| Danfeng Yao (PI) | Barbara G. Ryder (co-PI) | Funder: VeriSign, through the Security and Software Engineering Research Center |
This project is a user-centric approach to Android application security. We will use static program analysis techniques to provide information helpful to identify unuathorized access to system resources and/or leaks of senstive data in Android applications. Specifically, we will correlate critical system events with human-initiated input events and actvities. Our goal is to identify and capture differences between legitimate programs and malware. Essentially, we are building a tool to decide whether an Android application is trustworthy.
The uniqueness of our method is that we take the approach of anomaly detection (i.e., identifying deviations from normal patterns), as opposed to the conventional methods of identifying malware characteristics. We aim at strategically enforcing the normal properties of legitimate data-flow patterns and identifying programs that violate these properties. Such an approach yields long-lasting and powerful malware-classification solutions, because it is not limited by the constantly evolving behaviors of malware, which introduce new malware patterns (or signatures) that must be identified.