Professional Documents
Culture Documents
ANDROID SANDBOX
Smartphones are steadily gaining popularity, creating new application areas as their
capabilitiesincreaseintermsofcomputationalpower,sensorsandcommunication. Emergingnewfeaturesofmobiledevicesgiveopportunitytonewthreats.Androidisoneof theneweroperatingsystemstargetingsmartphones.WhilebeingbasedonaLinuxkernel, Androidhasuniquepropertiesandspecificlimitationsduetoitsmobilenature.Thismakes ithardertodetectandreactuponmalwareattacksifusingconventionaltechniques. Inthispaper,weproposeanAndroidApplicationSandbox(AASandbox)whichisableto perform both static and dynamic analysis on Android programs to automatically detect suspiciousapplications.Staticanalysisscansthesoftwareformaliciouspatternswithout installingit.Dynamicanalysisexecutestheapplicationinafullyisolatedenvironment,i.e. sandbox, which intervenes and logs lowlevel interactions with the system for further analysis. Both the sandbox and the detection algorithms can be deployed inthe cloud, providingafastanddistributeddetectionofsuspicioussoftwareinamobilesoftwarestore akintoGooglesAndroidMarket.Additionally,AASandboxmightbeusedtoimprovethe efficiencyofclassicalantivirusapplicationsavailablefortheAndroidoperatingsystem.is. Boththesandboxandthedetectionalgorithmscanbedeployedinthecloud,providinga fast and distributed detectionofsuspicioussoftware in amobile software store akinto GooglesAndroidMarket.Additionally,AASandboxmightbeusedtoimprovetheefficiency ofclassicalantivirusapplicationsavailablefortheAndroidoperatingsystem.
FUNCTIONALREQUIREMENTS Incoming/outgoingnetworkdata
Thedatatransferconductedbytheandroidsmartphoneisretrivedfromthephonelog. Filereadandwriteoperations Thefilereadwriteperformedbythedeviceisobserved StartedservicesandloadedclassesthroughDexClassLoader Theprocessrunningminimizedinthebackgroundaremonitered Informationleaksviathenetwork,fileandSMS Anyinformationleaksauthorizedorunauthorizedwillbetakencareofandlistedinthe log.In the dynamic analysis, system calls can be traced and corresponding reports are logged.Thesecanbeusedforfurtherinvestigations,eitherperformed manuallyorautomatically. Circumventedpermissions Thepermissionsissuedtoeachruningprocesseswillbemonitered SentSMSandphonecalls ThecallandSMSlogofthephoneisretrived
SYSTEMDESIGN
Android kernel
APK repository
logfile
My SQL databse
Log files
parser
The android application sandbox considers each individual process as a user in the system.rather each process is considered as different sessions under the user.Each user is provided a user ID ; likewise there is a group ID for each user groups. We maintain an apk repository where we populate some normal applications to be monitered. When the user select one application it is loaded in the emulator in a different cloud instance .The APK repository Tomcat application server and mysql databse is maintained in one instance of cloud and the emulator loading the virtual instance of the apk is loaded in the second instance.Both these instances are maintained in an ubuntu enterprise cloud. The selected APK is monitered rather a log of all the actions or processes taking place while the App runs. The log files are parsed and the resulting AVD log is obtained as the output which gives us an idea about any malicious activities taking place inside the android device.
APK repository
MySql databse
Web log
Hardware specifications
Android version- 2.3 Processor- i3 RAM-4GB wifi connectivity
Software specifications
Ubuntu Enterprise Cloud Eclipse & ADT AVD tools Apache Tomcat (Jsp) JAVA MySql