权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

App Collusion Detection (ACID)

应用程序合谋检测 (ACID)

基本信息

批准号：
EP/L022699/1
负责人：
Thomas Chen
金额：
$ 22.29万
依托单位：
City, University of London
依托单位国家：
英国
项目类别：
Research Grant
财政年份：
2014
资助国家：
英国
起止时间：
2014 至无数据
项目状态：
已结题

来源：
https://gtr.ukri.org/projects?ref=EP%2FL022699%2F1
关键词：
App Collusion Detection ACID

项目摘要

Malware has been a major problem in desktop computing for decades. With the recent trend towards mobile computing, malware is moving rapidly to smartphone apps. Our business partner McAfee alone collected 17,000 Android malware samples in the most recent quarter, double the rate of the previous year. Criminals are clearly motivated by the opportunity - about one billion smartphones will be sold in 2013, predominantly Android, with more than 10 billion apps downloaded to date. Smartphones pose a particular security risk because they hold personal details (accounts, locations, contacts, photos) and have potential capabilities for eavesdropping (with cameras/microphone, wireless connections). By design, Android is "open" in its flexibility to download apps from different sources. Its security depends on restricting apps by combining digital signatures, sandboxing, and permissions.Unfortunately, these restrictions can be bypassed, without the user noticing, by colluding apps whose combined permissions allow them to carry out attacks that neither app can accomplish by itself. A basic example of collusion consists of one app permitted to access personal data, which passes the data to a second app allowed to transmit data over the network. While collusion is not a widespread threat today, it opens an avenue to circumvent Android permission restrictions that could be easily exploited by criminals to become a serious threat in the near future.The UK Cyber Security Strategy notes that UK industry, as well as the public, needs to have confidence in a safe cyber space. Emerging privacy threats to smartphones are particularly timely to address considering the current controversies about US government data collection and monitoring of private communications. Sensitive data leakage is the main security risk posed by colluding apps, and the proposed project will help maintain users' confidence in smartphone privacy. Currently almost all academic and industry efforts are focusing on detection of single malicious apps. Almost no attention has been given to colluding apps. The threat has been demonstrated only recently. The threat of colluding apps is challenging to detect because of the myriad and possibly stealthy ways in which apps might communicate and collude. Existing antivirus products are not designed to detect collusion. Preliminary research in the literature has not found any reliable means to detect collusion. This project directly addresses the aims of the BACCHUS call by building an important collaboration between McAfee and academic experts in network security, intrusion detection, and formal methods to develop innovative methods for collusion detection. Our industry partner McAfee is a global leading security company with extensive facilities for monitoring, collecting, and analyzing smartphone threats. This project aims to develop novel theoretical and practical methods to detect apps suspected of collusion and perform formal safety checking. The resulting methods will be deployed and tested by the industry partner, McAfee Labs, in their global Threat Intelligence System. If successful, the research project will help to proactively defend smart phones against the emerging threat of colluding apps. McAfee products are some of the most popular with the consumers in the UK, providing day-to-day guarding against PC and mobile threats.Success in this project would mean a rare opportunity for the cyber security community to stay ahead of an emerging threat instead of reacting to a threat already prevalent.

几十年来，恶意软件一直是桌面计算的主要问题。随着最近的移动的计算趋势，恶意软件正在迅速转移到智能手机应用程序。仅我们的业务合作伙伴McAfee就在最近一个季度收集了17，000个Android恶意软件样本，是去年的两倍。犯罪分子显然是受到了这个机会的激励--2013年将售出约10亿部智能手机，其中主要是Android，迄今为止下载的应用程序超过100亿个。智能手机带来了特别的安全风险，因为它们保存了个人详细信息（帐户，位置，联系人，照片），并具有潜在的窃听能力（通过摄像头/麦克风，无线连接）。通过设计，Android是“开放的”，可以灵活地从不同的来源下载应用程序。它的安全性依赖于通过结合数字签名、沙箱和权限来限制应用程序。不幸的是，这些限制可以在用户没有注意到的情况下被合谋的应用程序绕过，这些应用程序的组合权限允许它们执行任何应用程序都无法单独完成的攻击。合谋的一个基本示例包括一个允许访问个人数据的应用程序，该应用程序将数据传递给允许通过网络传输数据的第二个应用程序。虽然共谋目前还不是一个普遍的威胁，但它为规避Android权限限制开辟了一条途径，这些限制可能很容易被犯罪分子利用，在不久的将来成为一个严重的威胁。英国网络安全战略指出，英国工业界和公众都需要对安全的网络空间有信心。考虑到目前有关美国政府数据收集和私人通信监控的争议，智能手机面临的新隐私威胁尤其需要及时解决。敏感数据泄露是串通应用程序带来的主要安全风险，拟议中的项目将有助于维护用户对智能手机隐私的信心。目前，几乎所有的学术和行业努力都集中在检测单个恶意应用程序上。几乎没有人关注串通应用程序。这一威胁最近才得到证实。串通应用程序的威胁是具有挑战性的检测，因为无数的，可能是隐形的方式，应用程序可能沟通和串通。现有的防病毒产品并不是设计用来检测共谋的。文献中的初步研究没有发现任何可靠的手段来检测共谋。该项目通过在McAfee与网络安全、入侵检测和正式方法领域的学术专家之间建立重要合作关系，直接实现了BACCHUS呼吁的目标，以开发用于共谋检测的创新方法。我们的行业合作伙伴McAfee是一家全球领先的安全公司，拥有广泛的监控、收集和分析智能手机威胁的设施。该项目旨在开发新的理论和实践方法，以检测涉嫌共谋的应用程序并执行正式的安全检查。由此产生的方法将由行业合作伙伴McAfee Labs在其全球威胁情报系统中进行部署和测试。如果成功，该研究项目将有助于主动保护智能手机免受共谋应用程序的威胁。McAfee产品是英国最受消费者欢迎的产品之一，可提供日常防护，以防范PC和移动的威胁。该项目的成功将意味着网络安全社区有难得的机会领先于新兴威胁，而不是对已经普遍存在的威胁做出反应。