10.1184/R1/7416413.v1 Timothy Vidas Timothy Vidas Safe Software Dissemination in Distributed Application Marketplaces Carnegie Mellon University 2016 Safe Software Dissemination 2016-01-01 00:00:00 Thesis https://kilthub.cmu.edu/articles/thesis/Safe_Software_Dissemination_in_Distributed_Application_Marketplaces/7416413 Today’s smartphone represents not only a complex device akin to an always-connected Personal Computer (PC), but<br>also a relatively new mechanism for software dissemination. Unlike the purchase of physical media in brick-andmortar<br>stores popular since the advent of the PC, modern smartphones favor online software marketplaces that deliver<br>software digitally. The facility for consumers to augment the base functionality of a smartphone has not only acted as a<br>catalyst for the rapid adoption of the smartphone but continues to encourage regular use of the device and marketplace.<br>Concomitant with this consumer adoption, is the new-found attention that mobile platforms receive from miscreants<br>looking to take advantage of the prevalence of smartphones in society.<br>This dissertation explores the question of how one can provide safety to users of software marketplaces. To this<br>end, we first investigate the notion of mobile-oriented malicious software, both via measurements and experiments<br>anticipating future evolution of the threats. From our measurements, we glean two clear observations. First, the<br>majority of malicious software we measured starts as legitimate software that was subsequently modified to include<br>malicious components. Second, the majority of this software is delivered through a quite distributed set of online<br>software marketplaces.<br>With an explicit assessment of this malicious software problem, we then turn to discrete mechanisms to provide<br>safety in software marketplaces. We focus on entities with clear equities in the software market systems, namely,<br>software developers, market proprietors and end users.<br>Smartphone users are regularly required to make security-related decisions informed only with confusing, abstract<br>lists of resources requested by an application. Worse, these lists are often gratuitously over-populated, exacerbating<br>user confusion and ultimately indifference. We endeavor to aid developers in creating safer software by investigating<br>and addressing a specific class of insecure software, those violating the principle of least privilege.<br>Developers present risk to the end user by unknowingly introducing flaws. Conversely, miscreants knowingly<br>attempt to take advantage of end users. Both developers and miscreants compete to reach users. In this way, application<br>marketplaces are positioned between end users and those creating software. Marketplace proprietors may elect to<br>police their offerings in a bid to make their market safer for end users. Likewise, miscreants seek to evade detection<br>in order to further their nefarious goals. To aid market proprietors, we assessed and expanded upon current techniques<br>of detection evasions. We then designed an evasion-resistant system for mobile malware analysis. Market proprietors<br>may choose to employ a system such as the one we designed. However, policies and procedures relating to malware<br>will always vary among marketplaces, and some will certainly remain seedy.<br>The main contribution presented in this work is AppIntegrity, a protocol designed to bind application developer to<br>associated domains. AppIntegrity helps ensure that the software an end user is employing is that which the application<br>developer intended, providing not only immediate security value, but also a strong foundation from which other security-related constructs may be built. AppIntegrity links software creators to end users, transcending security<br>risks presented by individual marketplaces. While based on technical underpinnings, AppIntegrity—in most expected<br>implementations—will also include considerable user interaction. For this reason, we not only investigate the technical<br>efficacy of AppIntegrity, but we also investigate user understanding and find promising results. <br>