Безопасность информационных технологий

Мобильные устройства, такие как смартфоны и планшеты, сейчас очень широко распространены. Эти устройства предоставляют пользователям множество полезных и интересных приложений. К сожалению, их содержимое и возможное поведение не всегда тщательно изучаются перед размещением на рынке мобильных приложений, что делает возможным присутствие там вредоносных приложений. Исследователями, занимающимися мобильной безопасностью, было предложено множество эффективных решений в области обнаружения вредоносных приложений на мобильных устройствах и предотвращения ущерба от них. В данной статье представлены многосторонний обзор и сравнение наиболее современных подходов к противодействию вредоносным мобильным приложениям.

мобильные устройства; вредоносные приложения; безопасность

1. Gostev A. et al. Mobile Malware Evolution: An Overview, Parts 1-6 [HTML]. URL: http://securelist.com/analysis/malware-evolution-monthly/36109/mobile-malware-evolution-an-overview-part-1/ (дата обращения 20.04.2015).
2. Kindsight Security Labs Malware Report - Q4 2013 [PDF]. URL: http://www.tmcnet.com/tmc/white- papers/documents/whitepapers/2014/9861-kindsight-security-labs-malware-report-q4-2013.pdf (дата обращения 20.04.2015).
3. Zhou Y., Wang Z., Zhou W., Jiang X., Hey You. Get Off of My Market: DetectingMalicious Apps in Official and Alternative Android Markets // 19th Annual Network & Distributed System Security Symposium. The Internet Society, 2012 [PDF].URL: http://www.internetsociety.org/hey-you-get-my-market-detecting-malicious-apps-official-and-alternativeandroid-markets (дата обращения 20.04.2015).
4. Ramu S. Mobile Malware Evolution, Detection and Defense [PDF]. URL: http://blogs.ubc.ca/computersecurity/files/2012/04/Sramu_EECE572_SurveyPaper-SrikanthRamu.pdf (дата обращения 20.04.2015).
5. Bugiel S., Heuser S., Sadeghi A. Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies //Proceedings of the 22Nd USENIX Conference on Security. Berkeley, CA, USA: USENIX Association, 2013. P. 131-146.
6. Bugiel S., Davi L., Dmitrienko A., Fischer T., Sadeghi A. XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks [PDF]. URL: https://www.trust.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/xmandroid.pdf (дата обращения 20.04.2015).
7. Egele M., Kruegel C., Kirda E., Vigna G. PiOS: Detecting Privacy Leaks in iOS Applications // 18th Annual Network & Distributed System Security Symposium. The Internet Society, 2011 [PDF]. URL: http://www.internetsociety.org/doc/pios- detecting-privacy-leaks-ios-applications-paper (дата обращения 20.04.2015).
8. Yang L., Ganapathy V., Iftode L. Enhancing Mobile Malware Detection with Social Collaboration //SocialCom/PASSAT. IEEE, 2011. P. 572-576.
9. Grace M., Zhou Y., Zhang Q., Zou S., Jiang X. RiskRanker: Scalable and Accurate Zero-day Android Malware Detection // Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. NY, USA: ACM, 2012. P. 281-294.
10. Rosen S., Qian Z., Morely Z. Mao AppProfiler: A Flexible Method of Exposing Privacy-related Behavior in Android Applications to End Users //Proceedings of the Third ACM Conference on Data and Application Security and Privacy. NY, USA: ACM, 2013. P. 221-232.
11. Yang Z., Yang M., Zhang Y., Gu G., P. Ning, X. Sean Wang AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection // Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security. NY, USA: ACM, 2013. P. 1043-1054.
12. Enck W., Gilbert P., Chun B., Cox L., Jung J., McDaniel P., Sheth A. TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones // Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation. Berkeley, CA, USA: USENIX Association, 2010. P. 1-6.
13. Zheng C., Zhu S., Dai S., Gu G., Gong X., Han X., Zou W. SmartDroid: An Automatic System for Revealing UI-based Trigger Conditions in Android Applications // Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. NY, USA: ACM, 2012. P. 93-104.
14. Zhang Y., Yang M., Xu B., Yang Z., Gu G., Ning P., Sean Wang X., Zang B. Vetting Undesirable Behaviors in Android Apps with Permission Use Analysis // Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. NY, USA: ACM, 2013. P. 611-622.
15. DroidBox: Android Application Sandbox [HTML] URL: http://code.google.com/p/droidbox/ (дата обращения 20.04.2015).
16. Hornyack P., Han S., Jung J., Schechter S., Wetherall D. These Aren’T the Droids You’Re Looking for: Retrofitting Android to Protect Data from Imperious Applications // Proceedings of the 18th ACM Conference on Computer and Communications Security. NY, USA: ACM, 2011. P. 639-652.
17. Rastogi V., Chen Y., Enck W. AppsPlayground: Automatic Security Analysis of Smartphone Applications // Proceedings of the Third ACM Conference on Data and Application Security and Privacy. NY, USA: ACM, 2013. P. 209-220.
18. UI/Application Exerciser Monkey [HTML].URL: http://developer.android.com/tools/help/monkey.html (дата обращения 20.04.2015).
19. Enck W., Ongtang M., McDaniel P. On Lightweight Mobile Phone Application Certification // Proceedings of the 16th ACM Conference on Computer and Communications Security. NY, USA: ACM, 2009. P. 235-245.
20. Pandita R., Xiao X., Yang W., Enck W., Xie T. WHYPER: Towards Automating Risk Assessment of Mobile Applications // Proceedings of the 22nd USENIX Security Symposium. Berkeley, CA, USA: USENIX Association, 2013. P. 527542.
21. Aafer Y., Du W., Yin H. DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android // Security and Privacy in Communication Networks, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, volume 127. Springer International Publishing, 2013. P. 86-103.
22. Chakradeo S., Reaves B., Traynor P., Enck W. MAST: Triage for Market-scale Mobile Malware Analysis // Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks. NY, USA: ACM, 2013. P. 13-24.
23. Shabtai A., Tenenboim-Chekina L., Mimran D., Rokach L., Shapira B., Elovici Y. Mobile malware detection through analysis of deviations in application network behavior // Computers & Security. 2014. volume 43. P. 1-18.
24. Suarez-Tangil G., Tapiador J., Peris-Lopez P., Blasco J. Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families // Expert Systems with Applications. 2014. volume 41. P. 1104 - 1117.
25. Androguard reverse engineering tool [HTML]. URL: http://code.google.com/p/androguard/ (дата обращения 20.04.2015).
26. Kim H., Smith J. and Shin K. Detecting Energy-greedy Anomalies and Mobile Malware Variants // Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services. NY, USA: ACM, 2008. P. 239-252.
27. Liu L., Yan G., Zhang X., Chen S. VirusMeter: Preventing Your Cellphone from Spies // Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection. Berlin, Heidelberg: Springer-Verlag, 2009. P. 244-264.
28. Hoffmann J., Neumann S., Holz T. Mobile Malware Detection Based on Energy Fingerprints - A Dead End? // Research in Attacks, Intrusions, and Defenses, Lecture Notes in Computer Science, volume 8145. Springer Berlin Heidelberg, 2013. P. 348-368.
29. Portokalidis G., Homburg P., Anagnostakis K., Bos H. Paranoid Android: Versatile Protection for Smartphones // Proceedings of the 26th Annual Computer Security Applications Conference. NY, USA: ACM, 2010. P. 347-356.
30. Burguera I., Zurutuza U., Nadjm-Tehrani S. Crowdroid: Behavior-based Malware Detection System for Android // Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. NY, USA: ACM, 2011. P. 15-26.
31. Zhou Y., Zhang X., Jiang X., Freeh V. Taming Information-stealing Smartphone Applications (on Android) // Proceedings of the 4th International Conference on Trust and Trustworthy Computing. Berlin, Heidelberg: Springer-Verlag, 2011. P. 93-107.
32. Agarwal Y., Hall M. ProtectMyPrivacy: Detecting and Mitigating Privacy Leaks on iOS Devices Using Crowdsourcing // Proceedings of the 11th Annual International Conference on Mobile Systems, Applications, and Services. NY, USA: ACM, 2013. P. 97-110.
33. Xu R., Saidi H., Anderson R. Aurasium: Practical Policy Enforcement for Android Applications // Proceedings of the 21st USENIX Conference on Security Symposium. Berkeley, CA, USA: USENIX Association, 2012. P. 27-27.
34. Android apktool: A tool for reengineering Android apk files [HTML]. URL: code.google.com/p/android-apktool/ (дата обращения 20.04.2015).
35. Livshits B., Jung J. Automatic Mediation of Privacy-Sensitive Resource Access in Smartphone Applications. // Proceedings of the 22nd USENIX Security Symposium. Berkeley, CA, USA: USENIX Association, 2013. P. 113-130.
36. Smalley S., Craig R. Security Enhanced (SE) Android: Bringing Flexible MAC to Android // 20th Annual Network & Distributed System Security Symposium. The Internet Society, 2013 [PDF]. URL: http://internetsociety.org/doc/security- enhanced-se-android-bringing-flexible-mac-android (дата обращения 20.04.2015).
37. Bugiel S., Davi L., Dmitrienko A., Fischer T., Sadeghi A., Shastry B. Towards Taming Privilege-Escalation Attacks on Android // 19th Annual Network & Distributed System Security Symposium. The Internet Society, 2012 [PDF]. URL: http://www.internetsociety.org/towards-taming-privilege-escalation-attacks-android (дата обращения 20.04.2015).