The security assessment of mobile applications is of paramount importance for both the service providers and their customers. As a matter of fact, nowadays smartphones are the primary access mean for the internet of services. Needless to say, malicious or awed applications can disruptively compromise the sensitive data they handle. As a major stakeholder, Poste Italiane has invested a considerable amount of resources for new analysis tools. One of them is the MAVeriC platform. The goal of MAVeriC is to implement a unified service which takes advantage of the state-of-the-art technologies for creating detailed risk profiles of mobile applications. In this paper we present the Dynamic Analysis Module (DAM) of the MAVeriC platform. Briefly, its objective is to interact with a running Android application for inferring as much information as possible about its behavior. The interaction is carried out by simulating the activity of the user. In the meanwhile, monitoring modules observe the operations executed by the application, i.e., network usage and file access. Finally, a modeling module factorizes the gathered information for providing the analysis with an abstract representation of the application behavior.
Mobile app security assessment with the maveric dynamic analysis module
ARMANDO, ALESSANDRO;COSTA, GABRIELE;MERLO, ALESSIO;TRAVERSO, RICCARDO;VALENZA, ANDREA
2015-01-01
Abstract
The security assessment of mobile applications is of paramount importance for both the service providers and their customers. As a matter of fact, nowadays smartphones are the primary access mean for the internet of services. Needless to say, malicious or awed applications can disruptively compromise the sensitive data they handle. As a major stakeholder, Poste Italiane has invested a considerable amount of resources for new analysis tools. One of them is the MAVeriC platform. The goal of MAVeriC is to implement a unified service which takes advantage of the state-of-the-art technologies for creating detailed risk profiles of mobile applications. In this paper we present the Dynamic Analysis Module (DAM) of the MAVeriC platform. Briefly, its objective is to interact with a running Android application for inferring as much information as possible about its behavior. The interaction is carried out by simulating the activity of the user. In the meanwhile, monitoring modules observe the operations executed by the application, i.e., network usage and file access. Finally, a modeling module factorizes the gathered information for providing the analysis with an abstract representation of the application behavior.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.