Safe Software Dissemination in Distributed Application Marketplaces

2016-01-01T00:00:00Z (GMT) by Timothy Vidas
Today’s smartphone represents not only a complex device akin to an always-connected Personal Computer (PC), but
also a relatively new mechanism for software dissemination. Unlike the purchase of physical media in brick-andmortar
stores popular since the advent of the PC, modern smartphones favor online software marketplaces that deliver
software digitally. The facility for consumers to augment the base functionality of a smartphone has not only acted as a
catalyst for the rapid adoption of the smartphone but continues to encourage regular use of the device and marketplace.
Concomitant with this consumer adoption, is the new-found attention that mobile platforms receive from miscreants
looking to take advantage of the prevalence of smartphones in society.
This dissertation explores the question of how one can provide safety to users of software marketplaces. To this
end, we first investigate the notion of mobile-oriented malicious software, both via measurements and experiments
anticipating future evolution of the threats. From our measurements, we glean two clear observations. First, the
majority of malicious software we measured starts as legitimate software that was subsequently modified to include
malicious components. Second, the majority of this software is delivered through a quite distributed set of online
software marketplaces.
With an explicit assessment of this malicious software problem, we then turn to discrete mechanisms to provide
safety in software marketplaces. We focus on entities with clear equities in the software market systems, namely,
software developers, market proprietors and end users.
Smartphone users are regularly required to make security-related decisions informed only with confusing, abstract
lists of resources requested by an application. Worse, these lists are often gratuitously over-populated, exacerbating
user confusion and ultimately indifference. We endeavor to aid developers in creating safer software by investigating
and addressing a specific class of insecure software, those violating the principle of least privilege.
Developers present risk to the end user by unknowingly introducing flaws. Conversely, miscreants knowingly
attempt to take advantage of end users. Both developers and miscreants compete to reach users. In this way, application
marketplaces are positioned between end users and those creating software. Marketplace proprietors may elect to
police their offerings in a bid to make their market safer for end users. Likewise, miscreants seek to evade detection
in order to further their nefarious goals. To aid market proprietors, we assessed and expanded upon current techniques
of detection evasions. We then designed an evasion-resistant system for mobile malware analysis. Market proprietors
may choose to employ a system such as the one we designed. However, policies and procedures relating to malware
will always vary among marketplaces, and some will certainly remain seedy.
The main contribution presented in this work is AppIntegrity, a protocol designed to bind application developer to
associated domains. AppIntegrity helps ensure that the software an end user is employing is that which the application
developer intended, providing not only immediate security value, but also a strong foundation from which other security-related constructs may be built. AppIntegrity links software creators to end users, transcending security
risks presented by individual marketplaces. While based on technical underpinnings, AppIntegrity—in most expected
implementations—will also include considerable user interaction. For this reason, we not only investigate the technical
efficacy of AppIntegrity, but we also investigate user understanding and find promising results.