Rubicon: Un nuevo enfoque para la seguridad en las aplicaciones de smartphones.

摘要

The number of smartphones has grown exponentially in recent years. These devices, which have a big mobility and dedicated hardware (i.e., GPS or gyroscope), are guided by complex operating systems. In addition, the proliferation of application stores has generated a new easy way to install tools and games directly on device.;Unfortunately, the security management of these devices is far from optimal. The proliferation of malicious applications (malware) in these platforms, added to the fact that the access of these applications to sensible data is made behind the backs of users, has created a new scene. In this new scenario, these devices store a huge amount of private and sensitive data (e.g., short messages or e-mails), and their security is not as mature as in other environments, for example in personal computers.;The scientific community has accepted the challenge and is looking for solutions. To this end, they have tried to migrate models from desktop environment to these devices with mixed fortunes. Some researchers have developed representations of applications and, after that, they apply machine learning techniques with different results.;Against this background, the main goal of this research is to mitigate the threats to which these devices are exposed to, through the surveillance of installed applications, without any user interaction. Therefore, we formulate the following hypothesis: "It is possible, using supervised algorithms of artificial intelligence and data mining, to deploy an intelligent, automatic and effective security layer for smartphones to release the user from the responsibility for managing the safety.".;In order to validate this hypothesis, first we made an exhaustive evaluation of the existing solutions. Then, we developed a new threat modelling in these devices. To validate this model, we have developed a new bank of attacks, which defines the assets, threats, attacks and vulnerabilities that occurs in these devices.;After evaluating the results, we concluded that malicious software is the biggest threat facing these devices. Then, we designed and developed a solution which enhanced this situation. We use Android platform to validate this solution and evaluate this using metrics that are applied in machine learning area and contrast them based on previously selected criteria. Through this investigation we want to advance in the state of the art of malware detection in smartphones, progressing in creation a safe environment for the use of such systems.