The security assessment of mobile applications is of paramount importance for both the service providers and their customers. As a matter of fact, nowadays smartphones are the primary access mean for the internet of services. Needless to say, malicious or awed applications can disruptively compromise the sensitive data they handle. As a major stakeholder, Poste Italiane has invested a considerable amount of resources for new analysis tools. One of them is the MAVeriC platform. The goal of MAVeriC is to implement a unified service which takes advantage of the state-of-the-art technologies for creating detailed risk profiles of mobile applications. In this paper we present the Dynamic Analysis Module (DAM) of the MAVeriC platform. Briefly, its objective is to interact with a running Android application for inferring as much information as possible about its behavior. The interaction is carried out by simulating the activity of the user. In the meanwhile, monitoring modules observe the operations executed by the application, i.e., network usage and file access. Finally, a modeling module factorizes the gathered information for providing the analysis with an abstract representation of the application behavior.

Mobile app security assessment with the maveric dynamic analysis module / Armando, A.; Bocci, G.; Costa, G.; Mammoliti, R.; Merlo, A.; Ranise, S.; Traverso, R.; Valenza, A.. - (2015), pp. 41-49. (Intervento presentato al convegno 7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015 tenutosi a usa nel 2015) [10.1145/2808783.2808786].

Mobile app security assessment with the maveric dynamic analysis module

Merlo A.;Ranise S.;
2015-01-01

Abstract

The security assessment of mobile applications is of paramount importance for both the service providers and their customers. As a matter of fact, nowadays smartphones are the primary access mean for the internet of services. Needless to say, malicious or awed applications can disruptively compromise the sensitive data they handle. As a major stakeholder, Poste Italiane has invested a considerable amount of resources for new analysis tools. One of them is the MAVeriC platform. The goal of MAVeriC is to implement a unified service which takes advantage of the state-of-the-art technologies for creating detailed risk profiles of mobile applications. In this paper we present the Dynamic Analysis Module (DAM) of the MAVeriC platform. Briefly, its objective is to interact with a running Android application for inferring as much information as possible about its behavior. The interaction is carried out by simulating the activity of the user. In the meanwhile, monitoring modules observe the operations executed by the application, i.e., network usage and file access. Finally, a modeling module factorizes the gathered information for providing the analysis with an abstract representation of the application behavior.
2015
MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015
United States
Association for Computing Machinery, Inc
9781450338240
Armando, A.; Bocci, G.; Costa, G.; Mammoliti, R.; Merlo, A.; Ranise, S.; Traverso, R.; Valenza, A.
Mobile app security assessment with the maveric dynamic analysis module / Armando, A.; Bocci, G.; Costa, G.; Mammoliti, R.; Merlo, A.; Ranise, S.; Traverso, R.; Valenza, A.. - (2015), pp. 41-49. (Intervento presentato al convegno 7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015 tenutosi a usa nel 2015) [10.1145/2808783.2808786].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333168
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
  • OpenAlex ND
social impact