Title

Design for a cloud-based hybrid Android application security assessment framework

Document Type

Conference Proceeding

Publication Title

2014 10th International Conference on Reliability, Maintainability and Safety (ICRMS)

Publisher

IEEE

School

School of Science

RAS ID

19133

Comments

Originally published as: Zhong, H., & Xiao, J. (2014). Design for a cloud-based hybrid Android application security assessment framework. In Proceedings of the IEEE 2014 10th International Conference on Reliability, Maintainability and Safety (ICRMS) (pp. 539-546). Original publication available here

Abstract

Android platforms occupy predominant proportion of mobile market. Billions of Android apps are held on different public app markets or private repositories which needs an integrated procedure to control the security risks for the applications submitted from developers. To ensure the delivery of safe applications, the developers also need to identify potential security issues within the applications before the submissions. The industry lacks of an approach that can provide accurate, efficient and agile security assessment for Android applications. Based on the concept of data fusion, we design a hybrid assessment framework that combines white-box, black-box assessment and environmental forensic techniques. The proposed hybrid assessment framework is aimed to improve the overall assessment quality by harmonizing the merits of various conventional assessment techniques into an integrated system. Moreover, as security analysis usually requires databases with large volume of signature information and huge computing capacity used for vulnerability searching, the difficulty of the assessment is even increased if the application developers and inspectors are geographically distributed. We propose a cloud-based deployment strategy to enhance the accessibility, flexibility and cost-efficiency for the hybrid security assessment system.

DOI

10.1109/ICRMS.2014.7107254

Share

 
COinS