Data model for android package information and its application to risk analysis system

Proceedings of the ACM Conference on Computer and Communications Security

Volumn 2014-November, Issue November, 2014, Pages 71-80

  Takahashi, Takeshi ^a   Nakao, Koji ^a   Kanaoka, Akira ^a  

^a NATIONAL INSTITUTE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY   (Japan)

Author keywords

Android package; APK; Data model; Information exchange; Information sharing; Risk analysis; Security alert

Indexed keywords

DATA STRUCTURES; INFORMATION ANALYSIS; RISK ANALYSIS; RISK ASSESSMENT; ROBOTS;

INFORMATION EXCHANGES; INFORMATION SHARING; ITS APPLICATIONS; PROTOTYPE IMPLEMENTATIONS; RISK ANALYSIS SYSTEMS; SECURITY ALERTS; SECURITY RISKS;

INFORMATION DISSEMINATION;

EID: 84937695881     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2663876.2663881     Document Type: Conference Paper

References (28)

1. R. Danyliw, J. Meijer, and Y. Demchenko. The Incident Object Description Exchange Format. RFC 5070 (Proposed Standard), 2007. Updated by RFC 6685.
2. T. Takahashi, and Y. Kadobayashi. Mechanism for linking and discovering structured cybersecurity information over networks. In IEEE International Conference on Semantic Computing. 2014.
3. P. Mell, K. Scarfone, and S. Romanosky. The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems. NIST Interagency Report 7435, 2007.
4. B. A. Cheikes, D. Waltermire, and K. Scarfone. Common Platform Enumeration: Naming Specification Version 2.3. National Institute of Standards and Technology, Maryland, USA, 2011. NIST Interagency Report 7695.
5. Chin E, Felt AP, Greenwood K, et al. Analyzing inter-application communication in android. The International Conference on Mobile Systems, Applications, and Services(MobiSys), 2011.
6. ITU-T. Language for the open definition of vulnerabilities and for the assessment of a system state. International Telecommunications Union, Geneva, Switzerland, 2014. ITU-T Recommendation X.1526.
7. MITRE. The OVAL Project. https://github.com/OVALProject, 2014.
8. The MITRE Corporation. Common Vulnerability and Exposures (CVE). http://cve.mitre.org/2011.
9. N. Ziring, and S. D. Quinn. Specification for the Extensible Configuration Checklist Description Format (XCCDF) version 1.1.4. NIST Interagency Report 7275 Revision 3, 2008.
10. The MITRE Corporation. Common Result Format Specification Version 0.3. http://crf.mitre.org/2014.
11. IEEE ICSG Malware Metadata Exchange Format Working Group. Malware Metadata Exchange Format Version 1.2, 2014. http://grouper.ieee.org/groups/malware/malwg/Schema1.2/.
12. The MITRE Corporation. Making Security Measurable. http://msm.mitre.org/2014.
13. National Institute of Standards and Technology. National Vulnerability Database (NVD). http://nvd.nist.gov/2011.
14. The Open Source Vulnerability Database (OSVDB). http://osvdb.org/2011.
15. Red Hat Inc. Security Measurement. https://www.redhat.com/security/data/metrics/2014.
16. JPCERT/CC and IPA. Japan Vulnerability Notes. http://jvn.jp/2014.
17. G. Klyne, and J. J. Carroll. Resource Description Framework (RDF): Concepts and Abstract Syntax. The World Wide Web Consortium, 2004.
18. Voas J, Quirolgico S, Michael C, et al. Technical Considerations for Vetting 3rd Party Mobile Applications (Draft). National Institute of Standards and Technology, Maryland, USA, 2014. NIST special publication 800-163.
19. Wang Y, Zheng J, Sun C, et al. Quantitative security risk assessment of android permissions and applications. Springer, 2013.
20. Sarma B, Li N, Gates C, et al. Android permissions: A perspective combining risks and benefits. The ACM Symposium on Access Control Models and Technologies(SACMAT), 2012.
21. NetAgent Co. Ltd. Secroid. http://secroid.jp, 2014.
22. Zhou Y, Wang Z, Zhou W, et al. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. The Network and Distributed System Securiy Symposium(NDSS), 2012.
23. Grace M, Zhou Y, Zhang Q, et al. Riskranker: Scalable and accurate zero-day android malware detection. The International Conference on Mobile Systems, Applications, and Services(MobiSys), 2012.
24. Enck W, Octeau D, McDaniel P, et al. A study of android application security. USENIX Security Symposium, 2011.
25. Gibler C, Crussell J, Erickson J, et al. Androleaks:automatically detecting potential privacy leaks in android applications on large scale. International Conference on Trust & Trustworthy Computing(TRUST), 2012.
26. C. Jarabek, D. Barrera, and J. Aycock. Thinav: Truly lightweight mobile cloud-based anti-malware. Annual Computer Security Applications Conference(ACSAC), 2012.
27. Mulliner C, Oberheide J, Robertson W, et al. Patchdroid: Scalable third-party security patches for android devices. In Proceedings of the Annual Computer Security Applications Conference, 2013.
28. Shabtai A, Kanonov U, Elovici Y, et al. gandromalyh: A behavioral malware detection framework for android devices. Springer, 2012.