Automated generation of colluding apps for experimental research

Jorge Blasco Alis; Thomas M. Chen

doi:10.1007/s11416-017-0296-4

Automated generation of colluding apps for experimental research

Jorge Blasco Alis, Thomas M. Chen

Department of Information Security

Research output: Contribution to journal › Article › peer-review

191 Downloads (Pure)

Abstract

Colluding apps bypass the security measures enforced by sandboxed operating systems such as Android. App collusion can be a real threat in cloud environments as well. Research in detecting and protecting against app collusion requires a variety of colluding apps for experimentation. Presently the number of (real or manually crafted) apps available to researchers is very limited. In this paper we propose a system called Application Collusion Engine (ACE) to automatically generate combinations of colluding and non-colluding Android apps to help researchers fairly evaluate different collusion detection and protection methods. Our initial implementation includes a variety of components that enable the system to create more than 5,000 different colluding and non-colluding app sets. ACE can be extended with more functional components to create even more colluding apps. To show the usefulness of our system, we have applied different risk evaluation and collusion detection methods to the created set of colluding apps.

Original language	English
Pages (from-to)	127–138
Number of pages	12
Journal	Journal of Computer Virology and Hacking Techniques
Volume	14
Issue number	2
Early online date	6 Apr 2017
DOIs	https://doi.org/10.1007/s11416-017-0296-4
Publication status	Published - May 2018

Access to Document

10.1007/s11416-017-0296-4Licence: CC BY

Accepted ManuscriptAccepted author manuscript, 338 KBLicence: CC BY

Cite this

@article{33e1e40cf02b452fbb6e26d50e231f2f,

title = "Automated generation of colluding apps for experimental research",

abstract = "Colluding apps bypass the security measures enforced by sandboxed operating systems such as Android. App collusion can be a real threat in cloud environments as well. Research in detecting and protecting against app collusion requires a variety of colluding apps for experimentation. Presently the number of (real or manually crafted) apps available to researchers is very limited. In this paper we propose a system called Application Collusion Engine (ACE) to automatically generate combinations of colluding and non-colluding Android apps to help researchers fairly evaluate different collusion detection and protection methods. Our initial implementation includes a variety of components that enable the system to create more than 5,000 different colluding and non-colluding app sets. ACE can be extended with more functional components to create even more colluding apps. To show the usefulness of our system, we have applied different risk evaluation and collusion detection methods to the created set of colluding apps.",

author = "{Blasco Alis}, Jorge and Chen, {Thomas M.}",

year = "2018",

month = may,

doi = "10.1007/s11416-017-0296-4",

language = "English",

volume = "14",

pages = "127–138",

journal = "Journal of Computer Virology and Hacking Techniques",

issn = "2263-8733",

publisher = "Springer Science + Business Media",

number = "2",

}

TY - JOUR

T1 - Automated generation of colluding apps for experimental research

AU - Blasco Alis, Jorge

AU - Chen, Thomas M.

PY - 2018/5

Y1 - 2018/5

N2 - Colluding apps bypass the security measures enforced by sandboxed operating systems such as Android. App collusion can be a real threat in cloud environments as well. Research in detecting and protecting against app collusion requires a variety of colluding apps for experimentation. Presently the number of (real or manually crafted) apps available to researchers is very limited. In this paper we propose a system called Application Collusion Engine (ACE) to automatically generate combinations of colluding and non-colluding Android apps to help researchers fairly evaluate different collusion detection and protection methods. Our initial implementation includes a variety of components that enable the system to create more than 5,000 different colluding and non-colluding app sets. ACE can be extended with more functional components to create even more colluding apps. To show the usefulness of our system, we have applied different risk evaluation and collusion detection methods to the created set of colluding apps.

AB - Colluding apps bypass the security measures enforced by sandboxed operating systems such as Android. App collusion can be a real threat in cloud environments as well. Research in detecting and protecting against app collusion requires a variety of colluding apps for experimentation. Presently the number of (real or manually crafted) apps available to researchers is very limited. In this paper we propose a system called Application Collusion Engine (ACE) to automatically generate combinations of colluding and non-colluding Android apps to help researchers fairly evaluate different collusion detection and protection methods. Our initial implementation includes a variety of components that enable the system to create more than 5,000 different colluding and non-colluding app sets. ACE can be extended with more functional components to create even more colluding apps. To show the usefulness of our system, we have applied different risk evaluation and collusion detection methods to the created set of colluding apps.

U2 - 10.1007/s11416-017-0296-4

DO - 10.1007/s11416-017-0296-4

M3 - Article

SN - 2263-8733

VL - 14

SP - 127

EP - 138

JO - Journal of Computer Virology and Hacking Techniques

JF - Journal of Computer Virology and Hacking Techniques

IS - 2

ER -