权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

App Guarden: Resilient Application Stores

App Guarden：有弹性的应用程序商店

基本信息

批准号：
EP/K032666/1
负责人：
David Aspinall
金额：
$ 74.97万
依托单位：
University of Edinburgh
依托单位国家：
英国
项目类别：
Research Grant
财政年份：
2013
资助国家：
英国
起止时间：
2013 至无数据
项目状态：
已结题

来源：
https://gtr.ukri.org/projects?ref=EP%2FK032666%2F1
关键词：
App Guarden Resilient Application Stores

项目摘要

Application stores are set to become the dominant model for software distribution. After only four years, they are incredibly successful. In 2012, Apple's App Store and Google's Play Store each topped 25 billion app downloads. App stores not only offer apps and media content, they also have near total control on phones and tablets that connect to them. Hundreds of millions of people place their trust in app store and device security every day. Unfortunately, this trust is sometimes misplaced and is starting to be eroded.Also in 2012, mobile malware took off: tens of thousands of rogue apps have been found `in the wild', including premium-rate SMS-sending apps, mobile botnets that are orchestrated to attack others, Trojans that steal passwords, and spyware that monitors users' activities. Legitimate apps and mobile operating systems have also had flaws leading to exploits and information leaks. And as the Wired reporter Mat Honan discovered painfully this summer, the convenience of cloud backed-up synchronized devices means that a single break-in can destroy your data everywhere, in one fell swoop.App stores of the future, and the devices they control, must be better defended and resilient under attack. Users and data owners need justifiable confidence that apps will behave well and will not cause damage, whether by accident through bugs, or by intention through malicious design. Security should be ever present but unobtrusive, not impacting performance or causing crashes, not forever downloading patches, not demanding complex decisions, and not in the hands of just one party. Our research will examine a number of improvements to app stores and mobile device operating systems which will take us closer to future generation, secure app stores.For example, we will design algorithms that will automatically analyse apps to ensure they are safe. At the moment, this has to be done manually by malware analysts in expensive, time-consuming and sometimes unreliable ways. Another improvement is to add "digital evidence" to apps. Digital evidence can guarantee that an app is safe and it can be checked automatically, even on a phone. Evidence establishes that the code is safe, whereas the current state-of-the-art in industry is code signing, which at best only says where the code has come from. Finally, we want to find natural, user-friendly security policies: rather than the user examining a long list of complicated permissions as currently happens in Android, we want to have a set of sensible policies for different types of app. Under the bonnet the controls will actually be more precise than at present: with our solution, a game, for example, would not be allowed to access anywhere on the Internet, just the few places that it really needs to go; a text-messaging app might only be allowed to send messages to contacts from a users address book, not unknown numbers that might be premium-rate.

应用程序商店将成为软件分发的主导模式。仅仅四年后，他们就取得了令人难以置信的成功。2012年，苹果App Store和谷歌Play Store的应用下载量分别超过250亿次。应用程序商店不仅提供应用程序和媒体内容，他们还几乎完全控制连接到他们的手机和平板电脑。每天都有数亿人信任应用商店和设备安全。同样在2012年，移动的恶意软件开始流行：成千上万的流氓应用被发现“在野外”，包括收费短信发送应用、精心策划攻击他人的移动的僵尸网络、窃取密码的木马和监视用户活动的间谍软件。合法的应用程序和移动的操作系统也存在导致漏洞利用和信息泄露的缺陷。正如《连线》（Wired）记者马特·霍南（Mat Honan）今年夏天痛苦地发现的那样，云备份同步设备的便利性意味着，一次入侵就能一举摧毁你所有地方的数据。未来的应用程序商店及其控制的设备必须得到更好的防御，在受到攻击时具有更好的弹性。用户和数据所有者需要合理的信心，即应用程序将表现良好，不会造成损害，无论是通过错误的意外，还是通过恶意设计的意图。安全性应该始终存在，但不引人注目，不影响性能或导致崩溃，不永远下载补丁，不要求复杂的决策，而不是只掌握在一方手中。我们的研究将对应用程序商店和移动终端操作系统进行一些改进，这些改进将使我们更接近下一代安全的应用程序商店。例如，我们将设计自动分析应用程序的算法，以确保它们是安全的。目前，这必须由恶意软件分析师以昂贵、耗时且有时不可靠的方式手动完成。另一项改进是为应用程序添加“数字证据”。数字证据可以保证应用程序是安全的，即使在手机上也可以自动检查。有证据表明代码是安全的，而目前行业中最先进的技术是代码签名，它充其量只能说明代码来自哪里。最后，我们希望找到自然的、用户友好的安全策略：而不是像Android中目前发生的那样，用户检查一长串复杂的权限，我们希望为不同类型的应用程序提供一套合理的策略。在引擎盖下，控制实际上比现在更精确：使用我们的解决方案，例如，一个游戏将不被允许访问互联网上的任何地方，只是它真正需要去的几个地方;文本消息应用程序可能仅被允许向来自用户地址簿的联系人发送消息，而不是可能是高级费率的未知号码。