Presentation is loading. Please wait.

Presentation is loading. Please wait.

CloudAppSec : Cloud Based Application Security for Android Applications Animesh Nandanwar85843974 Kshitij Desai 64167444 Mayuresh Randive26924684.

Published byRodger Harrell Modified over 8 years ago

Similar presentations

Presentation on theme: "CloudAppSec : Cloud Based Application Security for Android Applications Animesh Nandanwar85843974 Kshitij Desai 64167444 Mayuresh Randive26924684."— Presentation transcript:

1 CloudAppSec : Cloud Based Application Security for Android Applications Animesh Nandanwar85843974 Kshitij Desai 64167444 Mayuresh Randive26924684

2 CloudAppSec Cloud based service to analyze privileges required for an android mobile application Protects and notifies mobile device user from malicious application that do not conform to security privileges

3 Motivation Widespread adoption of android devices Large number of mobile applications and application developers Open Source : Useful for attackers and defenders But.. no way to verify authenticity of application In past, many application like iCalendar compromised user security Hence, design goal is to provide user security from applications

4 Malware Analysis of android application Applications use Manifest.xml to request permissions All Android apps must declare the permissions they want to have  Maps directly to what’s displayed on-screen when you install the application  Nobody actually pays attention when they install them Some permission applications just don’t require e.g. iCalendar requires SEND_SMS permission

5 Static vs. Dynamic Malware Analysis Two options when analyzing any given program: static or dynamic analysis Static analysis = examining code, do analysis on android.Apk file, analyze APIs used in application Dynamic analysis = running application and observing code paths, logging system calls

6 CloudAppSec Design Static analysis on app.APK file  Extract.apk and run static analysis to determine application permissions  Perform API search in extracted files, map searched APIs to permissions using API mapper Notify user application permissions in users understandable manner and let users decide if they want to keep or uninstall application  iCalendar application analysis will return “Application is using SEND_SMS API” to user  User learns this and decides to uninstall application

7 CloudApp Architecture Cloud Storage 1. User selects.APK file 6. User analyzes permission 2. Upload.APK 3. Access API mapping 4. Return API mappings 5. Return APIs accessed by App and corresponding permissions

8 Placeholder for screenshots and Results

9

10 Thank you for your interest in our Project !!! ANY QUESTIONS??

Download ppt "CloudAppSec : Cloud Based Application Security for Android Applications Animesh Nandanwar85843974 Kshitij Desai 64167444 Mayuresh Randive26924684."

Similar presentations

Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.

Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.
The Threat Landscape Jan 2013. 2013 Threat Report 2.

The Threat Landscape Jan Threat Report 2.
Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.

Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.

SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.

3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
Security of Mobile Applications Vitaly Shmatikov CS 6431.

Security of Mobile Applications Vitaly Shmatikov CS 6431.
Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.

Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.
ANDROID PROGRAMMING MODULE 1 – GETTING STARTED

ANDROID PROGRAMMING MODULE 1 – GETTING STARTED
William Enck, Machigar Ongtang, and Patrick McDaniel.

William Enck, Machigar Ongtang, and Patrick McDaniel.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
Presentation By Deepak Katta

Presentation By Deepak Katta
Motivation. Part of Deutsche Telekom project:

Motivation. Part of Deutsche Telekom project:
Introduction to Mobile Malware

Introduction to Mobile Malware
Sophos Mobile Security

Sophos Mobile Security
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.

Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.
Testing Tools. Categories of testing tools Black box testing, or functional testing Testing performed via GUI. The tool helps in emulating end-user actions.

Testing Tools. Categories of testing tools Black box testing, or functional testing Testing performed via GUI. The tool helps in emulating end-user actions.

Similar presentations

Ads by Google