Title : 
Defensor: Lightweight and Efficient Security-Enhanced Framework for Android
         
        
            Author : 
Xuerui Pan ; Yibing Zhongyang ; Zhi Xin ; Bing Mao ; Hao Huang
         
        
            Author_Institution : 
Dept. of Comput. Sci. & Technol., Nanjing Univ., Nanjing, China
         
        
        
        
        
        
            Abstract : 
Recently the market of Android has shown an explosive development. Unfortunately the increasing popularity turns the Android platform into the main target of malware. At the same time, the limited security protection built-in Android makes the situation much worse. In this paper, we present a new framework named Defensor which takes the practicability and effectiveness into consideration. The core part of Defensor is built in Linux kernel, which results in a small size of TCB. Defensor is a system-wide lightweight inspecting framework. It can closely monitor the malicious behaviors within and across applications, such as sending SMS to premium rate numbers, stealing privacy from the compromised device and getting root privileges through root exploits. This type of monitor is mandatory. Any application installed on the phone and any component including malicious native code can´t bypass it. Defensor can not only rebuild the high level behaviors from system calls, but also extract the context information that the behavior runs in. Context-based information likes background and foreground contributes a lot to the accuracy of malware detection. We have tested Defensor on real malware to prove its effectiveness. Finally, an experimental evaluation showing that the overhead introduced by Defensor is limited.
         
        
            Keywords : 
Android (operating system); invasive software; operating system kernels; Android platform; Defensor; Linux kernel; TCB; context-based information; high level behaviors; limited security protection; malicious behaviors; malicious native code; malware detection; security-enhanced framework; system calls; system-wide lightweight inspecting framework; Androids; Humanoid robots; Kernel; Malware; Monitoring; Smart phones; Malware; framework; monitor; system call;
         
        
        
        
            Conference_Titel : 
Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on
         
        
            Conference_Location : 
Beijing
         
        
        
            DOI : 
10.1109/TrustCom.2014.36