0% found this document useful (0 votes)
178 views5 pages

Sandbox

The document proposes an Android Application Sandbox (AASandbox) which performs both static and dynamic analysis of Android applications to automatically detect suspicious applications. The AASandbox executes applications in a fully isolated sandbox environment to log interactions and analyze for malicious behavior. The sandbox and detection algorithms can be deployed in the cloud to provide fast, distributed detection of suspicious software in Android app stores.

Uploaded by

deepukr85
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
178 views5 pages

Sandbox

The document proposes an Android Application Sandbox (AASandbox) which performs both static and dynamic analysis of Android applications to automatically detect suspicious applications. The AASandbox executes applications in a fully isolated sandbox environment to log interactions and analyze for malicious behavior. The sandbox and detection algorithms can be deployed in the cloud to provide fast, distributed detection of suspicious software in Android app stores.

Uploaded by

deepukr85
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
You are on page 1/ 5

1.

ANDROID SANDBOX

Smartphones are steadily gaining popularity, creating new application areas as their
capabilitiesincreaseintermsofcomputationalpower,sensorsandcommunication. Emergingnewfeaturesofmobiledevicesgiveopportunitytonewthreats.Androidisoneof theneweroperatingsystemstargetingsmartphones.WhilebeingbasedonaLinuxkernel, Androidhasuniquepropertiesandspecificlimitationsduetoitsmobilenature.Thismakes ithardertodetectandreactuponmalwareattacksifusingconventionaltechniques. Inthispaper,weproposeanAndroidApplicationSandbox(AASandbox)whichisableto perform both static and dynamic analysis on Android programs to automatically detect suspiciousapplications.Staticanalysisscansthesoftwareformaliciouspatternswithout installingit.Dynamicanalysisexecutestheapplicationinafullyisolatedenvironment,i.e. sandbox, which intervenes and logs lowlevel interactions with the system for further analysis. Both the sandbox and the detection algorithms can be deployed inthe cloud, providingafastanddistributeddetectionofsuspicioussoftwareinamobilesoftwarestore akintoGooglesAndroidMarket.Additionally,AASandboxmightbeusedtoimprovethe efficiencyofclassicalantivirusapplicationsavailablefortheAndroidoperatingsystem.is. Boththesandboxandthedetectionalgorithmscanbedeployedinthecloud,providinga fast and distributed detectionofsuspicioussoftware in amobile software store akinto GooglesAndroidMarket.Additionally,AASandboxmightbeusedtoimprovetheefficiency ofclassicalantivirusapplicationsavailablefortheAndroidoperatingsystem.

FUNCTIONALREQUIREMENTS Incoming/outgoingnetworkdata
Thedatatransferconductedbytheandroidsmartphoneisretrivedfromthephonelog. Filereadandwriteoperations Thefilereadwriteperformedbythedeviceisobserved StartedservicesandloadedclassesthroughDexClassLoader Theprocessrunningminimizedinthebackgroundaremonitered Informationleaksviathenetwork,fileandSMS Anyinformationleaksauthorizedorunauthorizedwillbetakencareofandlistedinthe log.In the dynamic analysis, system calls can be traced and corresponding reports are logged.Thesecanbeusedforfurtherinvestigations,eitherperformed manuallyorautomatically. Circumventedpermissions Thepermissionsissuedtoeachruningprocesseswillbemonitered SentSMSandphonecalls ThecallandSMSlogofthephoneisretrived

SYSTEMDESIGN

Android kernel

APK repository

Tomcat Application server

logfile

A emulator with APK VD loader

My SQL databse

Log files

parser

APK repository front end

Android application statitics

Ubuntu Enterprise Infrastructure cloud

OUTPUT Web Log

The android application sandbox considers each individual process as a user in the system.rather each process is considered as different sessions under the user.Each user is provided a user ID ; likewise there is a group ID for each user groups. We maintain an apk repository where we populate some normal applications to be monitered. When the user select one application it is loaded in the emulator in a different cloud instance .The APK repository Tomcat application server and mysql databse is maintained in one instance of cloud and the emulator loading the virtual instance of the apk is loaded in the second instance.Both these instances are maintained in an ubuntu enterprise cloud. The selected APK is monitered rather a log of all the actions or processes taking place while the App runs. The log files are parsed and the resulting AVD log is obtained as the output which gives us an idea about any malicious activities taking place inside the android device.

Usage Type cryptousage Cryptousage File access File read/write

Operation Decryption Keyalgorithm Nil Write

Key/data 35-7242 0,42,2,54 Path data

A sample log file.

USE CASE DIAGRAM

Ubuntu Enterprise cloud

APK repository

MySql databse

Web log

Hardware specifications
Android version- 2.3 Processor- i3 RAM-4GB wifi connectivity

Software specifications
Ubuntu Enterprise Cloud Eclipse & ADT AVD tools Apache Tomcat (Jsp) JAVA MySql

You might also like