and decides to uninstall application
CloudApp Architecture 1. User selects .APK file 3. Access API mapping 2. Upload .APK Cloud Storage 5. Return APIs accessed by App and corresponding permissions 4. Return API mappings 6. User analyzes permission
Thank you for your interest in our Project !!! ANY QUESTIONS??