A Review on Android Security

Size: px
Start display at page:

Download "A Review on Android Security"

Transcription

1 A Review on Android Security Dr. Vikash Kumar Singh 1, Devendra Singh Kushwaha 2, Raju Sujane 3, Roshni Tiwari 4 Head (I/C), Dept. of computer Science IGNTU Amarkantak (M.P.) 1 Assistant Professor, Faculty of Vocational Educational IGNTU Amarkantak (M.P.) 2 Dept. of computer Science IGNTU Amarkantak (M.P.) 3, 4 drvksingh76@gmail.com 1, devendra2904@gmail.com 2, Raju.sujane@gmail.com 3, Roshnitiwari.27@gmail.com 4 Abstract: Android has the biggest market share among all Smartphone operating system. Security is one of the main concerns for Smartphone users today. As the power and features of Smartphone s increase, so has their vulnerability for attacks by viruses etc. Perhaps android is more secured operating system than any other Smartphone operating system today. Android has very few restrictions for developer, increases the security risk for end users. In this paper we have reviewed android security model, application level security and security issues in the Android based Smartphone. 1. INTRODUCTION Android is a modern mobile platform that was designed to be truly open source. Android applications use advanced level hardware and software, as well as local and server data, exposed through the platform to bring innovation and value to consumers. To secure that data, the platform must offer an application environment that ensures the security of users, information, applications and the network [6]. Securing an open platform needs strong security architecture and rigorous security architecture. Android was designed with multi-layered security that provides the flexibleness needed for an open platform, whereas providing protection for all users of the platform. Designed to a software stack, android includes an operating system, middleware and core application as a complete [2]. Android powers hundreds of millions of mobile devices in more than 190 countries around the world. Android was designed with developers in mind. Security controls were designed to minimize the burden on developers. Security-savvy developers can simply work on versatile security controls. Developers are not very familiar with security will be protected by safe defaults. Android was also designed with device focused on user s perspective. Users can view how applications work, and manage those applications Android Platform Security Architecture Android seeks to be the foremost secure and usable OS for mobile platforms by re-purposing classical operating system security controls to: Protect user data Protect system resources (including the network) Provide application isolation To achieve security features Robust security at the Operating System level through the Linux kernel, Compulsory application sandbox for all applications Figure 1: Android Architecture Secure interposes communication, Application signing, Application defined permission and user have to grant permissions. Paper ID: 2015/IJTRM/8/2015/5612 1

2 Figure 1 summarizes the security components and considerations of the various levels of the Android. Every component assumes that the components below are properly secured. With the exception of some Android OS code running as root, all process run above the Linux Kernel is restricted by the Application Sandbox Security in Android Android is open source platform, developers will work along to enhance it [6]. Android platform is multitasking software; therefore no application will gain critical access to the components of OS [8]. Android platform is UNIX based operating system that is the most secure operating system [6]. The developers need a unique signature to publish their application on market [7]. Users will report a possible security flaw through their Google account. All applications on android need permission from the user at the time of installation Security Issues faced by Android Android is not secure as it appear, even when such robust security measures. There are several security problems faced by the android, some of them are mentioned below. Android has no security scan over the apps being uploaded on its market. There are some apps which can exploit the services of another app without permission request. Android s permission security model provides power to user to make a decision whether an app should be trusted or not. This human power introduces a lot of risk in Android system. The Open Source is available to legitimate developers as well as hackers too. Thus the Android framework cannot be trusted when it comes to develop critical systems. The Android operating system developers clearly state that they are not responsible for the security of external storage. Any app on the android platform will access device data just like the GSM and SIM marketer Ids while not the permission of the user. Android platform provides all security features, but there will always be a risk if the user will install suspicious apps or allow permission to an app without paying attention. 2. LITERATURE SURVEY W. Enck, D. Octeau, P. McDaniel and S. Chaudhuri present a study of Android application security [4]. They introduce the ded decompiler, which generate android application source code directly from its installation image. They design and execute a horizontal study of smartphone applications based on static analysis of 21 million lines of recovered code. Their analysis uncovered pervasive use / misuse of personal / phone identifiers, and deep penetration of advertizing and analytics networks. However, they did not find evidence of malware or exploitable vulnerabilities in the studied applications. They conclude by considering the implications of these preliminary findings and offer directions for future analysis. S. Powar, Dr. B. B. Meshram, surveyed on Android security framework [1], in this paper, Smartphone with open source operating systems are getting popular now days. Increased exposure of open source Smartphone is increasing the security risk also. Android is one of the most popular open source operating system for mobile platforms. Android provide a basic set of permissions to secure phone. The technique to make Android security mechanism more versatile, the current security mechanism is too rigid. User has only two options, a) Permit all permissions to install app, b) Deny all permissions will fail installation. S. Kaur and M. Kaur presented review paper on implementing security on Android application [2]. In this paper, they described how security can be improved of android operating system so that users can safely use the android smart phones. S. Smalley and R. Craig presented Security Enhanced (SE) Android: Bringing Flexible MAC to Android [3]. The android software stack for mobile devices defines and enforces its own security model for apps through its application-layer permissions model. However, at its foundation, android depends upon the UNIX operating system kernel to shield the system from malicious or imperfect apps and to isolate apps from each other. At present, android leverages UNIX operating system discretionary access control (DAC) to enforce these guarantees, despite the notable shortcomings of DAC. In this paper, they motivate and describe their work to bring flexible mandatory access control (MAC) to Android by enabling the effective use of Security Enhanced Linux (SELinux) for kernel-level MAC and by developing a set of middleware MAC extensions to the Android permissions model. P. Gilbert, W. Enck, L. P. Cox, B. G. Chun, J. Jung, A. N. Sheth and P. McDaniel, Taint Droid: An Information-Flow Tracking System for Real-time Privacy Monitoring on smartphones [5]. Now days smartphone operating systems often fail to provide users with adequate control over and Paper ID: 2015/IJTRM/8/2015/5612 2

3 visibility into how third-party applications use their private data. They address these shortcomings with TaintDroid, system-wide dynamic taint tracking and analysis system capable of at the same time tracking multiple sources of private data. Taint Droid display real-time analysis by leveraging Android s virtualized execution environment and Monitoring private data to inform use of third-party applications for phone users and valuable input for Smartphone security service firms seeking to identify misbehaving applications. B. J. Berger, M. Bunke, and K. Sohr presented an android security case study with Bauhaus. In this paper, they discovered that firms and corporation now uses security softwares for code analysis to discover security problems in application. However, given the fact that we must deal with legacy code we plead to employ the techniques long been developed in the research area of program comprehension for software security. In cooperation with a security expert, they carried out a case study with the android platform based mobile, and employed the reverse engineering toolsuite Bauhaus for this security assessment. During the investigation they found some inconsistencies in the implementation of the Android security concepts. Based on the case study, they propose several research topics in the area of reverse engineering that would support a security analyst during security assessments [12]. M. Ongtang, S. McLaughlin, W. Enck and P. McDaniel study on Semantically Rich Application-Centric Security in Android. In this paper, they consider the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them. They proposed Secure Application INTeraction (Saint), an improved infrastructure that governs install-time permission assignment and their run-time use as dictated by application provider policy. The architecture and technical details of Saint is presented, and areas for extension, optimization, and improvement explored. Saint provides necessary utility for applications to assert and control the security decisions on the android platform [14]. A.D. Schmidt, H. G. Schmidt, J. Clausen, A. Camtepe, S. Albayrak, K. Ali Yüksel and O. Kiraz study on enhancing security of Linux-based android devices. In this paper they present analysis of security mechanism in Android smartphones with a focus on its Linux. Their results are applicable to android as well as Linux-based smartphones such as OpenMoko Neo FreeRunner. They conclude threefold. First, they analyse android framework and the Linuxkernel to check security functionalities. They survey wellaccepted security mechanisms and tools which can increase device security. They provide descriptions on how to adopt these security tools on Android platform, and provide overhead analysis of techniques in terms of resource usage [16]. As open smart phones are released and will increase their market share just like Symbian, they also attract attention of malware writers. Therefore, their second contribution focuses on malware detection techniques at the kernel level. They test applicability of existing signature and intrusion detection methods in android platform. They focused in observation on the kernel, that is, identifying critical kernel event, log file, file system and network activity events, and making efficient mechanisms to monitor them in a resource restricted setting [16]. Their third contribution involves initial results of their malware detection mechanism basing on static function call analysis. They identified approximately 105 Executable and Linking Format (ELF) executables installed to the Linux side of Android. They perform a statistical analysis on the function calls used by these applications. The results can be compared to newly installed applications for detecting significant variations. Additionally, certain function calls indicate malicious activity. Therefore, they present a simple decision tree for deciding the suspiciousness of the corresponding application. Their results present a first step towards detecting malicious applications on Android-based devices [16]. C. Marforio, A. Francillon, S. Capkun study on application collusion attack on the permission-based security model and its implications for modern smartphone systems. In this paper they show technique in which permission based mechanisms are used on mobile platforms allows attacks by colluding applications that communicate over explicit and covert communication channels. These security bugs allow applications to indirectly execute operations that those applications, based on their declared permissions, should not be able to execute. Example operations include disclosure of user s private data (e.g., phone book and calendar entries) to remote parties by applications that do not have direct access to such data or cannot directly establish remote connections. They further show that on mobile platforms users are not made aware of possible implications of application collusion quite the contrary users are implicitly lead to believe that by approving the installation of each application independently, based on its declared permissions, will limit the damage that an application can cause [17]. In this title, they show that this is not correct and that application permissions should be displayed to the users differently (e.g., in their aggregated form), reflecting their actual implications. They study free applications from the Android market and show that the potential for application collusion is significant. A. Lackorzynski, M. Lange, A. Warg, S. Liebergeld, M. Peter presented L4Android: a generic operating system framework for secure smartphones. In this title they present a generic operating system framework that does away with the need for such hardware extensions. They encapsulate the original smartphone operating system in a virtual machine. Their framework allows for highly secure Paper ID: 2015/IJTRM/8/2015/5612 3

4 applications to run side-by-side with the virtual machine. It is based on a state-of-the-art micro-kernel that ensures isolation between the virtual machine and secure applications [18]. T. Luo, H. Hao, W. Du, Y. Wang, and H. Yin work on attacks on Web View in the android system. Web-View is an important element in android platforms, enabling smartphones and tablet apps to embed a simple but powerful browser within them. To achieve a much better interaction between apps and their embedded browsers, Web View provides variety of APIs, permitting code in apps to invoke the JavaScript code within pages, intercept their events, and modifies those events, using these features; apps will become customized browsers for their required web applications. Currently, within the android market, 86 % of the top twenty most downloaded apps in ten various classes use WebView [19]. The design of WebView changes the landscape of the web, particularly from the security perspective. Two essential component of the Web's security infrastructure are weakened if Web-View and its APIs are used: the Trusted Computing Base (TCB) at the client aspect, and therefore the sandbox protection enforced by browsers. As results, several attacks may be launched either against apps or by them [19]. D. Barrera, H. Güne S. Kayacık, P.C. van Oorschot, A. Somayaji study on a methodology for empirical analysis of permission-based security models and its application to android. In the paper, they present a technique for the empirical analysis of permission-based security models. Their methodology is of independent interest for visualization of permission based systems beyond current Android-specific empirical analysis. They provide some discussion identifying potential points of improvement for the android permission model, trying to increase quality where required without increasing number variety of permissions or overall complexity [21]. C. Gibler, J. Crussell, J. Erickson and H. chen case study on AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. Under this paper, they have presented a static analysis framework for automatically searching potential leaks of sensitive data in android applications on a large scale. AndroidLeaks drastically reduces the number of applications and the number of traces that a security auditor must verify manually [22]. Burguera, U. Zurutuza, S. Nadjm study on Crowdroid: behaviour-based malware detection system for Android. In this title they take advantage of earlier approaches for dynamic analysis of application behaviour as a way for detecting malware in the android platform. The detector is embedded in an overall framework for assortment of traces from a limitless number of real users supported crowd sourcing. Their framework has been demonstrated by analysing information collected within the central server using two sorts of data sets: those from artificial malware created for test functions, and people from real malware found in the world. The technique is shown to be an effective means of analytic the malware and alerting the users of a downloaded malware. This method is avoiding the spreading of a detected malware to a larger community [23]. M.L. Polla, F. Martinelli, and D. Sgandurra presented a survey on security for mobile devices. This title surveys the vulnerabilities and security solutions over year , by targeting on high-level attacks, such those to user applications. They cluster existing approaches aimed at securing mobile devices against these kinds of attacks into many categories, on the basis of the detection principles, architectures, collected information and operating systems, particularly focusing on IDS-based models and tools. With this categorization they aim to provide a simple and concise view of the underlying model adopted by each approach [24]. W. B. Tesfay, T. Booth, and K. Andersson presented reputation based security model for android applications. They have proposed a cloud based reputation security model as a solution which greatly mitigates the malicious attacks targeting the Android market [25]. Their security solution takes advantage of the fact that each application in the android platform is assigned a unique user id (UID). Our solution stores the reputation of Android applications in an anti-malware providers cloud (AM Cloud). The experimental results witness that the proposed model could well identify the reputation index of a given application its potential of being risky or not [26]. T. Blasing, L. Batyuk, A. D. Schmidt, S. A. Camtepe, and S. Albayrak studied an android application sandbox system for suspicious software detection. They have projected an A A Sandbox (Android Application Sandbox) that performs static and dynamic analysis on android apps to notice suspicious apps. Static analysis scans the software package for malicious patterns without installing it and the dynamic analysis executes the application in a isolated environment, i.e. sandbox, that intervenes and logs low-level interactions with the system. Both the sandbox and the detection algorithms can be deployed in the cloud, providing a quick and distributed detection of suspicious app in an app store similar to Google s android Market. AASandbox might be used to improve the anti-virus apps available for the android devices [27]. T. Vidas, D. Votipka, N. Christin study on all your droid are belong to us: a survey of current android attacks. The Android security model also creates several new security sensitive concepts such as Android s application permission system and the immoderate Android market. In this title they look to Android as a specific instance of mobile computing. They first discuss the Android security model and some potential weaknesses of the model. They then Paper ID: 2015/IJTRM/8/2015/5612 4

5 provide taxonomy of attacks to the platform demonstrated by real attacks that in the end guarantee privileged access to the device [28]. S. Holla, M. M Katti work on Android based mobile application development and its securit. In this title, they discuss a layered approach for android application development where they can develop application which downloads data from the server. Also an Android Application Sandbox (AASandbox) which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications is also discussed [29]. 3. RESEARCH FINDING Android Components: An Android application consists of four components, having, according to its task, they are as follows. 1. Activities are the presentation layer of an application 2. Services represent background processes without a user interface. 3. Content providers are data stores that allow developers to share databases across application boundaries. 4. Finally, broadcast receivers are components that receive and react to broadcast messages, for example, the Android OS itself sends such a broadcast message if the battery is low. Each component of an application runs as a separate task, making an Android device to a large distributed system, even if all processes are running on the same device. Inter-Process Communication: The Android platform supports inter-process communication (IPC) for communication between components. One foundation for this IPC is the Binder, an Android-based kernel device that allows efficient but safe communication. A way to communicate with components not known at the development time, are messages, which may include arbitrary data, called intents. Intent is an abstract description of an operation to be performed on the platform [11]. For example, intent can start a new activity or service, or communicate with background services. An advantage of this technique is that a client application is no longer linked to a specific program, but can access any possible service for the specified need. Android Security Mechanisms: Android has two basic methods of security enforcement. Firstly, applications run as Linux processes with their own user IDs and thus are separated from each other. This way, vulnerability in one application does not affect other applications. Since Android provides IPC mechanisms, which need to be secured, a second enforcement mechanism comes into play. Android implements a reference monitor to mediate access to application components based on permission. If an application tries to access another component, the end user must grant the appropriate permissions at installation time. Furthermore, the security model has several refinements that increase the model s complexity [10]. Android Security: They conducted a case study focusing on permission checking in the Android framework and showed that the Bauhaus tool-suite can support a security expert during a security assessment [12]. Further research must be carried out to apply the techniques of program comprehension to the field of software security. Their impression is that neither the security-research community discusses this topic adequately nor is industry making use of such techniques to better understand the security status of their software. Using state-of-the-art tools for finding security bugs cannot reveal logical security problems such as undesirable interactions between components. With the increasing complexity of software, software companies need to understand the security risks of their code, and tools employing program comprehension functionality will support them with this challenging task. They truly believe that software-security comprehension will be a fruitful research topic for the future with also a broad practical impact [12]. A study of android application security in this paper finding of exposure of phone identifiers and location are consistent with previous studies; analysis framework allows observing not only the existence of dangerous functionality, however conjointly how it occurs inside the context of the application. However, the integration of those technologies into an application certification process needs overcoming logistical and technical challenges [4]. Enhancing security of Linux-based android devices, Open source APIs of android may result in benign and malicious research activities hopefully resulting in an excellent safer smartphone platform [16]. L4Android: a generic operating system framework for secure smartphones: In this title they presented a generic OS framework that facilitates the creation of secure smartphone systems. The framework consists of three core components. A microkernel acts as the secure foundation and is accompanied by a user mode runtime environment. The third component is VMs to securely encapsulate existing smartphone OSes. They implemented the core components of their framework on a mobile x86 and ARM platform. They evaluated our framework by showing how it can be applied to available as the open source L4 solve four challenges in smartphone security such as secure software smartcards, and a unified corporate and private mobile phone. Their framework does not rely on special hardware features and is thus readily applicable to a wide range of existing smartphones [18]. Attacks on Web View in the Android System: They have identified two fundamental causes of the attacks: weakening of the TCB and sandbox. Although they have not observed any real attack yet, through our case studies, they have shown that the condition for launching these attacks is already matured, and the potential victims are in the millions; it is just a matter of time before they see real Paper ID: 2015/IJTRM/8/2015/5612 5

6 and large-scale attacks. In their on-going work, they are developing solutions to secure Web View [19]. Android Leaks: automatically detecting potential privacy leaks in android applications on a large scale, Android users need a way to determine if applications are leaking their personal information. They created a mapping between API calls and the permissions they must have to execute. Android Leaks is capable of analyzing 24,350 in 30 hours. Android Leaks drastically reduces the number of applications and the number of traces that a security auditor has to verify manually [22]. Reputation based security model for android applications: Android smart phones are becoming very popular among the different smart phone platforms and this is expected to increase in popularity [12]. Despite its popularity momentum, its open source software and programmable framework behavior make it vulnerable to virus attacks [26]. In this title, they present a reputation based security mode for android applications. The title takes into consideration the fact that Smart phones are memory, battery and speed constrained and hence exploiting the cloud to do the reputation index computation of a given application. By referring to the calculated matrix of reputation built by a given application, the model will notify users on the risk of the application before installation. Applications can be classified as highly risky, medium risk, less risk and genuine all based on reputation they have built in the cloud. The experimental results show that some application need to be regarded as highly risky and therefore warn users not to install them until they improve their reputation by passing the threshold set by the reputation based security model proposed in this paper [25]. 4. CONCLUSION Now days more than 1 million Android device activated. Android has very few restrictions for developer, increases the security risk for end users. In this paper we have reviewed security issues in the Android based Smartphone. The integration of technologies into an application certification process requires overcoming logistical and technical challenges. Android provides more security than other mobile phone platforms. Kirin will help mold Android into the secure operating system needed for next-generation computing platforms. REFERENCES [1] S. Powar, Dr. B. B. Meshram, Survey on Android Security Framework, IJERA (International Journal of Engineering Research and Applications) ISSN: Volume 3, Issue 2, March -April 2013 [2] S. Kaur and M. Kaur, Review Paper on Implementing Security on Android Application, JECET, Volume 2, No. 3, June-August [3] S. Smalley and R. Craig, Security Enhanced (SE) Android: Bringing Flexible MAC to Android, Trusted Systems Research National Security Agency. [4] W. Enck, D. Octeau, P. McDaniel and S. Chaudhuri A Study of Android Application Security, The 20th USENIX conference on Security, p.21-21, August [5] W. Enck, P. Gilbert, B. G. Chun, L. P. Cox, J. Jung, P. McDaniel and A. N. Sheth, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, 9th USENIX Symposium on Operating Systems Design and Implementation. [6] Android Open Source Project. Android Security Overview. ex.html. [7] Android Open Source Project. Publishing on GooglePlay. /publish/preparing.html. [8] Android Open Source Project. Security and permissions. permissions.html. [9] Android Open Source Project. What is Android? [10] W. Enck, M. Ongtang, and P. McDaniel, Understanding Android security, IEEE Security Privacy, vol. 7, [11] Intend, Android Developer Google, ntent/intent.html [12] B. J. Berger, M. Bunke, and K. Sohr, An Android Security Case Study with Bauhaus, Working Conference on Reverse Engineering (WCRE), Limerick, October [13] G. Dini, F. Martinelli, A. Saracino, and D. Sgandurra, MADAM: a multi-level anomaly detector for android malware, MMM-ACNS'12 Pages , [14] M. Ongtang, S. McLaughlin, W. Enck and P. McDaniel Semantically Rich Application-Centric Security in Android, Annual Computer Security Applications Conference, December 6 10, [15] A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, and C. Glezer, "Google android: A comprehensive security assessment", Security Privacy, IEEE, 8(2):35 44, march-april Paper ID: 2015/IJTRM/8/2015/5612 6

7 [16] A.D. Schmidt, H.G. Schmidt, J. Clausen, A. Camtepe, S. Albayrak, and K. Ali Yüksel and O. Kiraz, Enhancing Security of Linux-based Android Devices, Technische Universität Berlin And Sabanci University Istanbul. [17] C. Marforio, A. Francillon, S. Capkun, Application Collusion Attack on the Permission- Based Security Model and its Implications for Modern Smartphone Systems, Department of Computer Science, ETH Zurich, Switzerland [18] A. Lackorzynski, M. Lange, A. Warg, S. Liebergeld, M. Peter, L4Android: A Generic Operating System Framework for Secure Smartphones, SPSM [19] T. Luo, H. Hao, W. Du, Y. Wang, and H. Yin, Attacks on WebView in the Android System, ACSAC 2011 [20] A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, Y. Weiss, Andromaly: a behavioural malware detection framework for android devices", Journal of Intelligent Information Systems, Volume 38, Issue 1, pp , February 2012 [21] D. Barrera, H. Güne S. Kayacık, P.C. van Oorschot, A. Somayaji A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android, Computer and communications security, CCS 10, pages [22] C. Gibler, J. Crussell, J. Erickson, and H. Chen, Android Leaks: Automatically Detecting Potential Privacy Leaks In Android Applications on a Large Scale, University of California, Davis and Sandia National Labs, Livermore, CA. [23] I. Burguera, U. Zurutuza, S.N. Tehrani, Crowdroid: behaviour-based malware detection system for Android", SPSM, Pages 15-26, 2011 [24] M.L. Polla, F. Martinelli, and D. Sgandurra, A Survey on Security for Mobile Devices, IEEE COMMUNICATIONS SURVEYS & TUTORIALS [25] W.B. Tesfay, T. Booth, and K. Andersson, Reputation Based Security Model for Android Applications, Trust, Security and Privacy in Computing and Communications, IEEE 2010 [26] H. Bing, "Analysis and Research of Systems Security Based on Android", Intelligent Computation Technology and Automation, Zhangjiajie, Hunan, January 12-14, [27] T. Bläsing, L. Batyuk, A.D. Schmidt, S.A. Camtepe, and S. Albayrak, "An Android Application Sandbox system for suspicious software detection", Malicious and Unwanted Software, Nancy, France, Oct , 2010 [28] T. Vidas, D. Votipka, and N. Christin, "All Your Droid Are Belong To Us: A Survey of Current Android Attacks", INI/CyLab, Carnegie Mellon University. [29] S. Holla, M.M. Katti, Android based mobile application development and its Security, International Journal of Computer Trends and Technology- volume3 Issue Paper ID: 2015/IJTRM/8/2015/5612 7

Review of Malware Defense in Mobile Network using Dynamic Analysis of Android Application

Review of Malware Defense in Mobile Network using Dynamic Analysis of Android Application Review of Malware Defense in Mobile Network using Dynamic Analysis of Android Application Miss. Ashwini A. Dongre M. E. 3 rd sem, Dept. of Computer Science and engineering P. R. Patil College of engineering

More information

Review on Android and Smartphone Security

Review on Android and Smartphone Security Review Paper Abstract Research Journal of Computer and Information Technology Sciences ISSN 2320 6527 Vol. 1(6), 12-19, November (2013) Review on Android and Smartphone Security Tiwari Mohini, Srivastava

More information

Reputation Based Security Model for Android Applications

Reputation Based Security Model for Android Applications 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications Reputation Based Security Model for Android Applications Welderufael Berhane Tesfay, Todd Booth, and

More information

Analysis of advanced issues in mobile security in android operating system

Analysis of advanced issues in mobile security in android operating system Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of

More information

Performance Measuring in Smartphones Using MOSES Algorithm

Performance Measuring in Smartphones Using MOSES Algorithm Performance Measuring in Smartphones Using MOSES Algorithm Ms.MALARVIZHI.M, Mrs.RAJESWARI.P ME- Communication Systems, Dept of ECE, Dhanalakshmi Srinivasan Engineering college, Perambalur, Tamilnadu, India,

More information

Android Security - Common attack vectors

Android Security - Common attack vectors Institute of Computer Science 4 Communication and Distributed Systems Rheinische Friedrich-Wilhelms-Universität Bonn, Germany Lab Course: Selected Topics in Communication Management Android Security -

More information

Performance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm

Performance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm Performance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm Ms.MALARVIZHI.M, Mrs.RAJESWARI.P Abstract: Now a day s most of the people used in smart phones. Smartphone

More information

DETECTION OF CONTRAVENTION IN MOBILE CLOUD SERVICES

DETECTION OF CONTRAVENTION IN MOBILE CLOUD SERVICES IJITE Vol. 4 No.1-2 January-December 2013, pp.13-17 International Sciences Press DETECTION OF CONTRAVENTION IN MOBILE CLOUD SERVICES D. Lakshmana Kumar 1 and G. Draksha 2 1 M.Tech. Student, Department

More information

The Droid Knight: a silent guardian for the Android kernel, hunting for rogue smartphone malware applications

The Droid Knight: a silent guardian for the Android kernel, hunting for rogue smartphone malware applications Virus Bulletin 2013 The Droid Knight: a silent guardian for the Android kernel, hunting for rogue smartphone malware applications Next Generation Intelligent Networks Research Center (nexgin RC) http://wwwnexginrcorg/

More information

ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY

ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY Suhas Holla #1, Mahima M Katti #2 # Department of Information Science & Engg, R V College of Engineering Bangalore, India Abstract In the advancing

More information

Firewall-based Solution for Preventing Privilege Escalation Attacks in Android

Firewall-based Solution for Preventing Privilege Escalation Attacks in Android International Journal of Computer Networks and Communications Security VOL. 2, NO. 9, SEPTEMBER 2014, 318 327 Available online at: www.ijcncs.org ISSN 2308-9830 C N C S Firewall-based Solution for Preventing

More information

Implementation and Direct Accessing of Android Authority Application in Smart Phones

Implementation and Direct Accessing of Android Authority Application in Smart Phones Implementation and Direct Accessing of Android Authority Application in Smart Phones Amit H. Choksi 1, Jaimin J. Sarvan 2 and Ronak R. Vashi 3 1 ET Dept, BVM Engg. College, V.V.Nagar-388120, Gujarat, India

More information

Research on Situation and Key Issues of Smart Mobile Terminal Security

Research on Situation and Key Issues of Smart Mobile Terminal Security Research on Situation and Key Issues of Smart Mobile Terminal Security Hao-hao Song, Jun-bing Zhang, Lei Lu and Jian Gu Abstract As information technology continues to develop, smart mobile terminal has

More information

International Journal of Advance Research in Computer Science and Management Studies

International Journal of Advance Research in Computer Science and Management Studies Volume 3, Issue 3, March 2015 ISSN: 2321 7782 (Online) International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online

More information

Tutorial on Smartphone Security

Tutorial on Smartphone Security Tutorial on Smartphone Security Wenliang (Kevin) Du Professor wedu@syr.edu Smartphone Usage Smartphone Applications Overview» Built-in Protections (ios and Android)» Jailbreaking and Rooting» Security

More information

A proposal to realize the provision of secure Android applications - ADMS: an application development and management system -

A proposal to realize the provision of secure Android applications - ADMS: an application development and management system - 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing A proposal to realize the provision of secure Android applications - ADMS: an application development

More information

Berlin Institute of Technology FG Security in Telecommunications

Berlin Institute of Technology FG Security in Telecommunications Berlin Institute of Technology FG Security in Telecommunications Weiss L4Android: A Generic Operating System Framework for Secure Smartphones Workshop on Security and Privacy in Smartphones and Mobile

More information

QRCloud: Android Vulnerability Query and Push Services Based on QR Code in Cloud Computing

QRCloud: Android Vulnerability Query and Push Services Based on QR Code in Cloud Computing Journal of Computational Information Systems 11: 11 (2015) 3875 3881 Available at http://www.jofcis.com QRCloud: Android Vulnerability Query and Push Services Based on QR Code in Cloud Computing Jingzheng

More information

Android Security Extensions

Android Security Extensions Android Security Extensions Android Security Model Main objective is simplicity Users should not be bothered Does the user care? Most do not care until its too late But We do It needs a more advanced security

More information

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat.

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat. Intrusion Detection in Cloud for Smart Phones Namitha Jacob Department of Information Technology, SRM University, Chennai, India Abstract The popularity of smart phone is increasing day to day and the

More information

Android Security Extensions 2. Giovanni Russello g.russello@auckland.ac.nz

Android Security Extensions 2. Giovanni Russello g.russello@auckland.ac.nz Android Security Extensions 2 Giovanni Russello g.russello@auckland.ac.nz Preparing the Report A report must be provided before your presentation The report should be 4 pages long The content of the report

More information

A Practical Analysis of Smartphone Security*

A Practical Analysis of Smartphone Security* A Practical Analysis of Smartphone Security* Woongryul Jeon 1, Jeeyeon Kim 1, Youngsook Lee 2, and Dongho Won 1,** 1 School of Information and Communication Engineering, Sungkyunkwan University, Korea

More information

Detection and Identification of Android Malware Based on Information Flow Monitoring

Detection and Identification of Android Malware Based on Information Flow Monitoring Detection and Identification of Android Malware Based on Information Flow Monitoring Radoniaina Andriatsimandefitra, Valérie Viet Triem Tong To cite this version: Radoniaina Andriatsimandefitra, Valérie

More information

A Comprehensive Analysis of Android Security and Proposed Solutions

A Comprehensive Analysis of Android Security and Proposed Solutions I.J. Computer Network and Information Security, 2014, 12, 9-20 Published Online November 2014 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2014.12.02 A Comprehensive Analysis of Android Security

More information

UNCLASSIFIED Version 1.0 May 2012

UNCLASSIFIED Version 1.0 May 2012 Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

The Behavioral Analysis of Android Malware

The Behavioral Analysis of Android Malware , pp.41-47 http://dx.doi.org/10.14257/astl.2014.63.09 The Behavioral Analysis of Android Malware Fan Yuhui, Xu Ning Department of Computer and Information Engineering, Huainan Normal University, Huainan,

More information

Lynn Margaret Batten. IT Security Research Services & Deakin University, Melbourne, Australia. June 2015

Lynn Margaret Batten. IT Security Research Services & Deakin University, Melbourne, Australia. June 2015 Lynn Margaret Batten IT Security Research Services & Deakin University, Melbourne, Australia June 2015 Smart devices versus PCs WebView versus Web 2.0 Tracking Certificates Mallory Countermeasures. On

More information

Lecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday

Lecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday Lecture 17: Mobile Computing Platforms: Android Mythili Vutukuru CS 653 Spring 2014 March 24, Monday Mobile applications vs. traditional applications Traditional model of computing: an OS (Linux / Windows),

More information

AppRAy: UseRdRiven And fully AUtomAted AndRoid App security Assessment. dennis titze, philipp stephanow, dr. JUliAn schütte

AppRAy: UseRdRiven And fully AUtomAted AndRoid App security Assessment. dennis titze, philipp stephanow, dr. JUliAn schütte FraunhoFer InstItute For applied and Integrated security AppRAy: UseRdRiven And fully AUtomAted AndRoid App security dennis titze, philipp stephanow, dr. JUliAn schütte App-Ray: User-driven and Fully Automated

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Cisco AppHQ Enterprise Application Center: Deploy Mobile Business Apps with Confidence

Cisco AppHQ Enterprise Application Center: Deploy Mobile Business Apps with Confidence White Paper Cisco AppHQ Enterprise Application Center: Deploy Mobile Business Apps with Confidence The Enterprise Exposed The post-pc era is here, thanks to next-generation mobile devices and applications.

More information

A Perspective on the Evolution of Mobile Platform Security Architectures

A Perspective on the Evolution of Mobile Platform Security Architectures A Perspective on the Evolution of Mobile Platform Security Architectures N. Asokan Nokia Research Center Joint work with Kari Kostiainen, Jan-Erik Ekberg, Elena Reshetova (Intel) Padova, July 2012 1 Introduction

More information

Ensuring Security in Cloud with Multi-Level IDS and Log Management System

Ensuring Security in Cloud with Multi-Level IDS and Log Management System Ensuring Security in Cloud with Multi-Level IDS and Log Management System 1 Prema Jain, 2 Ashwin Kumar PG Scholar, Mangalore Institute of Technology & Engineering, Moodbidri, Karnataka1, Assistant Professor,

More information

The Cloud, Virtualization, and Security

The Cloud, Virtualization, and Security A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are

More information

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure

More information

DOBUS And SBL Cloud Services Brochure

DOBUS And SBL Cloud Services Brochure 01347 812100 www.softbox.co.uk DOBUS And SBL Cloud Services Brochure enquiries@softbox.co.uk DOBUS Overview The traditional DOBUS service is a non-internet reliant, resilient, high availability trusted

More information

Understanding Android s Security Framework

Understanding Android s Security Framework Understanding Android s Security Framework William Enck and Patrick McDaniel Tutorial October 2008 Systems and Internet Infrastructure Security Laboratory (SIIS) 1 2 Telecommunications Nets. The telecommunications

More information

API Tracing Tool for Android-Based Mobile Devices

API Tracing Tool for Android-Based Mobile Devices API Tracing Tool for Android-Based Mobile Devices Seonho Choi, Michael Bijou, Kun Sun, and Edward Jung Abstract We developed an Application Programming Interface (API) tracing tool for Android-based mobile

More information

Available online at www.sciencedirect.com. ScienceDirect. The 4th International Conference on Electrical Engineering and Informatics (ICEEI 2013)

Available online at www.sciencedirect.com. ScienceDirect. The 4th International Conference on Electrical Engineering and Informatics (ICEEI 2013) Available online at www.sciencedirect.com ScienceDirect Procedia Technology 11 ( 2013 ) 650 657 The 4th International Conference on Electrical Engineering and Informatics (ICEEI 2013) Reviews on Cybercrime

More information

A Review of Different Comparative Studies on Mobile Operating System

A Review of Different Comparative Studies on Mobile Operating System Research Journal of Applied Sciences, Engineering and Technology 7(12): 2578-2582, 2014 ISSN: 2040-7459; e-issn: 2040-7467 Maxwell Scientific Organization, 2014 Submitted: August 30, 2013 Accepted: September

More information

Android s External Device Attack: Demonstration and Security Suggestions

Android s External Device Attack: Demonstration and Security Suggestions , pp. 317-326 http://dx.doi.org/10.14257/ijsia.2015.9.4.29 Android s External Device Attack: Demonstration and Security Suggestions Zhang Wei, Yang Chao and Chen Yunfang * Nanjing University of Posts and

More information

... Mobile App Reputation Services THE RADICATI GROUP, INC.

... Mobile App Reputation Services THE RADICATI GROUP, INC. . The Radicati Group, Inc. 1900 Embarcadero Road, Suite 206 Palo Alto, CA 94303 Phone 650-322-8059 Fax 650-322-8061 http://www.radicati.com THE RADICATI GROUP, INC. Mobile App Reputation Services Understanding

More information

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection for Endpoints Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

Android Security. Giovanni Russello g.russello@auckland.ac.nz

Android Security. Giovanni Russello g.russello@auckland.ac.nz Android Security Giovanni Russello g.russello@auckland.ac.nz N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional

More information

RecDroid: A Resource Access Permission Control Portal and Recommendation Service for Smartphone Users

RecDroid: A Resource Access Permission Control Portal and Recommendation Service for Smartphone Users RecDroid: A Resource Access Permission Control Portal and Recommendation Service for Smartphone Users Bahman Rashidi Virginia Commonwealth University rashidib@vcu.edu Carol Fung Virginia Commonwealth University

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

WallDroid: Cloud Assisted Virtualized Application Specific Firewalls for the Android OS

WallDroid: Cloud Assisted Virtualized Application Specific Firewalls for the Android OS 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications WallDroid: Cloud Assisted Virtualized Application Specific Firewalls for the Android OS Caner Kilinc,

More information

Host-based Intrusion Prevention System (HIPS)

Host-based Intrusion Prevention System (HIPS) Host-based Intrusion Prevention System (HIPS) White Paper Document Version ( esnhips 14.0.0.1) Creation Date: 6 th Feb, 2013 Host-based Intrusion Prevention System (HIPS) Few years back, it was relatively

More information

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/ An Integrated CyberSecurity Approach for HEP Grids Workshop Report http://hpcrd.lbl.gov/hepcybersecurity/ 1. Introduction The CMS and ATLAS experiments at the Large Hadron Collider (LHC) being built at

More information

A Perspective on the Evolution of Mobile Platform Security Architectures

A Perspective on the Evolution of Mobile Platform Security Architectures A Perspective on the Evolution of Mobile Platform Security Architectures Kari Kostiainen Nokia Research Center, Helsinki TIW, June 2011 Joint work with N. Asokan, Jan-Erik Ekberg and Elena Reshetova 1

More information

(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation

(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation (U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation DR. C. NTANTOGIAN 1, DR. C. XENAKIS 1, DR. G. KAROPOULOS 2 1 DEPT. O F DIGITAL SYST EMS,

More information

Enterprise-Grade Security from the Cloud

Enterprise-Grade Security from the Cloud Datasheet Website Security Enterprise-Grade Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed security

More information

BYOD: End-to-End Security

BYOD: End-to-End Security BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Security challenges for internet technologies on mobile devices

Security challenges for internet technologies on mobile devices Security challenges for internet technologies on mobile devices - Geir Olsen [geiro@microsoft.com], Senior Program Manager for Security Windows Mobile, Microsoft Corp. - Anil Dhawan [anild@microsoft.com],

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

TrustDefender Mobile Technical Brief

TrustDefender Mobile Technical Brief TrustDefender Mobile Technical Brief Fraud Protection for Native Mobile Applications TrustDefender Mobile from ThreatMetrix is a lightweight SDK library for Google Android and Apple ios mobile devices.

More information

Medicaid MITA: Innovative COTS solutions for IT Risk Management

Medicaid MITA: Innovative COTS solutions for IT Risk Management Medicaid MITA: Innovative COTS solutions for IT Risk Management White Paper: COTS Solutions for MITA 2.0 Medicaid MITA: Innovative COTS solutions for IT Risk Management Contents Introduction to MITA &

More information

Mobility, Security Concerns, and Avoidance

Mobility, Security Concerns, and Avoidance By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to

More information

Norton Mobile Privacy Notice

Norton Mobile Privacy Notice Effective: April 12, 2016 Symantec and the Norton brand have been entrusted by consumers around the world to protect their computing devices and most important digital assets. This Norton Mobile Privacy

More information

Android Application Analyzer

Android Application Analyzer International Journal of Research Studies in Computer Science and Engineering (IJRSCSE) Volume. 1, Issue 4, August 2014, PP 32-37 ISSN 2349-4840 (Print) & ISSN 2349-4859 (Online) www.arcjournals.org Android

More information

Types of cyber-attacks. And how to prevent them

Types of cyber-attacks. And how to prevent them Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual

More information

A Research on Camera Based Attack and Prevention Techniques on Android Mobile Phones

A Research on Camera Based Attack and Prevention Techniques on Android Mobile Phones A Research on Camera Based Attack and Prevention Techniques on Android Mobile Phones Anushree Pore, Prof. Mahip Bartere PG Student, Dept. of CSE, G H Raisoni College of Engineering, Amravati, Maharashtra,

More information

WIND RIVER SECURE ANDROID CAPABILITY

WIND RIVER SECURE ANDROID CAPABILITY WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion

More information

How we keep harmful apps out of Google Play and keep your Android device safe

How we keep harmful apps out of Google Play and keep your Android device safe How we keep harmful apps out of Google Play and keep your Android device safe February 2016 Bad apps create bad experiences, so we work hard to keep them off your device and out of Google Play. In 2015,

More information

All Your Droid Are Belong To Us: A Survey of Current Android Attacks

All Your Droid Are Belong To Us: A Survey of Current Android Attacks All Your Droid Are Belong To Us: A Survey of Current Android Attacks Timothy Vidas ECE/CyLab Carnegie Mellon University Daniel Votipka INI/CyLab Carnegie Mellon University Nicolas Christin INI/CyLab Carnegie

More information

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection for Endpoints Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection

More information

Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security

Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security 4 0 0 T o t t e n P o n d R o a d W a l t h a m, M A 0 2 4 5 1 7 8 1. 8 1 0. 4 3 2 0 w w w. v i e w f i n i t y. c o m Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security

More information

Mobile App Reputation

Mobile App Reputation Mobile App Reputation A Webroot Security Intelligence Service Timur Kovalev and Darren Niller April 2013 2012 Webroot Inc. All rights reserved. Contents Rise of the Malicious App Machine... 3 Webroot App

More information

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines Introduction........................................................................................ 2 ESX Server Architecture and the design of Virtual Machines........................................

More information

Windows Phone 8 Security Overview

Windows Phone 8 Security Overview Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.

More information

SECURITY IN ANDROID BASED SMARTPHONE

SECURITY IN ANDROID BASED SMARTPHONE SECURITY IN ANDROID BASED SMARTPHONE Mr. Sumedh P. Ingale 1, Prof. Sunil R. Gupta 2 1 ME (CSE),First Year,Department of CSE,Prof. Ram Meghe Institute Of Technology and Research, Badnera,Amravati. Sant

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

THOUSANDS OF APPS CAN'T BE WRONG: MOBILE APPLICATION ANALYSIS AT SCALE

THOUSANDS OF APPS CAN'T BE WRONG: MOBILE APPLICATION ANALYSIS AT SCALE THOUSANDS OF APPS CAN'T BE WRONG: MOBILE APPLICATION ANALYSIS AT SCALE Chris Eng Vice President, Research Session ID: Session Classification: MBS-T08 Intermediate Agenda State of Mobility in the Enterprise

More information

BlackBerry 10.3 Work and Personal Corporate

BlackBerry 10.3 Work and Personal Corporate GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network

More information

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula? Datasheet: Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-ofbreed

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

Lecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security

Lecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security Smartphones and their applications have become an integral part of information society Security and privacy protection technology is an enabler for innovative business models Recent research on mobile

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Mobile Devices and Malicious Code Attack Prevention

Mobile Devices and Malicious Code Attack Prevention Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Sponsored

More information

Adobe Flash Player and Adobe AIR security

Adobe Flash Player and Adobe AIR security Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,

More information

4 Steps to Effective Mobile Application Security

4 Steps to Effective Mobile Application Security Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional

More information

Detection of Malicious Android Mobile Applications Based on Aggregated System Call Events

Detection of Malicious Android Mobile Applications Based on Aggregated System Call Events Detection of Malicious Android Mobile Applications Based on Aggregated System Call Events You Joung Ham and Hyung-Woo Lee devices, and analyses the characteristics of malicious apps with activation pattern

More information

Webroot Security Intelligence for Mobile Suite. Cloud-based security solutions for mobile management providers

Webroot Security Intelligence for Mobile Suite. Cloud-based security solutions for mobile management providers Webroot Security Intelligence for Mobile Suite Cloud-based security solutions for mobile management providers TABLE OF CONTENTS INTRODUCTION 3 WEBROOT INTELLIGENCE NETWORK 4 MOBILE SECURITY INTELLIGENCE

More information

Securing the Database Stack

Securing the Database Stack Technical Brief Securing the Database Stack How ScaleArc Benefits the Security Team Introduction Relational databases store some of the world s most valuable information, including financial transactions,

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

PRESENTING RISKS INTRODUCED BY ANDROID APPLICATION PERMISSIONS IN A USER-FRIENDLY WAY

PRESENTING RISKS INTRODUCED BY ANDROID APPLICATION PERMISSIONS IN A USER-FRIENDLY WAY Ø Ñ Å Ø Ñ Ø Ð ÈÙ Ð Ø ÓÒ DOI: 10.2478/tmmp-2014-0026 Tatra Mt. Math. Publ. 60 (2014), 85 100 PRESENTING RISKS INTRODUCED BY ANDROID APPLICATION PERMISSIONS IN A USER-FRIENDLY WAY Juraj Varga Peter Muska

More information

Analysis of the Communication between Colluding Applications on Modern Smartphones

Analysis of the Communication between Colluding Applications on Modern Smartphones Analysis of the Communication between Colluding Applications on Modern Smartphones Claudio Marforio, Hubert Ritzdorf, Aurélien Francillon, Srdjan Capkun Institute of Information Security ETH Zurich, Switzerland

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

Cloud Database Storage Model by Using Key-as-a-Service (KaaS) www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 4 Issue 7 July 2015, Page No. 13284-13288 Cloud Database Storage Model by Using Key-as-a-Service (KaaS) J.Sivaiah

More information

Defending Behind The Device Mobile Application Risks

Defending Behind The Device Mobile Application Risks Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem

More information

Studying Security Weaknesses of Android System

Studying Security Weaknesses of Android System , pp. 7-12 http://dx.doi.org/10.14257/ijsia.2015.9.3.02 Studying Security Weaknesses of Android System Jae-Kyung Park* and Sang-Yong Choi** *Chief researcher at Cyber Security Research Center, Korea Advanced

More information

BYPASSING THE ios GATEKEEPER

BYPASSING THE ios GATEKEEPER BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY

More information

Dynamic Spyware Analysis

Dynamic Spyware Analysis Dynamic Spyware Analysis M. Egele 1 & C. Kruegel 1 & E. Kirda 1 & H. Yin 2,3 & D. Song 2 1 Secure Systems Lab Vienna University of Technology 2 Carnegie Mellon University 3 College of William and Mary

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Mobile Platform Security Architectures A perspective on their evolution

Mobile Platform Security Architectures A perspective on their evolution Mobile Platform Security Architectures A perspective on their evolution N. Asokan Kari Kostiainen 1 NA, KKo, JEE, Nokia Resarch Center 2011-2012 Introduction Recent interest in smartphone security 2 NA,

More information

Android Security Data from the Frontlines

Android Security Data from the Frontlines SESSION ID: MBS-T07R Android Security Data from the Frontlines security@android.com aludwig@google.com Goal of this talk Provide insight into overall Android security strategy. Discuss data that is being

More information

Elevation of Mobile Security Risks in the Enterprise Threat Landscape

Elevation of Mobile Security Risks in the Enterprise Threat Landscape March 2014, HAPPIEST MINDS TECHNOLOGIES Elevation of Mobile Security Risks in the Enterprise Threat Landscape Author Khaleel Syed 1 Copyright Information This document is an exclusive property of Happiest

More information