The adoption of smartphones has steadily increased in the past few years, and smartphones have become the tool with which millions of users handle confidential information, such as financial and health-related data. As a result, these devices have become attractive targets for cybercriminals, who attempt to violate the trust assumptions underlying the smartphone platform in order to compromise the security and privacy of users.
This research effort provides a novel framework to model the trust relationships between users, the smartphone platform, and the surrounding ecosystem, including smartphone apps and app markets. This model allows for the systematic exploration of trust-violation weaknesses (i.e., situations in which trust is misplaced and trust assumptions can be violated). In a complementary fashion, the model also supports the design of security mechanisms that address the identified weaknesses (i.e., techniques to prevent, or detect and mitigate trust violations).
The results of this research have the potential of impacting the lives of millions of smartphone users, providing protection against attacks that might harm their well-being. Though this project focuses on the Android platform, its results are general and applicable to other smartphone platforms. The analysis techniques that have been developed as part of this research are made available to the public through a web portal that allows users to submit smartphone applications and obtain reports on possible trust weaknesses based on the static and dynamic analysis of the application and its interaction with other applications, the network, and other components in the Android platform.
TWC: TTP Option: Medium: Collaborative: Identifying and Mitigating Trust Violations in the Smartphone Ecosystem