Emerging Researchers National (ERN) Conference

nsf-logo[1]

  • About
    • About AAAS
    • About the NSF
    • About the Conference
    • Partners/Supporters
    • Project Team
  • Conference
  • Abstracts
    • Abstract Submission Process
    • Presentation Schedules
    • Abstract Submission Guidelines
    • Presentation Guidelines
    • Undergraduate Abstract Locator (2020)
    • Graduate Abstract Locator (2020)
    • Faculty Abstract Locator (2020)
  • Travel Awards
  • Resources
    • App
    • Award Winners
    • Code of Conduct-AAAS Meetings
    • Code of Conduct-ERN Conference
    • Conference Agenda
    • Conference Materials
    • Conference Program Books
    • ERN Photo Galleries
    • Events | Opportunities
    • Exhibitor Info
    • HBCU-UP/CREST PI/PD Meeting
    • In the News
    • NSF Harassment Policy
    • Plenary Session Videos
    • Professional Development
    • Science Careers Handbook
    • Additional Resources
    • Archives
  • Engage
    • Webinars
    • Video Contest
    • Video Contest Winners
    • ERN 10-Year Anniversary Videos
    • Plenary Session Videos
  • Contact Us

Detecting Over-Privileged Applications by Analyzing System Logs and System Information

Undergraduate #209
Discipline: Computer Sciences and Information Management
Subcategory: Computer Science & Information Systems

Lance A. Allison - Winston-Salem State University, NC


As mobile devices become increasingly powerful, so does the software they run. In recent years Android’s Google Play Store and Apple’s App Store have both surpassed 2 million downloadable applications. With so many applications available, it is no wonder that these stores can only perform a brief vetting process, using primarily a static analysis of code. This limited vetting process can lead to malicious applications that may be abusing their privileges or collecting personal information without the user’s knowledge. To counter these attacks Apple and Android both implement similar permission systems to limit an application’s access to files or personal data unless given consent by the user. Although, these are often overlooked by the average user and approved once and forgotten. Thus, the goal of this research is to create applications that can be installed on both mobile platforms that monitor applications in real time to detect over-privileged and over-active applications. This will give users the ability to see what applications are actively doing and can confirm their actions comply with their wishes. With the initial focus on the Android platform specifically, this research outlines methods used to record and access system logs, events, notifications and other information in real-time, along with steps to analyze and review this information for mobile devices on the go. A key method used and tested in this research is by calling and analyzing Android’s DumpSys service. DumpSys is essentially an image of all system information on a current device, including a wide range of information such as; CPU usage, memory allocation, system broadcasts, current permissions, and many other statistics. After recording a system dump this monitoring application will analyze and detect over-privileged applications This is done by comparing active system broadcasts and logs to the permissions that have been approved. Another method being tested which may be included in the final application involves a process of pulling individual logs for each application and then sharing these logs with the monitoring application. After the Android monitoring application is finished, there will be tests performed to analyze the power usage of said application running such a system, and to define an overall impact on battery performance. Future work will include an Apple iOS application that will perform the same actions of actively monitoring and analyzing application privileges, although this will require different methods.

References: F. Adrienne, Porter, C. Erika, H. Steve, S. Dawn, and W. David. Android permissions demystified. In Proceedings of ACM Conference on Computer and Communications Security (CCS), 2011.
Slavin, R., Wan, X., Hosseini, M., & Heste, J. (2016, May 14). Toward a framework for detecting privacy policy violations in android application code. ACM 38th IEEE International Conference on Software Engineering, 25-26. Retrieved from 2016 IEEE.

Funder Acknowledgement(s): This study was supported by NSF grant #1332531 that was awarded to Dr. Fuad.

Faculty Advisor: M. Muztaba Fuad, fuadmo@wssu.edu

Role: All of the research, with discussion meetings with my mentor, Dr. M Fuad.

ERN Conference

The 2022 ERN Conference has been postponed.

Full Notice

What’s New

  • Congratulations to Zakiya Wilson-Kennedy on her 2021 AAAS Fellowship
  • Event Vaccination and Liability Policy
  • Webinars
  • Events|Opportunities
  • AAAS CEO Comments on Social Unrest, Racism, and Inequality
  • Maintaining Accessibility in Online Teaching During COVID-19
  • In the News
  • HBCU/CREST PI/PD Meeting

Conference Photos

ERN Conference Photo Galleries

Awards

ERN Conference Award Winners

Checking In

nsf-logo[1]

This material is based upon work supported by the National Science Foundation (NSF) under Grant No. DUE-1930047. Any opinions, findings, interpretations, conclusions or recommendations expressed in this material are those of its authors and do not represent the views of the AAAS Board of Directors, the Council of AAAS, AAAS’ membership or the National Science Foundation.

AAAS

1200 New York Ave, NW Washington,DC 20005
202-326-6400
Contact Us
About Us

The World's Largest General Scientific Society

Useful Links

  • Membership
  • Careers at AAAS
  • Privacy Policy
  • Terms of Use

Focus Areas

  • Science Education
  • Science Diplomacy
  • Public Engagement
  • Careers in STEM

 

  • Shaping Science Policy
  • Advocacy for Evidence
  • R&D Budget Analysis
  • Human Rights, Ethics & Law
© 2022 American Association for the Advancement of Science