Android Security Extensions 2. Giovanni Russello
|
|
- Buck McGee
- 8 years ago
- Views:
Transcription
1 Android Security Extensions 2 Giovanni Russello g.russello@auckland.ac.nz
2 Preparing the Report A report must be provided before your presentation The report should be 4 pages long The content of the report must be YOURS No copy-and-past from the main article Use your own word to describe the article
3 What s in the Report? The report should contain A description of the article An analysis/criticism of the main approach of the article I expect a 50/50 approach 2 pages for description 2 pages for analysis/criticism
4 How to Analyse/Criticise Does the paper live up to your expectations? Think about what you were expecting from this paper by reading the Abstract/Title/Intro If you were the user of this system, would it work for you? Why? Why not? Would this system help you with your security requirements? What could the authors have done differently?
5 Defining Malware Any software that can disrupt normal activities Any software that does not behave as declared Any software that compromises some properties Privacy Confidentiality Reliability
6 Poorly Designed Apps If not designed properly, apps can (unintentionally): Deplete your resources (battery, data, etc.) Expose resources (internet, location, etc.)
7 Over-Privileged Apps Apps (developers) can ask for any combination of permissions Users can either install the apps (granting permissions) or not install at all Combinations of permissions such as Internet and: Locations, SMS, Local Storage Can result in information leakage
8 Privilege Escalation Attacks An adversary tries to escalate privileges to get unauthorised access to protected resources Confused deputy attack: leverage the vulnerability of a benign application Colluding attacks: more applications collaborate to get an objectionable set of permissions
9 Privilege Escalation Attacks Install Time: Uses Permission = P1? Sandbox System Sandbox C A App A B S Android Apps P1 P2 S1 S2 Activity Manager Android Middleware Reference Monitor
10 Privilege Escalation Attacks Sandbox P1 System Sandbox C A App A B S Android Apps P1 P2 S1 S2 Activity Manager Android Middleware Reference Monitor
11 Privilege Escalation Attacks Sandbox P1 System Sandbox C A App A B S Android Apps P1 P2 S1 S2 Activity Manager Android Middleware Reference Monitor
12 Privilege Escalation Attacks Sandbox Sandbox P1 System Sandbox C App B B C App A B Android Apps P1 P2 A S A S S1 S2 Reference Monitor Activity Manager Android Middleware
13 Privilege Escalation Attacks Sandbox Sandbox P1 System Sandbox C App B B C App A B Android Apps P1 P2 A S A S S1 S2 Reference Monitor Activity Manager Android Middleware
14 Privilege Escalation Attacks Sandbox Sandbox P1 System Sandbox C App B B C App A B Android Apps P1 P2 A S A S S1 S2 Reference Monitor Activity Manager Android Middleware
15 Android Security Extensions Application Layer Aurasium I-ARM-Droid Dr Android Reddy Android Middleware DVM TaintDroid MockDroid TISSA Reference Monitor Saint Apex CRePE XManDroid AppFence QUIRE Installer Saint Apex Kirin XManDroid Paranoid Android Paranoid Android QUIRE Linux Kernel SELinux
16 Fine-grained Security Policy Saint (ACSAC 09) Allows app developers to protect their applications from being misused APEX (ASIACCS 10) Circumvent the All-or-Nothing approach of Android permission granting Porscha (ACSAC 10) Support for DRM-like policies for phone data CRePE (ISC 10) Enforcement of context-related policies
17 Data Filtering and Tainting MockDroid (HotMobile 11) Limiting the access to the data TISSA (Trust 11) Substituting the reply from content providers TaintDroid (OSDI 10) Labelling of data for preventing data leakage
18 Protection against Privilege Escalation QUIRE (USENIX Security Symposium 11) Effective against confused deputy attacks Tracing of IPC chain to check if all apps have the right to access a resource However It requires that apps have to use modified API It does not solve the problem of colluding apps
19 Protection against Privilege Escalation AppFence (TR 11 Uni Washington and MS Research) Based on TaintDroid for taint capability It supports data shadowing and protects from data exfiltration However Effective only against confused deputy attack
20 Protection against Privilege Escalation XManDroid (TR 11) Real-time IPC monitoring System state of the app communications for potential spread of privileges However No control outside the IPC channels (i.e. Internet access)
21 What is missing No modifications to Android API No trust on apps Control over IPC and system-level calls (internet) Data filtering capabilities Tuneable
22 That is why we came up with Yet Another Android Security Extension
Android Security Extensions
Android Security Extensions Android Security Model Main objective is simplicity Users should not be bothered Does the user care? Most do not care until its too late But We do It needs a more advanced security
More informationFirewall-based Solution for Preventing Privilege Escalation Attacks in Android
International Journal of Computer Networks and Communications Security VOL. 2, NO. 9, SEPTEMBER 2014, 318 327 Available online at: www.ijcncs.org ISSN 2308-9830 C N C S Firewall-based Solution for Preventing
More informationAndroid Security. Giovanni Russello g.russello@auckland.ac.nz
Android Security Giovanni Russello g.russello@auckland.ac.nz N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional
More informationPerformance Measuring in Smartphones Using MOSES Algorithm
Performance Measuring in Smartphones Using MOSES Algorithm Ms.MALARVIZHI.M, Mrs.RAJESWARI.P ME- Communication Systems, Dept of ECE, Dhanalakshmi Srinivasan Engineering college, Perambalur, Tamilnadu, India,
More informationDefending Users Against Smartphone Apps: Techniques and Future Directions
Defending Users Against Smartphone Apps: Techniques and Future Directions William Enck North Carolina State University enck@cs.ncsu.edu Abstract. Smartphone security research has become very popular in
More informationSmartphone Security 20-00-0615-pr. Sven Bugiel
Smartphone Security 20-00-0615-pr Sven Bugiel Organizational: Teams 2-3 Students per team Register your team by email to me Names, Student IDs, and email addresses of all team members Preferred and backup
More informationTowards Taming Privilege-Escalation Attacks on Android
Towards Taming Privilege-Escalation Attacks on Android Sven Bugiel 1, Lucas Davi 1, Alexandra Dmitrienko 3, Thomas Fischer 2, Ahmad-Reza Sadeghi 1,3, Bhargava Shastry 3 1 CASED/Technische Universität Darmstadt,
More informationResearch on Situation and Key Issues of Smart Mobile Terminal Security
Research on Situation and Key Issues of Smart Mobile Terminal Security Hao-hao Song, Jun-bing Zhang, Lei Lu and Jian Gu Abstract As information technology continues to develop, smart mobile terminal has
More informationASM: A Programmable Interface for Extending Android Security
ASM: A Programmable Interface for Extending Android Security Stephan Heuser stephan.heuser@trust.cased.de Intel CRI-SC at TU Darmstadt William Enck enck@cs.ncsu.edu North Carolina State University Adwait
More informationPRESENTING RISKS INTRODUCED BY ANDROID APPLICATION PERMISSIONS IN A USER-FRIENDLY WAY
Ø Ñ Å Ø Ñ Ø Ð ÈÙ Ð Ø ÓÒ DOI: 10.2478/tmmp-2014-0026 Tatra Mt. Math. Publ. 60 (2014), 85 100 PRESENTING RISKS INTRODUCED BY ANDROID APPLICATION PERMISSIONS IN A USER-FRIENDLY WAY Juraj Varga Peter Muska
More informationDeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices
DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang, Kun Sun, Yuewu Wang and Jiwu Jing Data Assurance and Communication Security Research Center, Institute of Information
More informationAFrame: Isolating Advertisements from Mobile Applications in Android
AFrame: Isolating Advertisements from Mobile Applications in Android Xiao Zhang, Amit Ahlawat, and Wenliang Du Dept. of Electrical Engineering & Computer Science, Syracuse University Syracuse, New York,
More informationRecDroid: A Resource Access Permission Control Portal and Recommendation Service for Smartphone Users
RecDroid: A Resource Access Permission Control Portal and Recommendation Service for Smartphone Users Bahman Rashidi Virginia Commonwealth University rashidib@vcu.edu Carol Fung Virginia Commonwealth University
More informationDroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android
Technical Report Nr. TUD-CS-2016-0025 January 28, 2016 DroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android Authors Stephan Heuser, Marco Negro, Praveen Kumar Pendyala,
More informationPresenting Risks Introduced by Android Application Permissions in a User-friendly Way
Presenting Risks Introduced by Android Application Permissions in a User-friendly Way Juraj Varga, Peter Muska Slovak University of Technology in Bratislava, Slovakia juraj.varga@stuba.sk, xmuskap1@stuba.sk
More informationAnalysis of advanced issues in mobile security in android operating system
Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of
More informationFlexible Data-Driven Security for Android
Flexible Data-Driven Security for Android Denis Feth Fraunhofer Institute for Experimental Software Engineering IESE Kaiserslautern, Germany denis.feth@iese.fraunhofer.de Alexander Pretschner Karlsruhe
More informationTwo Vulnerabilities in Android OS Kernel
IEEE ICC 2013 - Wireless Networking Symposium Two Vulnerabilities in Android OS Kernel Xiali Hei, Xiaojiang Du and Shan Lin Department of Computer and Information Sciences Temple University Philadelphia,
More informationAndroid Security Framework: Enabling Generic and Extensible Access Control on Android
Android Security Framework: Enabling Generic and Extensible Access Control on Android Michael Backes, Sven Bugiel, Sebastian Gerling, Philipp von Styp-Rekowsky Technischer Bericht Nr. A/01/2014 Android
More informationDroidBarrier: Know What is Executing on Your Android
DroidBarrier: Know What is Executing on Your Android Hussain M. J. Almohri almohri@cs.ku.edu.kw Department of Computer Science Kuwait University, Kuwait Danfeng (Daphne) Yao danfeng@cs.vt.edu Department
More informationDefending Behind The Device Mobile Application Risks
Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem
More informationPractical and Lightweight Domain Isolation on Android
Practical and Lightweight Domain Isolation on Android Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi,, Bhargava Shastry Technische Universität Darmstadt Darmstadt, Germany
More informationHow To Write Security Enhanced Linux On Embedded Systems (Es) On A Microsoft Linux 2.2.2 (Amd64) (Amd32) (A Microsoft Microsoft 2.3.2) (For Microsoft) (Or
Security Enhanced Linux on Embedded Systems: a Hardware-accelerated Implementation Leandro Fiorin, Alberto Ferrante Konstantinos Padarnitsas, Francesco Regazzoni University of Lugano Lugano, Switzerland
More informationQRCloud: Android Vulnerability Query and Push Services Based on QR Code in Cloud Computing
Journal of Computational Information Systems 11: 11 (2015) 3875 3881 Available at http://www.jofcis.com QRCloud: Android Vulnerability Query and Push Services Based on QR Code in Cloud Computing Jingzheng
More informationThe Open University s repository of research publications and other research outputs
Open Research Online The Open University s repository of research publications and other research outputs PrimAndroid: privacy policy modelling and analysis for Android applications Conference Item How
More informationURANOS: User-Guided Rewriting for Plugin-Enabled ANdroid ApplicatiOn Security
URANOS: User-Guided Rewriting for Plugin-Enabled ANdroid ApplicatiOn Security Daniel Schreckling, Stephan Huber, Focke Höhne, and Joachim Posegga Institute of IT-Security and Security Law University of
More informationOwner-centric Protection of Unstructured Data on Smartphones
Owner-centric Protection of Unstructured Data on Smartphones Yajin Zhou 1, Kapil Singh 2, and Xuxian Jiang 1 1 North Carolina State University yajin zhou@ncsu.edu, jiang@cs.ncsu.edu 2 IBM T.J. Watson Research
More informations@lm@n IBM Exam M2150-768 IBM Security Sales Mastery Test v4 Version: 7.0 [ Total Questions: 62 ]
s@lm@n IBM Exam M2150-768 IBM Security Sales Mastery Test v4 Version: 7.0 [ Total Questions: 62 ] Question No : 1 A single appliance to collect events and flow data, perform data correlation and rule matching,
More informationTop Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America
1 Top Ten Security and Privacy Challenges for Big Data and Smartgrids Arnab Roy Fujitsu Laboratories of America 2 User Roles and Security Concerns [SKCP11] Users and Security Concerns [SKCP10] Utilities:
More informationPerformance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm
Performance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm Ms.MALARVIZHI.M, Mrs.RAJESWARI.P Abstract: Now a day s most of the people used in smart phones. Smartphone
More informationA Comprehensive Analysis of Android Security and Proposed Solutions
I.J. Computer Network and Information Security, 2014, 12, 9-20 Published Online November 2014 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2014.12.02 A Comprehensive Analysis of Android Security
More informationTHOUSANDS OF APPS CAN'T BE WRONG: MOBILE APPLICATION ANALYSIS AT SCALE
THOUSANDS OF APPS CAN'T BE WRONG: MOBILE APPLICATION ANALYSIS AT SCALE Chris Eng Vice President, Research Session ID: Session Classification: MBS-T08 Intermediate Agenda State of Mobility in the Enterprise
More informationEmerging Mobile Platforms: Firefox OS and Tizen
Emerging Mobile Platforms: Firefox OS and Tizen Olga Gadyatskaya 1, Fabio Massacci 2, and Yury Zhauniarovich 3 Department of Information Engineering and Computer Science, University of Trento Povo 2, Via
More informationHow To Audit The Minnesota Department Of Agriculture Network Security Controls Audit
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Department of Agriculture Network Security Controls Information Technology Audit July 1, 2010 Report 10-23 FINANCIAL
More informationPFP Technology White Paper
PFP Technology White Paper Summary PFP Cybersecurity solution is an intrusion detection solution based on observing tiny patterns on the processor power consumption. PFP is capable of detecting intrusions
More informationUbiquitous and Mobile Computing CS 528: Information Leakage through Mobile Analytics Services
Ubiquitous and Mobile Computing CS 528: Information Leakage through Mobile Analytics Services Amit Srivastava Computer Science Dept. Worcester Polytechnic Institute (WPI) This paper is about.. Analytics
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationQUIRE: : Lightweight Provenance for Smart Phone Operating Systems
QUIRE: : Lightweight Provenance for Smart Phone Operating Systems Dan S. Wallach Rice University Joint work with Mike Dietz, Yuliy Pisetsky, Shashi Shekhar, and Anhei Shu Android's security is awesome
More informationAurasium: Practical Policy Enforcement for Android Applications
Aurasium: Practical Policy Enforcement for Android Applications Rubin Xu Computer Laboratory University of Cambridge Cambridge, UK Rubin.Xu@cl.cam.ac.uk Hassen Saïdi Computer Science Laboratory SRI International
More informationArnab Roy Fujitsu Laboratories of America and CSA Big Data WG
Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 The Big Data Working Group (BDWG) will be identifying scalable techniques for data-centric security and privacy problems. BDWG s investigation
More informationNSA Security-Enhanced Linux (SELinux)
NSA Security-Enhanced Linux (SELinux) http://www.nsa.gov/selinux Stephen Smalley sds@epoch.ncsc.mil Information Assurance Research Group National Security Agency Information Assurance Research Group 1
More informationDesign and Implementation of an Android Host-based Intrusion Prevention System
Design and Implementation of an Android Host-based Intrusion Prevention System Mingshen Sun, Min Zheng, John C.S. Lui, Xuxian Jiang The Chinese University of Hong Kong, Qihoo 360 & NC State University
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationAndroid Security - Common attack vectors
Institute of Computer Science 4 Communication and Distributed Systems Rheinische Friedrich-Wilhelms-Universität Bonn, Germany Lab Course: Selected Topics in Communication Management Android Security -
More informationAndroid Security Data from the Frontlines
SESSION ID: MBS-T07R Android Security Data from the Frontlines security@android.com aludwig@google.com Goal of this talk Provide insight into overall Android security strategy. Discuss data that is being
More informationImplementation and Direct Accessing of Android Authority Application in Smart Phones
Implementation and Direct Accessing of Android Authority Application in Smart Phones Amit H. Choksi 1, Jaimin J. Sarvan 2 and Ronak R. Vashi 3 1 ET Dept, BVM Engg. College, V.V.Nagar-388120, Gujarat, India
More informationAn extension to the Android access control framework
An extension to the Android access control framework Master s Thesis Qing Huang Supervisor: Ludwig Seitz, SICS Examiner: Nahid Shahmehri, IDA October 2011 Abstract Several nice hardware functionalities
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationThe Sandbox Roulette: are you ready to gamble? Rafal Wojtczuk rafal@bromium.com Rahul Kashyap rahul@bromium.com
The Sandbox Roulette: are you ready to gamble? Rafal Wojtczuk rafal@bromium.com Rahul Kashyap rahul@bromium.com What is a sandbox? Environment designed to run untrusted (or exploitable) code, in a manner
More informationIncident Response 101: You ve been hacked, now what?
Incident Response 101: You ve been hacked, now what? Gary Perkins, MBA, CISSP Chief Information Security Officer (CISO) Information Security Branch Government of British Columbia Agenda: threat landscape
More informationA Research on Camera Based Attack and Prevention Techniques on Android Mobile Phones
A Research on Camera Based Attack and Prevention Techniques on Android Mobile Phones Anushree Pore, Prof. Mahip Bartere PG Student, Dept. of CSE, G H Raisoni College of Engineering, Amravati, Maharashtra,
More informationAnalysis of the Communication between Colluding Applications on Modern Smartphones
Analysis of the Communication between Colluding Applications on Modern Smartphones Claudio Marforio, Hubert Ritzdorf, Aurélien Francillon, Srdjan Capkun Institute of Information Security ETH Zurich, Switzerland
More informationA Review on Android Security
A Review on Android Security Dr. Vikash Kumar Singh 1, Devendra Singh Kushwaha 2, Raju Sujane 3, Roshni Tiwari 4 Head (I/C), Dept. of computer Science IGNTU Amarkantak (M.P.) 1 Assistant Professor, Faculty
More informationThe True Story of Data-At-Rest Encryption & the Cloud
The True Story of Data-At-Rest Encryption & the Cloud by Karen Scarfone Principal Consultant Scarfone Cybersecurity Sponsored by www.firehost.com (US) +1 844 682 2859 (UK) +44 800 500 3167 twitter.com/firehost
More informationHow Attackers are Targeting Your Mobile Devices. Wade Williamson
How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best
More informationThe Behavioral Analysis of Android Malware
, pp.41-47 http://dx.doi.org/10.14257/astl.2014.63.09 The Behavioral Analysis of Android Malware Fan Yuhui, Xu Ning Department of Computer and Information Engineering, Huainan Normal University, Huainan,
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationDude, Ask The Experts!: Android Resource Access Permission Recommendation with RecDroid
Dude, Ask The Experts!: Android Resource Access Permission Recommendation with RecDroid Bahman Rashidi Carol Fung Department of Computer Science Virginia Commonwealth University Richmond, VA, USA {rashidib,
More informationSecurity and Privacy in Public Clouds. David Lie Department of Electrical and Computer Engineering University of Toronto
Security and Privacy in Public Clouds David Lie Department of Electrical and Computer Engineering University of Toronto 1 Cloud Computing Cloud computing can (and is) applied to almost everything today.
More informationDroidTest: Testing Android Applications for Leakage of Private Information
DroidTest: Testing Android Applications for Leakage of Private Information Sarker T. Ahmed Rumee and Donggang Liu Department of Computer Science and Engineering, University of Texas at Arlington, Arlington,
More informationA proposal to realize the provision of secure Android applications - ADMS: an application development and management system -
2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing A proposal to realize the provision of secure Android applications - ADMS: an application development
More informationWIND RIVER SECURE ANDROID CAPABILITY
WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion
More informationReview on Android and Smartphone Security
Review Paper Abstract Research Journal of Computer and Information Technology Sciences ISSN 2320 6527 Vol. 1(6), 12-19, November (2013) Review on Android and Smartphone Security Tiwari Mohini, Srivastava
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationMobile Application Security Sharing Session May 2013
Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers
More informationHow To Analyze The Malicious Behavior Of An Android Applications
International Journal of Network Security, Vol.18, No.1, PP.182-192, Jan. 2016 182 Malicious Behavior Analysis for Android Applications Quan Qian, Jing Cai, Mengbo Xie, Rui Zhang (Corresponding author:
More informationAccess Control Fundamentals
C H A P T E R 2 Access Control Fundamentals An access enforcement mechanism authorizes requests (e.g., system calls) from multiple subjects (e.g., users, processes, etc.) to perform operations (e.g., read,,
More informationLecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security
Smartphones and their applications have become an integral part of information society Security and privacy protection technology is an enabler for innovative business models Recent research on mobile
More informationMOBILE SECURITY: DON T FENCE ME IN
MOBILE SECURITY: DON T FENCE ME IN Apart from the known and the unknown, what else is there? 18 Harold Pinter, Nobel Prize-winning playwright, screenwriter, director, actor 32 INTRODUCTION AND METHODOLOGY
More informationAdobe Systems Software Ireland Ltd
Adobe Systems Software Ireland Ltd Own motion investigation report 13/00007 Timothy Pilgrim, Australian Privacy Commissioner Contents Overview... 2 Background... 3 Relevant provisions of the Privacy Act...
More informationNext-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security
Next-Generation Penetration Testing Benjamin Mossé, MD, Mossé Security About Me Managing Director of Mossé Security Creator of an Mossé Cyber Security Institute - in Melbourne +30,000 machines compromised
More informationAdDroid: Privilege Separation for Applications and Advertisers in Android
AdDroid: Privilege Separation for Applications and Advertisers in Android Paul Pearce, Adrienne Porter Felt Computer Science Division University of California Berkeley {pearce, apf}@cs.berkeley.edu Gabriel
More informationAdvanced Systems Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security
More informationDepartment of Education. Network Security Controls. Information Technology Audit
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Department of Education Network Security Controls Information Technology Audit May 5, 2010 Report 10-17 FINANCIAL
More informationSecurity Threats for Mobile Platforms
Security Threats for Mobile Platforms Goran Delac Faculty of Electrical Engineering and Computing, University of Zagreb, Zagreb, Croatia Abstract - The proliferation of smart-phone devices, with ever advancing
More informationThird Party Components in Applications: Understanding Application Security
Third Party Components in Applications: Understanding Application Security SESSION ID: MBS-W08 Olli Jarva Chief Security Specialist, APAC Codenomicon, Singapore @ollijarva Applications and Open Source
More informationTaming Information-Stealing Smartphone Applications (on Android)
Taming Information-Stealing Smartphone Applications (on Android) Yajin Zhou 1, Xinwen Zhang 2, Xuxian Jiang 1, and Vincent W. Freeh 1 1 Department of Computer Science, NC State University yajin zhou@ncsu.edu,
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationAndroid Commercial Spyware Disease and Medication
Android Commercial Spyware Disease and Medication By Eng. Mustafa Saad Computer Engineer 2003 Mobile App Developer 2011 Mobile Security Researcher 2012 Udemy Premium Instructor 2014 March 2016 Agenda Introduction.
More informationBusiness Protection. Personal Privacy. One Device. Enhanced Security for Your Network and Business Intelligence.
Business Protection. Personal Privacy. One Device. Enhanced Security for Your Network and Business Intelligence. Work Hard. Rest Easy. Today, employees are always on, which for you means always vulnerable.
More informationLecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday
Lecture 17: Mobile Computing Platforms: Android Mythili Vutukuru CS 653 Spring 2014 March 24, Monday Mobile applications vs. traditional applications Traditional model of computing: an OS (Linux / Windows),
More informationASSURING INTEGRITY OF DATAFLOW PROCESSING IN CLOUD COMPUTING INFRASTRUCTURE
ASSURING INTEGRITY OF DATAFLOW PROCESSING IN CLOUD COMPUTING INFRASTRUCTURE R.Genga devi 1, K.Anitha 2, M.Murugeshwari 3,S.vidhya 4, Dr.K.Ramasamy 5 1, 2, 3- UG STUDENT, P.S.R.RENGASAMY COLLEGE OF ENGINEERING
More informationThoth: Comprehensive Policy Compliance in Data Retrieval Systems
Thoth: Comprehensive Policy Compliance in Data Retrieval Systems Eslam Elnikety, Aastha Mehta, Anjo Vahldiek-Oberwagner, Deepak Garg, and Peter Druschel Max Planck Institute for Software Systems Data retrieval
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationTaxonomic Modeling of Security Threats in Software Defined Networking
Taxonomic Modeling of Security Threats in Software Defined Networking Recent advances in software defined networking (SDN) provide an opportunity to create flexible and secure next-generation networks.
More informationPREVENTIA. Skyhigh Best Practices and Use cases. Table of Contents
PREVENTIA Forward Thinking Security Solutions Skyhigh Best Practices and Use cases. Table of Contents Discover Your Cloud 1. Identify all cloud services in use & evaluate risk 2. Encourage use of low-risk
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationAndroid Security Framework: Extensible Multi-Layered Access Control on Android
Android Security Framework: Extensible Multi-Layered Access Control on Android Michael Backes, Sven Bugiel, Sebastian Gerling, Philipp von Styp-Rekowsky {backes,bugiel,sgerling,styp-rekowsky}@cs.uni-saarland.de
More informationDetection of Malicious Android Mobile Applications Based on Aggregated System Call Events
Detection of Malicious Android Mobile Applications Based on Aggregated System Call Events You Joung Ham and Hyung-Woo Lee devices, and analyses the characteristics of malicious apps with activation pattern
More informationESUKOM: Smartphone Security for Enterprise
ESUKOM: Smartphone Security for Enterprise Networks Ingo Bente 1 Josef von Helden 1 Bastian Hellmann 1 Joerg Vieweg 1 Kai-Oliver Detken 2 1 Trust@FHH Research Group Fachhochschule Hannover Ricklinger Stadtweg
More informationSecuring Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationThreat Model for Mobile Applications Security & Privacy www.datatheorem.com
Overview Mobile applications (and the devices they run on) are powerful, as they can play music, check email, read documents, purchase products, get directions, play games, watch movies, scan barcodes,
More informationReview of Malware Defense in Mobile Network using Dynamic Analysis of Android Application
Review of Malware Defense in Mobile Network using Dynamic Analysis of Android Application Miss. Ashwini A. Dongre M. E. 3 rd sem, Dept. of Computer Science and engineering P. R. Patil College of engineering
More informationMobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing
Driving Productivity Without Compromising Protection Brian Duckering Mobile Trend Marketing Mobile Device Explosion Paves Way for BYOD 39% 69% 340% 2,170% 2010 177M corp PCs 2015 246M corp PCs 2010 173
More informationSecurity Solution for Android Application Assessment
Security Solution for Android Application Assessment Aparna Bhonde 1, Madhumita Chatterjee 2 Department of IT, PIIT, New Panvel, Mumbai, India 1,2 Abstract: Android Operating System is dominating the share
More informationThe Case for SE Android. Stephen Smalley sds@tycho.nsa.gov Trust Mechanisms (R2X) National Security Agency
The Case for SE Android Stephen Smalley sds@tycho.nsa.gov Trust Mechanisms (R2X) National Security Agency 1 Android: What is it? Linux-based software stack for mobile devices. Very divergent from typical
More informationPractical Attacks against Mobile Device Management Solutions
Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO michael@lacoon.com Daniel Brodie, Sr Security Researcher daniel@lacoon.com About: Daniel Security researcher for nearly
More informationA Perspective on the Evolution of Mobile Platform Security Architectures
A Perspective on the Evolution of Mobile Platform Security Architectures Kari Kostiainen Nokia Research Center, Helsinki TIW, June 2011 Joint work with N. Asokan, Jan-Erik Ekberg and Elena Reshetova 1
More informationBUSINESS PROTECTION. PERSONAL PRIVACY. ONE DEVICE.
BUSINESS PROTECTION. PERSONAL PRIVACY. ONE DEVICE. Enhanced Security for Your Network and Business Intelligence. Work Hard. Rest Easy. Today, employees are always on, which for you means always vulnerable.
More informationWhite Paper. Data Security. The Top Threat Facing Enterprises Today
White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is
More information