A METHODOLOGY FOR EMPIRICAL
ANALYSIS OF
PERMISSION-BASED SECURITY MODELS
AND ITS APPLICATION TO ANDROID
David Barrera, H. Güne¸s Kayacık, P.C. van Oorschot, Anil Somayaji
Carleton University, Ottawa, ON, Canada
ACM CCS(2010)
Agenda








Introduction
Access control systems
Permission-Based Security
Related Work
Android Permission Model
Self-Organizing Maps(SOM)
Result
Further Discussion&Conclusion
Introduction

Restrict actions on specific resources
 Access
control lists (ACLs)
 permission-based security models

Empirical analysis
 Objectives
 investigate
how the permission-based system in Android is
used in practice
 Identify the strengths and limitations of the current
implementation
Introduction

Android uses ACLs extensively to mediate interprocess communication (IPC) and to control access to
special functionality on the device
 Advantages
 Prevent
malware
 inform users what applications are capable of doing once
installed

Contribution
a
novel methodology for exploring and empirically
analyzing permission-based models
Access control systems



Access control lists allows a subject to perform an
action on an object only if the subject has been
assigned the necessary permissions.
More sophisticated ACL-based systems allow the
specification of a complex policy to control more
parameters of how an object can be accessed.
Each ACL only restricts access to one action.
Permission-Based Security



Android requires that developers declare in a
manifest a list of permissions which the user must
accept prior to installing an application
Google Chrome web browser uses a permissionbased architecture in its extension system
Blackberry OS enforces through signature
validation that an application has been granted
permissions to access the controlled APIs
Related Work


Enck et al. describe the design and implementation of a
framework to detect potentially malicious applications
based on permissions requested by Android applications
Barth et al. analyzed 25 browser extensions for Firefox
and identified that 78% are given more privileges than
necessary
Android Permission Model



Android Market
Android applications are written in Java syntax and
each run in a custom virtual machine known as Dalvik
Any third party application can define new Functionality
Android Permission Model


Every application written for the Android platform
must include an XML-formatted file named
AndroidManifest.xml.
Permissions are enforced by Android at runtime, but
must be accepted by the user at install time
Android Permission Model

we used the Android Asset Packaging Tool to
extract the manifest and read all XML entries of
type uses-permission
x
= [x1, x2, …, xj ]T ∈ {0, 1}j
 xj:the

permission j is requested
Some error
 Duplicate
permission error
 Request permission that do not exist
Self-Organizing Maps(SOM)


SOM is a type of neural network algorithm, which
employs unsupervised learning
Characteristics:
 SOM
provides a 2-dimensional visualization of the high
dimensional data
 the component analysis of SOM can identify correlation
between permissions.
Self-Organizing Maps(SOM)


Self-Organizing Maps(SOM)

Results



Effectively clustering the applications requesting
similar permissions into the same neighborhood.
Winner-take-all
Applications from different categories can request
similar sets of permissions
Results

a.p.INTERNET permission is requested by the
majority of applications in our dataset (over 60%)
Results



The analysis of component planes can reveal
correlations between permissions
a.p.INTERNET permission fails to provide sufficiently
fine-grained control of the resources
Many permissions are requested by only a few
applications.
Further Discussion&Conclusion


Having finer-grained permissions in a permission-based
system enables users to have detailed control over what
actions are allowed to take place
Enhancements:
Logical permission grouping→fine-grained hierarchical
permission
 Logically grouping all self-defined permissions under one
category


Hope that the SOM-based methodology, including
visualization, is of use to others exploring independent
permission-based models