New generation mobile devices, and their app stores, lack a methodology to associate a level of trust to appli- cations to faithfully represent their potential security risks. This problem is even more critical with newly published applications, for which either user reviews are missing or the number of downloads is still low. In this scenario, users may not fully estimate the risk associated with downloading apps found on on- line stores. In this paper, we propose a methodology for evaluating the trust level of an application through an adaptive, flexible, and dynamic framework. The evaluation of an application trust is performed using both static and dynamic parameters, which consider the application meta-data, its run-time behavior and the reports of users with respect to the software critical operations. We have validated the proposed approach by testing it on more than 180 real applications found both on official and unof- ficial markets by showing that it correctly categorizes applications as trusted or untrusted in 94% of the cases and it is resilient to poisoning attacks

Evaluating the Trust of Android Applications through an Adaptive and Distributed Multi-Criteria Approach

DINI, GIANLUCA;SARACINO, ANDREA;SGANDURRA, DANIELE
2013

Abstract

New generation mobile devices, and their app stores, lack a methodology to associate a level of trust to appli- cations to faithfully represent their potential security risks. This problem is even more critical with newly published applications, for which either user reviews are missing or the number of downloads is still low. In this scenario, users may not fully estimate the risk associated with downloading apps found on on- line stores. In this paper, we propose a methodology for evaluating the trust level of an application through an adaptive, flexible, and dynamic framework. The evaluation of an application trust is performed using both static and dynamic parameters, which consider the application meta-data, its run-time behavior and the reports of users with respect to the software critical operations. We have validated the proposed approach by testing it on more than 180 real applications found both on official and unof- ficial markets by showing that it correctly categorizes applications as trusted or untrusted in 94% of the cases and it is resilient to poisoning attacks
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/246574
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 10
  • ???jsp.display-item.citation.isi??? 7
social impact