The Community for Technology Leaders
2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (2013)
Melbourne, VIC Australia
July 16, 2013 to July 18, 2013
pp: 1541-1546
Gianluca Dini , Dipt. di Ing. dell'Inf., Univ. di Pisa, Pisa, Italy
Fabio Martinelli , Ist. di Inf. e Telematica, Consiglio Naz. delle Ric., Pisa, Italy
Ilaria Matteucci , Ist. di Inf. e Telematica, Consiglio Naz. delle Ric., Pisa, Italy
Marinella Petrocchi , Ist. di Inf. e Telematica, Consiglio Naz. delle Ric., Pisa, Italy
Andrea Saracino , Dipt. di Ing. dell'Inf., Univ. di Pisa, Pisa, Italy
Daniele Sgandurra , Ist. di Inf. e Telematica, Consiglio Naz. delle Ric., Pisa, Italy
ABSTRACT
New generation mobile devices, and their app stores, lack of a methodology to associate a level of trust to applications to faithfully represent their potential security risks. This problem is even more critical with newly published applications, for which either user reviews are missing or the number of downloads is still low. In this scenario, users may not fully estimate the risk associated with downloading apps found on on-line stores. Hence, here we propose a methodology for evaluating the trust level of an application through an adaptive, flexible, and dynamic framework. The evaluation of an application trust is performed using both static and dynamic parameters, which consider the application meta-data, its run-time behavior and the reports of users with respect to the software critical operations. We have validated the proposed approach by testing it on more than 180 real applications found both on official and unofficial markets by showing that it correctly categorizes applications as trusted or untrusted in 94% of the cases and it is resilient to poisoning attacks.
INDEX TERMS
Androids, Humanoid robots, Security, Analytic hierarchy process, Servers, Computer bugs, Batteries
CITATION

G. Dini, F. Martinelli, I. Matteucci, M. Petrocchi, A. Saracino and D. Sgandurra, "Evaluating the Trust of Android Applications through an Adaptive and Distributed Multi-criteria Approach," 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications(TRUSTCOM), Melbourne, VIC Australia, 2014, pp. 1541-1546.
doi:10.1109/TrustCom.2013.189
392 ms
(Ver 3.3 (11022016))