A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID David Barrera, H. Güne¸s Kayacık, P.C. van Oorschot, Anil Somayaji Carleton University, Ottawa, ON, Canada ACM CCS(2010) Agenda Introduction Access control systems Permission-Based Security Related Work Android Permission Model Self-Organizing Maps(SOM) Result Further Discussion&Conclusion Introduction Restrict actions on specific resources Access control lists (ACLs) permission-based security models Empirical analysis Objectives investigate how the permission-based system in Android is used in practice Identify the strengths and limitations of the current implementation Introduction Android uses ACLs extensively to mediate interprocess communication (IPC) and to control access to special functionality on the device Advantages Prevent malware inform users what applications are capable of doing once installed Contribution a novel methodology for exploring and empirically analyzing permission-based models Access control systems Access control lists allows a subject to perform an action on an object only if the subject has been assigned the necessary permissions. More sophisticated ACL-based systems allow the specification of a complex policy to control more parameters of how an object can be accessed. Each ACL only restricts access to one action. Permission-Based Security Android requires that developers declare in a manifest a list of permissions which the user must accept prior to installing an application Google Chrome web browser uses a permissionbased architecture in its extension system Blackberry OS enforces through signature validation that an application has been granted permissions to access the controlled APIs Related Work Enck et al. describe the design and implementation of a framework to detect potentially malicious applications based on permissions requested by Android applications Barth et al. analyzed 25 browser extensions for Firefox and identified that 78% are given more privileges than necessary Android Permission Model Android Market Android applications are written in Java syntax and each run in a custom virtual machine known as Dalvik Any third party application can define new Functionality Android Permission Model Every application written for the Android platform must include an XML-formatted file named AndroidManifest.xml. Permissions are enforced by Android at runtime, but must be accepted by the user at install time Android Permission Model we used the Android Asset Packaging Tool to extract the manifest and read all XML entries of type uses-permission x = [x1, x2, …, xj ]T ∈ {0, 1}j xj:the permission j is requested Some error Duplicate permission error Request permission that do not exist Self-Organizing Maps(SOM) SOM is a type of neural network algorithm, which employs unsupervised learning Characteristics: SOM provides a 2-dimensional visualization of the high dimensional data the component analysis of SOM can identify correlation between permissions. Self-Organizing Maps(SOM) Self-Organizing Maps(SOM) Results Effectively clustering the applications requesting similar permissions into the same neighborhood. Winner-take-all Applications from different categories can request similar sets of permissions Results a.p.INTERNET permission is requested by the majority of applications in our dataset (over 60%) Results The analysis of component planes can reveal correlations between permissions a.p.INTERNET permission fails to provide sufficiently fine-grained control of the resources Many permissions are requested by only a few applications. Further Discussion&Conclusion Having finer-grained permissions in a permission-based system enables users to have detailed control over what actions are allowed to take place Enhancements: Logical permission grouping→fine-grained hierarchical permission Logically grouping all self-defined permissions under one category Hope that the SOM-based methodology, including visualization, is of use to others exploring independent permission-based models