Design for a cloud-based hybrid Android application security assessment framework
Document Type
Conference Proceeding
Publication Title
2014 10th International Conference on Reliability, Maintainability and Safety (ICRMS)
Publisher
IEEE
School
School of Science
RAS ID
19133
Abstract
Android platforms occupy predominant proportion of mobile market. Billions of Android apps are held on different public app markets or private repositories which needs an integrated procedure to control the security risks for the applications submitted from developers. To ensure the delivery of safe applications, the developers also need to identify potential security issues within the applications before the submissions. The industry lacks of an approach that can provide accurate, efficient and agile security assessment for Android applications. Based on the concept of data fusion, we design a hybrid assessment framework that combines white-box, black-box assessment and environmental forensic techniques. The proposed hybrid assessment framework is aimed to improve the overall assessment quality by harmonizing the merits of various conventional assessment techniques into an integrated system. Moreover, as security analysis usually requires databases with large volume of signature information and huge computing capacity used for vulnerability searching, the difficulty of the assessment is even increased if the application developers and inspectors are geographically distributed. We propose a cloud-based deployment strategy to enhance the accessibility, flexibility and cost-efficiency for the hybrid security assessment system.
DOI
10.1109/ICRMS.2014.7107254
Access Rights
subscription content
Comments
Zhong, H., & Xiao, J. (2014). Design for a cloud-based hybrid Android application security assessment framework. In Proceedings of the IEEE 2014 10th International Conference on Reliability, Maintainability and Safety (ICRMS) (pp. 539-546). Available here