Information Flow Policies vs Malware

Radoniaina Andriatsimandefitra 1 Valérie Viet Triem Tong 1 Thomas Saliou 1
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
Abstract : Application markets offer more than 700'000 applications: music, movies, games or small tools. It appears more and more difficult to propose an automatic and systematic method to analyse all of these applications. Google Bouncer [1] tries to keep malicious applications out of Google Play by analysing uploaded applications to find known malware and malicious behaviours. However, Google Bouncer suffers from the same drawbacks of usual scan methods: it is inefficient to detect unknown malicious be- haviour and it may be costly. In this paper we propose another method to efficiently detect malicious actions of applications. Our proposal consists in a new scheme of submitting applications to market place and installing applications on the device. More precisely, applications are uploaded with a companion information flow policy. A companion policy exactly de- scribes where data used by the application can flow. The policies are studied for acceptance by reviewers. Accepted policies are certified by the market and are made publicly available. When a user acquires an application, he has to retrieve the certified version of its companion flow policy. The companion policy of the application is composed with the current flow policy enforced in the system. The application is then moni- tored and each time the monitor detects an information flow not allowed in the composed flow policy it raises an alert or blocks the information flow. This way, only applications respecting an official policy accepted by the market can efficiently run.
Type de document :
Rapport
[Technical Report] 2013
Liste complète des métadonnées

Littérature citée [9 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-00862468
Contributeur : Radoniaina Andriatsimandefitra <>
Soumis le : lundi 16 septembre 2013 - 17:13:25
Dernière modification le : mardi 16 janvier 2018 - 15:54:19
Document(s) archivé(s) le : vendredi 20 décembre 2013 - 13:56:42

Fichier

malware.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-00862468, version 1

Citation

Radoniaina Andriatsimandefitra, Valérie Viet Triem Tong, Thomas Saliou. Information Flow Policies vs Malware. [Technical Report] 2013. 〈hal-00862468〉

Partager

Métriques

Consultations de la notice

758

Téléchargements de fichiers

366