静的解析によるAndroidパーミッションの利用目的の可視化方法  [in Japanese] Static Analysis for Highlighting what Android Application Does with Permissions  [in Japanese]

Access this Article

Search this Article

Author(s)

Abstract

Androidには利用者情報漏えい等を防ぐためのパーミッションシステムがある.このシステムは,アプリケーションが「連絡先データの読み取り」や「完全なインターネットアクセス」等のパーミッションを利用することの許可をインストール時にユーザに求める.しかし,マルウェアによる利用者情報漏えいが生じていることから,当該システムは十分に機能していない.我々はこの主原因を当該システムがパーミッションの利用目的をユーザに通知しない点にあると仮定した.利用目的とは,アプリケーションが「端末の電話番号」や「電話帳のメールアドレス」等の情報をどこのURL等に送信しているかを指す.そこで,本研究ではユーザがパーミッションの利用目的を理解しやすいように,アプリケーションを静的解析し,利用目的を可視化する方法を提案する.本論文では,提案手法はパーミッションシステムよりも既存のマルウェアを判別容易にするかを評価する.Android has a permission system to prevent identity theft and so on. The system makes an android user grant the permissions such as "Full internet access" and/or "Read your contacts" to an application. However,this system is not enough to prevent identity theft because a lot of the identity theft has occurred. We assumed that the main problem of the theft is caused by the system which does not notify the user the purpose of the application. Here, the purpose implies that the sensitive data such as "Phone number," "e-mail address," etc. are sent to a URL. We therefore propose a static analysis method for highlighting what the application does with permission so that the user can understand the purpose of the application. In this paper, we evaluate our method whether it can provide us more sufficient information for determining malware correctly than the existing permission system.

Android has a permission system to prevent identity theft and so on. The system makes an android user grant the permissions such as "Full internet access" and/or "Read your contacts" to an application. However,this system is not enough to prevent identity theft because a lot of the identity theft has occurred. We assumed that the main problem of the theft is caused by the system which does not notify the user the purpose of the application. Here, the purpose implies that the sensitive data such as "Phone number," "e-mail address," etc. are sent to a URL. We therefore propose a static analysis method for highlighting what the application does with permission so that the user can understand the purpose of the application. In this paper, we evaluate our method whether it can provide us more sufficient information for determining malware correctly than the existing permission system.

Journal

  • IPSJ Journal

    IPSJ Journal 56(1), 391-400, 2015-01-15

    Information Processing Society of Japan (IPSJ)

Codes

  • NII Article ID (NAID)
    110009867121
  • NII NACSIS-CAT ID (NCID)
    AN00116647
  • Text Lang
    JPN
  • Article Type
    Journal Article
  • ISSN
    1882-7764
  • Data Source
    NII-ELS  IPSJ 
Page Top