On the Characterization and Risk Assessment of AI-Powered Mobile Cloud Applications

Abstract Ultra-reliable low-latency communication supports powerful mission-critical applications such as artificial intelligence-enabled mobile cloud applications designed to deliver the quality of service and quality of experience to their users. However, whether existing security mechanisms are ready to address the risks emerging from these applications operating over ultra-fast 5G and 6G infrastructures is an open question. The complexity of finding answers to this question is partly due to the lack of means to measure software applications’ intelligence levels and partly due to the limitations of existing risk assessment approaches. In this paper, first, we propose an ability-based scale to characterize intelligent software applications. After that, we propose a semi-quantitative approach for threat modeling and risk analysis of intelligent software applications. Focusing on Android, we define three intelligent mobile cloud applications’ scenarios and demonstrate the feasibility of the proposed scale and approach. We perform their risk analyses for assessing the readiness of Android security mechanisms to mitigate their risks and identify open problems. We propose to rethink intelligent mobile cloud computing applications’ characterization and warn security experts to redesign their security mechanisms to serve evolving privacy, security, and trust requirements.

[1]  Rafael Valencia-García,et al.  MobiCloUP!: a PaaS for cloud services-based mobile applications , 2014, Automated Software Engineering.

[2]  Rory Coulter,et al.  Intelligent agents defending for an IoT world: A review , 2018, Comput. Secur..

[3]  Hyrum S. Anderson,et al.  The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation , 2018, ArXiv.

[4]  Senem Kumova Metin,et al.  A cloud based and Android supported scalable home automation system , 2015, Comput. Electr. Eng..

[5]  Brian David Johnson The Weaponization of AI: A Glimpse into Future Threats , 2017, Computer.

[6]  Elhadi M. Shakshuki,et al.  Comparing mobile apps by identifying 'Hot' features , 2018, Future Gener. Comput. Syst..

[7]  Arisa Ema,et al.  Future Relations between Humans and Artificial Intelligence: A Stakeholder Opinion Survey in Japan , 2016, IEEE Technology and Society Magazine.

[8]  William Seymour,et al.  How loyal is your Alexa?: Imagining a Respectful Smart Assistant , 2018, CHI Extended Abstracts.

[9]  Tao Xie,et al.  Intelligent Software Engineering: Synergy between AI and Software Engineering , 2018, ISEC.

[10]  Chonho Lee,et al.  A survey of mobile cloud computing: architecture, applications, and approaches , 2013, Wirel. Commun. Mob. Comput..

[11]  R. S. Jadon,et al.  Role of artificial intelligence in enterprise information security: A review , 2016, 2016 Fourth International Conference on Parallel, Distributed and Grid Computing (PDGC).

[12]  Wolfgang Spohn,et al.  Two Coherence Principles , 1999 .

[13]  Joan Hash,et al.  SP 800-100. Information Security Handbook: A Guide for Managers , 2006 .

[14]  Julian Jang,et al.  A survey of emerging threats in cybersecurity , 2014, J. Comput. Syst. Sci..

[15]  Alessandro Saffiotti,et al.  Towards a science of integrated AI and Robotics , 2017, Artif. Intell..

[16]  Athanasios V. Vasilakos,et al.  Security and privacy challenges in mobile cloud computing: Survey and way ahead , 2017, J. Netw. Comput. Appl..

[17]  Michael Neff,et al.  Two Techniques for Assessing Virtual Agent Personality , 2016, IEEE Transactions on Affective Computing.

[18]  Seymour Epstein,et al.  Some basic issues regarding dual-process theories from the perspective of cognitive–experiential self-theory. , 1999 .

[19]  Justin Murphy Artificial Intelligence, Rationality, and the World Wide Web , 2018, IEEE Intelligent Systems.

[20]  Siew Hock Ow,et al.  A Scenario-Based Model to Improve the Quality of Software Inspection Process , 2012, 2012 Fourth International Conference on Computational Intelligence, Modelling and Simulation.

[21]  Farrukh Aslam Khan,et al.  TriDroid: a triage and classification framework for fast detection of mobile threats in android markets , 2020, J. Ambient Intell. Humaniz. Comput..

[22]  Henry Lieberman,et al.  Introduction to the Special Issue on Common Sense for Interactive Systems , 2012, TIIS.

[23]  Francisco J. Pino,et al.  Risk management in the software life cycle: A systematic literature review , 2020, Comput. Stand. Interfaces.

[24]  Prosper Chemouil,et al.  AI for SLA Management in Programmable Networks , 2017 .

[25]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[26]  George F. Hurlburt How Much to Trust Artificial Intelligence? , 2017, IT Professional.

[27]  Zhenhua Wang,et al.  A Survey to Predict the Trend of AI-able Server Evolution in the Cloud , 2018, IEEE Access.

[28]  Giuseppe Cattaneo,et al.  SECR3T: Secure End-to-End Communication over 3G Telecommunication Networks , 2011, 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[29]  Mehmet A. Orgun,et al.  A bio-inspired secure IPv6 communication protocol for Internet of Things , 2017, 2017 Eleventh International Conference on Sensing Technology (ICST).

[30]  Giulio Sandini,et al.  A Survey of Artificial Cognitive Systems: Implications for the Autonomous Development of Mental Capabilities in Computational Agents , 2007, IEEE Transactions on Evolutionary Computation.

[31]  Nandan Parameswaran,et al.  Maintaining awareness using policies; Enabling agents to identify relevance of information , 2012, J. Comput. Syst. Sci..

[32]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[33]  Abhinav Sinha,et al.  Incentive Mechanisms for Fairness Among Strategic Agents , 2017, IEEE Journal on Selected Areas in Communications.

[34]  Ahmad Almogren,et al.  Secure Transmission Lines Monitoring and Efficient Electricity Management in Ultra-Reliable Low Latency Industrial Internet of Things , 2020, Comput. Stand. Interfaces.

[35]  Félix J. García Clemente,et al.  Dynamic management of a deep learning-based anomaly detection system for 5G networks , 2018, Journal of Ambient Intelligence and Humanized Computing.

[36]  Tao Peng,et al.  On Transparency and Accountability of Smart Assistants in Smart Cities , 2019 .

[37]  B. Turetsky,et al.  Computing the Social Brain Connectome Across Systems and States , 2018, Cerebral cortex.

[38]  Mansour Ahmadi,et al.  Detecting Misuse of Google Cloud Messaging in Android Badware , 2016, SPSM@CCS.

[39]  Zibin Zheng,et al.  MalPat: Mining Patterns of Malicious and Benign Android Apps via Permission-Related APIs , 2018, IEEE Transactions on Reliability.

[40]  Stephen M. Omohundro,et al.  The Basic AI Drives , 2008, AGI.

[41]  Mariko Fujimoto,et al.  Cyber Security Risk Assessment on Industry 4.0 using ICS testbed with AI and Cloud , 2019, 2019 IEEE Conference on Application, Information and Network Security (AINS).

[42]  Athanasios V. Vasilakos,et al.  A Survey on Ambient Intelligence in Healthcare , 2013, Proceedings of the IEEE.

[43]  Thomas Eisenbarth,et al.  Undermining User Privacy on Mobile Devices Using AI , 2018, AsiaCCS.

[44]  Zhi Zhou,et al.  HierTrain: Fast Hierarchical Edge AI Learning With Hybrid Parallelism in Mobile-Edge-Cloud Computing , 2020, IEEE Open Journal of the Communications Society.

[45]  Ke Wang,et al.  AI Benchmark: Running Deep Neural Networks on Android Smartphones , 2018, ECCV Workshops.

[46]  Peter Stone,et al.  Autonomous agents modelling other agents: A comprehensive survey and open problems , 2017, Artif. Intell..

[47]  Kyung-Joong Kim,et al.  Performance Evaluation Gaps in a Real-Time Strategy Game Between Human and Artificial Intelligence Players , 2018, IEEE Access.

[48]  Guojun Wang,et al.  AI and Its Risks in Android Smartphones: A Case of Google Smart Assistant , 2019, DependSys.

[49]  Gianluca Dini,et al.  Risk analysis of Android applications: A user-centric solution , 2018, Future Gener. Comput. Syst..

[50]  Julien Bourgeois,et al.  Efficient scene encoding for programmable matter self-reconfiguration algorithms , 2017, SAC.

[51]  Alireza Sadeghi,et al.  A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android Software , 2017, IEEE Transactions on Software Engineering.

[52]  Jie Wu,et al.  e-Sampling , 2017, ACM Trans. Auton. Adapt. Syst..

[53]  Michele Nappi,et al.  Fostering secure cross-layer collaborative communications by means of covert channels in MEC environments , 2021, Comput. Commun..

[54]  Reza Curtmola,et al.  The Moitree middleware for distributed mobile-cloud computing , 2019, J. Syst. Softw..

[55]  Mariarosaria Taddeo,et al.  Artificial Intelligence Crime: An Interdisciplinary Analysis of Foreseeable Threats and Solutions , 2020, Sci. Eng. Ethics.

[56]  Yuan Shu,et al.  An edge computing offloading mechanism for mobile peer sensing and network load weak balancing in 5G network , 2018, Journal of Ambient Intelligence and Humanized Computing.

[57]  Hany H. Ammar,et al.  Identifying high-risk scenarios of complex systems using input domain partitioning , 1998, Proceedings Ninth International Symposium on Software Reliability Engineering (Cat. No.98TB100257).

[58]  Robert Lagerström,et al.  Threat modeling - A systematic literature review , 2019, Comput. Secur..

[59]  Francisco Herrera,et al.  Cognitive Computing: Architecture, Technologies and Intelligent Applications , 2018, IEEE Access.

[60]  Ming Fan,et al.  DAPASA: Detecting Android Piggybacked Apps Through Sensitive Subgraph Analysis , 2017, IEEE Transactions on Information Forensics and Security.

[61]  John McCarthy,et al.  Ascribing Mental Qualities to Machines , 1979 .

[62]  H. V. Ditmarsch Prolegomena to Dynamic Logic for Belief Revision , 2005 .

[63]  Alfredo De Santis,et al.  Do You Trust Your Phone? , 2009, EC-Web.

[64]  Paul G. Flikkema,et al.  When things are sensors for cloud AI: Protecting privacy through data collection transparency in the age of digital assistants , 2017, 2017 Global Internet of Things Summit (GIoTS).

[65]  Bruce Schneier,et al.  Artificial Intelligence and the Attack/Defense Balance , 2018, IEEE Secur. Priv..

[66]  Angelo Furfaro,et al.  A Cloud-based platform for the emulation of complex cybersecurity scenarios , 2018, Future Gener. Comput. Syst..

[67]  Katia P. Sycara,et al.  Multiagent negotiation on multiple issues with incomplete information: extended abstract , 2013, AAMAS.

[68]  Frank Dignum,et al.  Modelling Social Agents: Communication as Action , 1996, ATAL.

[69]  Tim French,et al.  On the Interactions of Awareness and Certainty , 2011, Australasian Conference on Artificial Intelligence.

[70]  Taeyoung Lee,et al.  Us vs. Them: Understanding Artificial Intelligence Technophobia over the Google DeepMind Challenge Match , 2017, CHI.

[71]  H. Ni,et al.  Some extensions on risk matrix approach , 2010 .