BIBLIOGRAFIA DEL TRABAJO DE GRADO

Transcription

1 Ingeniería de Sistemas CIS1310SD03 BIBLIOGRAFIA DEL TRABAJO DE GRADO El siguiente documento contiene toda la bibliografía usada para el desarrollo del Trabajo de Grado. RAUL CALERO ASENCIOS PONTIFICIA UNIVERSIDAD JAVERIANA FACULTAD DE INGENIERIA CARRERA DE INGENIERIA DE SISTEMAS BOGOTÁ, D.C. 2013

2 BIGLIOGRAFIA: 13.5 Heap Overflows :: Chapter 13. Application-Level Risks :: Network Security Assessment :: Networking :: etutorials.org. Accessed March 15, Level+Risks/13.5+Heap+Overflows/ Position Independent Executables. Accessed March 15, : Live Wallpaper - Savannah for Android (live.photo.savanna) Trojaned Distribution. Accessed April 28, Felt, Adrienne Porter, Mathew Finifter, Erika Chin, Steven Hanna, and David Wagner. A Survey of Mobile Malware in the Wild. University of California, Berkeley, Adobe - Instalación de Adobe Flash Player. Accessed April 6, Android - Radio Layer Interface. Accessed March 18, Android 4.1 APIs Android Developers. Accessed March 22, Android Assistant(18 Features) - Aplicaciones de Android En Google Play. Accessed April 8, Android Developers. Accessed April 28, Android Developers Blog. Accessed April 28, Android Device Policy Administration Tutorial - Marakana. Accessed April 3, Android Outscores ios in U.S. Smartphone Sales, Says Report Mobile - CNET News. Accessed April 26, Android Security Overview Android Open Source. Accessed February 18, Felt, Adrienne Porter, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. Android Permissions Demystified. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 11. New York, NY, USA: ACM, doi: /

3 Hari, N., and B. Prasad. Android Architecture. Accessed May 13, Huang, Jim. Android IPC Mechanism. Accessed March 12, Marforio, Claudio, Hubert Ritzdorf, Aurelien Francillon, and Srdjan Capkun. Analysis of the Communication Between Colluding Applications on Modern Smartphones, Android Under Siege: Popularity Comes at a Price. TREND MICRO, security-roundup-android-under-siege-popularity-comes-at-a-price.pdf. Android Zygote Startup - elinux.org. Accessed April 3, Android.Adwlauncher Technical Details Symantec. Accessed November 18, Android.bluetooth Android Developers. Accessed March 6, Android.hardware.usb Android Developers. Accessed March 7, Android.media Android Developers. Accessed March 9, Android.net.wifi Android Developers. Accessed March 8, Android.Stels Symantec. Accessed April 6, Android.Walkinwat Symantec. Accessed November 15, Android/platform_external_opencore GitHub. Accessed March 2, Angry Birds Space - Aplicaciones Android En Google Play. Accessed April 8, t#?t=w251bgwsmswxldesimnvbs5yb3zpby5hbmdyewjpcmrzc3bhy2uuywrzil0. Nauman, Mohammad, Sohail Khan, and Xinwen Zhang. Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 10. New York, NY, USA: ACM, doi: /

4 Shabtai, Asaf, Uri Kanonov, Yuval Elovici, Chanan Glezer, and Yael Weiss. Andromaly : a Behavioral Malware Detection Framework for Android Devices. J. Intell. Inf. Syst. 38, no. 1 (February 2012): doi: /s x. Aplicaciones de Android En Google Play. Accessed November 18, Application Fundamentals Android Developers. Accessed March 12, Backes, Michael, Sebastian Gerling, Christian Hammer, Matteo Maffei, and Philip von Styp- Rekowsky. AppGuard Real-time Policy Enforcement for Third-party Applications, BatteryManager Android Developers. Accessed March 9, Bell LaPadula Model. Accessed November 20, Bell-La Padula, Biba and Clark-Wilson Security Models «Commondork. Accessed November 28, Blog.trendmicro.es - El Blog de Seguridad de Trend Microblog.trendmicro.es El Blog de Seguridad de Trend Micro. Accessed April 27, Brute Force Attack - OWASP. Accessed March 16, Camera Android Developers. Accessed March 6, China Mobile Limited. Accessed April 8, Company Google. Accessed March 18, Construx Checklist for Architecture. Construx SOFTWARE, n.d. Architecture.pdf. Contagio Mobile. Accessed April 27, Conti, Mauro, Vu Thien Nga Nguyen, and Bruno Crispo. CRePE, CWE - CWE-134: Uncontrolled Format String (2.4). Accessed March 15,

5 CWE - CWE-415: Double Free (2.4). Accessed March 13, CxOne - Construx, Dashboards Android Developers. Accessed May 21, Descripción Del Cifrado Simétrico y Asimétrico. Accessed November 18, Device Administration Android Developers. Accessed April 3, Digest::SHA - Search.cpan.org. Accessed March 13, Osvik, D., Adi Shamir, and Eran Tromer. Cache Attacks and Countermeasures: The Case of AES. Weizmann Institute of Science and Applied Mathematics, November 20, Walsh, Eamon. Application of the flask Architecture to the x Window System Server. National Security Agency, Xu, Rubin, Hassen Saidi, and Ross Anderson. Aurasium, Suárez, Pablo, and Carlos Fontela. Documentación y Pruebas, Double Free - OWASP. Accessed March 13, Downloads - Dex2jar - Tools to Work with Android.dex and Java.class Files - Google Project Hosting. Accessed April 8, Droid Dream Light: Un Nuevo Virus Infecta 25 Apps de Android Navegante Elmundo.es. Accessed March 22, DroidDream Becomes Android Market Nightmare PCWorld. Accessed March 22, Enabling the Kernel s DMESG_RESTRICT Feature. Accessed March 16, Stoneburner, Gary, Clark Hayden, and Alexis Feringa. Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A. National Institute of Standards and Technology (NIST) no. COMPUTER SECURITY (June 2004): 33.

6 ESET Latinoamérica Laboratorio» Blog Archive» Cómo Implementar Modelos de Seguridad de La Información. Accessed November 28, Essentials of the Java Programming Language, Part 1. Accessed March 12, FIPS (DSS), Digital Signature Standard. Accessed March 12, FORTIFY_SOURCE Semantics NYU Poly ISIS Lab. Accessed March 15, Gentoo Linux Documentation -- Position Independent Code Internals. Accessed March 15, Glossary Wi-Fi Alliance. Accessed April 29, Gmail: from Google. Accessed April 30, /mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2. How To Boot Into Android Safe Mode On Your Smartphone / Tablet Redmond Pie. Accessed March 12, How to Set and Write SMART Objectives. Accessed November 18, HTTPS Everywhere FAQ. Electronic Frontier Foundation. Accessed April 29, HTTPS Security Improvements in Internet Explorer 7. Accessed March 13, IEEE , The Working Group Setting the Standards for Wireless LANs. Accessed April 29, Pointcheval, David. How to Encrypt Properly with RSA, Shabtai, Asaf, Yuval Fledel, Uri Kanonov, Yuval Elovici, Shlomi Dolev, and Chanan Glezer. Google Android: A Comprehensive Security Assessment. IEEE Security and Privacy 8, no. 2 (March 2010): doi: /msp Zhou, Yajin, Zhi Wang, Wu Zhou, and Xuxian Jiang. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. North Carolina State University,

7 Bruegge, Bernd, and Allen Dutoit. Ingenieria de Software Orientado a Objetos. PrenticeHall, Chaudhuri, Avik. Language-based Security on Android. In Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, 1 7. PLAS 09. New York, NY, USA: ACM, doi: / Ghosh, Angana. Introducing Android 4.1 (Jelly Bean) Preview Platform, and More Android Developers Blog. Accessed March 22, Gonzalez, Rafael, and Alexandra Pomares. LA INVESTIGACIÓN CIENTÍFICA BASADA EN EL DISEÑO COMO EJE DE PROYECTOS DE INVESTIGACIÓN EN INGENIERÍA. Pontificia Universidad Javeriana - Bogotá, Colombia, _como_eje_de_proyectos_de_investigacin_en_ingeniera. Internet Engineering Task Force (IETF). Accessed April 28, ios: A Visual History. The Verge. Accessed April 7, IT Security Threats Symantec. Accessed April 28, Java SE Downloads. Accessed April 10, JD-GUI Java Decompiler. Accessed April 8, Kaspersky Lab US Antivirus & Internet Security Protection Software. Accessed April 7, Keyboard Devices Android Open Source. Accessed March 8, KeyChain Android Developers. Accessed March 13, Lookout Mobile Security. Accessed February 3, Managing Authorization and Access Control. Accessed November 18, Mision Pontificia Universidad Javeriana. Accessed November 18, Mission Statement of the WUC» World Uyghur Congress. World Uyghur Congress -. Accessed April 8,

8 Shabtai, Asaf. Malware Detection on Mobile Devices. In 2010 Eleventh International Conference on Mobile Data Management (MDM), , doi: /mdm Shabtai, Asaf, Uri Kanonov, and Yuval Elovici. Intrusion Detection for Mobile Devices Using the Knowledge-based, Temporal Abstraction Method. J. Syst. Softw. 83, no. 8 (August 2010): doi: /j.jss Enck, William, Machigar Ongtang, and Patrick McDaniel. On Lightweight Mobile Phone Application Certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 09. New York, NY, USA: ACM, doi: / M. Bonilla, Sandra, and Jaime A. Gonzalez. MODELO DE SEGURIDAD DE LA INFORMACION 3 (January 12, 2012): Mmap_min_addr - Debian Wiki. Accessed March 10, Mobile Phone Termonologies. Accessed March 7, Mobile-Sandbox - Live Wallpaper Analysis. Accessed May 21, Modelo de Seguridad. Accessed November 17, Navegador Web Firefox En Español de España Más Rápido, Más Seguro y Más Personalizable. Accessed September 23, NB SEforAndroid 1 - SELinux Wiki. Accessed April 3, Need for Speed Free - Google Play. Accessed April 8, OpenBinder. Accessed March 3, OpenGL ES 1_X - The Standard for Embedded Accelerated 3D Graphics. Accessed March 2, Schmidt, Aubrey-Derrick, Frank Peters, Florian Lamour, and Sahin Albayrak. Monitoring Smartphones for Anomaly Detection. In Proceedings of the 1st International Conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications, 40:1 40:6. MOBILWARE 08. ICST, Brussels, Belgium, Belgium: ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering),

9 Davi, Lucas, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, and Marcel Winandy. Privilege Escalation Attacks on Android. In Proceedings of the 13th International Conference on Information Security, ISC 10. Berlin, Heidelberg: Springer-Verlag, Holbrook, P., and J. Reynolds. RFC 1244: Site Secutiry Handbook. ISI Editors, OWASP. Accessed April 28, Permissions Android Developers. Accessed November 20, Portokalidis, Georgios, Philip Homburg, Kostas Anagnostakis, and Herbert Bos. Paranoid Android: Versatile Protection for Smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 10. New York, NY, USA: ACM, doi: / Postbank: Willkommen Auf Der Startseite. Kostenloses Girokonto, Günstiger Kredit, Angebote Für Sparen Und Anlegen - Und Vieles Mehr! Accessed April 8, PowerManager Android Developers. Accessed March 8, Proyecto Educativo de La Pontificia Universidad Javeriana. Accessed April 17, README - Safe-iop - Safe_iop - a Safe Integer Operation Library for C - Safe Integer Operation Library for C - Google Project Hosting. Accessed March 9, RFC Point-to-Point Tunneling Protocol (PPTP). Accessed March 19, RFC Layer Two Tunneling Protocol L2TP. Accessed March 19, RFC HTTP Over TLS. Accessed March 13, RFC The Transport Layer Security (TLS) Protocol Version 1.2. Accessed March 13, RFC PKCS #5: Password-Based Key Derivation Function 2 (PBKDF2) Test Vectors. Accessed March 16, RFCOMM Layer Tutorial. Accessed March 6, Whitman, Michael, and Herbert Mattord. Principles of Information Security. 4th ed. Course Technology, 2011.

10 Barrera, D., and P. Van Oorschot. Secure Software Installation on Smartphones. IEEE Security Privacy 9, no. 3 (June 2011): doi: /msp Bickford, Jeffrey, Ryan O Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode. Rootkits on Smart Phones: Attacks, Implications and Opportunities. In Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications, HotMobile 10. New York, NY, USA: ACM, doi: / Borghello, C. Seguridad Informática: Sus Implicancias e Implementación. Universidad Tecnológica Nacional. Argentina, Fernandez, Carlos. Seguridad En Sistemas Informáticos. España: Ediciones Diaz de Santos S.A, Knuth, Donald. Sorting and Searching. Vol. 3. Second. Massachusetts: Addison-Wesley, Kuntze, N., R. Rieke, G. Diederich, R. Sethmann, K. Sohr, T. Mustafa, and K.-O. Detken. Secure Mobile Business Information Processing. In 2010 IEEE/IFIP 8th International Conference on Embedded and Ubiquitous Computing (EUC), , doi: /euc Lapadula, Len. Secure Computer Systems: Mathematical Foundations, Miluzzo, Emiliano, Nicholas D. Lane, Kristóf Fodor, Ronald Peterson, Hong Lu, Mirco Musolesi, Shane B. Eisenman, Xiao Zheng, and Andrew T. Campbell. Sensing Meets Mobile Social Networks: The Design, Implementation and Evaluation of the CenceMe Application. In Proceedings of the 6th ACM Conference on Embedded Network Sensor Systems, SenSys 08. New York, NY, USA: ACM, doi: / Ongtang, Machigar, Stephen McLaughlin, William Enck, and Patrick McDaniel. Semantically Rich Application-Centric Security in Android, Security Alert: CleanedOut The Official Lookout Blog. Accessed April 5, Security Alert: Geinimi, Sophisticated New Android Trojan Found in Wild The Official Lookout Blog. Accessed March 20, Security Alert: HongTouTou, New Android Trojan, Found in China The Official Lookout Blog. Accessed April 5, Security Alert: SpamSoldier The Official Lookout Blog. Accessed April 8, Security Enhancements in Jelly Bean Android Developers Blog. Accessed March 19,

11 SEforAndroid - SELinux Wiki. Accessed March 22, Sepgsql - Security Enhanced PostgreSQL - Google Project Hosting. Accessed April 3, Shabtai, A., Y. Fledel, and Y. Elovici. Securing Android-Powered Mobile Devices Using SELinux. IEEE Security Privacy 8, no. 3 (June 2010): doi: /msp Sibling Rivalry: The Ackposts Family. The Official Lookout Blog. Accessed April 8, Smalley, Stephen, and Robert Craig. Security Enhanced (SE) Android: Bringing Flexible MAC to Android, SMS Tutorial: Introduction to AT Commands, Basic Commands and Extended Commands. Accessed March 18, SolutionBase: Strengthen Network Defenses by Using a DMZ TechRepublic. Accessed November 18, State of Mobile Security Accessed November 19, State of Mobile Security Accessed November 27, State of Mobile Security Accessed March 22, Surface Manager Blog Silex Technologies. Accessed March 5, Xu, Nan, Fan Zhang, Yisha Luo, Weijia Jia, Dong Xuan, and Jin Teng. Stealthy Video Capturer: a New Video-based Spyware in 3G Smartphones. In Proceedings of the Second ACM Conference on Wireless Network Security, WiSec 09. New York, NY, USA: ACM, doi: / Zhang, Kehuan, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, and XiaoFeng Wang. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. Indiana University Bloomington, Balon, Nathan, and Ishraq Thabet. The Biba Security Model, Boneh, D. Twenty Years of Attacks on the RSA Cryptosystem, Bugiel, Sven, Lucas Davi, Alexandra Dmitrienko, and Thomas Fischer. Towards Taming Privilege-Escalation Attacks on Android. Fraunhofer SIT, Darmstadt, Germany, 2012.

12 ilege-escalation_attacks_on_android.pdf. Bugiel, Sven, Stephan Heuser, and Ahmad-Reza Sadeghi. Towards a Framework for Android Security Modules : Extending SE Android Type Enforcement to Android Middleware. Intel Collaborative Research Institute for Secure Computing, Cai, Liang, and Hao Chen. TouchLogger: Inferring Keystrokes On Touch Screen From Smartphone Motion. University of California, n.d. Ehringer, David. The Dalvik Virtual Machine Architecture, March Enck, W., M. Ongtang, and P. McDaniel. Understanding Android Security. IEEE Security Privacy 7, no. 1 (February 2009): doi: /msp Enck, William, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. TaintDroid, Gilbert, Peter, Landon P. Cox, Jaeyeon Jung, and David Wetherall. Toward Trustworthy Mobile Sensing. In Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications, HotMobile 10. New York, NY, USA: ACM, doi: / Grace, Michael C., Wu Zhou, Xuxian Jiang, and Ahmad-Reza Sadeghi. Unsafe Exposure Analysis of Mobile In-app Advertisements. In Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 12. New York, NY, USA: ACM, doi: / Harada, Toshiharu, Takashi Horie, and Kazuo Tanaka. Task Oriented Management Obviates Your Onus on Linux, Hornyack, Peter, Seungyeop Han, Jaeyeon Jung, Stuart Schechter, and David Wetherall. These Aren t the Droids You re Looking For, Shin, W., S. Kiyomoto, K. Fukushima, and T. Tanaka. Towards Formal Analysis of the Permission-Based Security Model for Android. In Fifth International Conference on Wireless and Mobile Communications, ICWMC 09, 87 92, doi: /icwmc Smalley, Stephen. The Case for SE Android. National Security Agency, n.d. Take a Closer Look at OpenBSD. Accessed March 10, Testing for Brute Force (OWASP-AT-004) - OWASP. Accessed March 16,

13 The 7 Deadly Sins Of Information Security. Accessed March 23, The Bearer of BadNews The Official Lookout Blog. Accessed April 8, The Chinese Wall Security Policy. Accessed November 28, To Tibet, with Love The Official Lookout Blog. Accessed April 8, UML Tools for Software Development and Modelling - Enterprise Architect UML Modeling Tool. Accessed February 21, Unix Crypt with SHA-256/512. Accessed March 13, Unsafe Exposure Analysis of Mobile In-app Advertisements. Accessed March 19, Update: RuFraud: European Premium SMS Toll Fraud on the Rise The Official Lookout Blog. Accessed November 18, UPDATE: Security Alert: Android Trojan GGTracker Charges Premium Rate SMS Messages The Official Lookout Blog. Accessed November 18, USB Host and Accessory Android Developers. Accessed March 6, Xu, Zhi, Kun Bai, and Sencun Zhu. TapLogger: Inferring User Inputs on Smartphone Touchscreens Using On-board Motion Sensors. In Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 12. New York, NY, USA: ACM, doi: / Zhou, Yajin, Xinwen Zhang, Xuxian Jiang, and Vincent W. Freeh. Taming Information-stealing Smartphone Applications (on Android). In Proceedings of the 4th International Conference on Trust and Trustworthy Computing, TRUST 11. Berlin, Heidelberg: Springer-Verlag, Carter, James. Using Gconf as an Example of How to Create an Userspace Object Manager. National Security Agency, Use Android s Safe Mode to Disable Apps and Troubleshoot Problems. Accessed March 12, Using Freed Memory - OWASP. Accessed March 15,

14 Using Password Systems - OWASP. Accessed March 16, Scheuren, Fritz. WhatIsASurvey.info. Accessed November 15, Thiagarajan, Arvind, Lenin Ravindranath, Katrina LaCurts, Samuel Madden, Hari Balakrishnan, Sivan Toledo, and Jakob Eriksson. VTrack: Accurate, Energy-aware Road Traffic Delay Estimation Using Mobile Phones. In Proceedings of the 7th ACM Conference on Embedded Networked Sensor Systems, SenSys 09. New York, NY, USA: ACM, doi: / Virtual Private Networking: An Overview. Accessed March 18, Virus Bulletin : Independent Malware Advice. Accessed April 28, Virus Bulletin : Searching for Android. Accessed March 22, Virus Bulletin : VB Android Malware Exposed - an In-depth Look at the Evolution of Android Malware. Accessed November 26, VPN Technologies: Definitions and Requirements. Accessed March 19, VpnService Android Developers. Accessed March 17, Walk and Text, Otra Aplicación Android Con Versión Troyana. Accessed November 17, Walk and Text-Transparent - Aplicaciones de Android En Google Play. Accessed November 15, Web of Knowledge [v.5.8] - Web of Science Home. Accessed November 21, neralsearch&sid=4bhdkepeibabkkfi1gd&preferencessaved=&highlighted_tab=wos. Welcome to UNC Computer Science Department of Computer Science. Accessed April 28, What Is ASLR? Accessed March 9, What Is Information Security. Accessed March 18,

15 What Is Piggybacking? - Definition from WhatIs.com. Accessed November 18, WhatsApp :: Home. WhatsApp.com. Accessed November 18, McCracken, Harry. Who s Winning, ios or Android? All the Numbers, All in One Place. Time. Accessed April 26, Tsai, Janice Y., Patrick Kelley, Paul Drielsma, Lorrie Faith Cranor, Jason Hong, and Norman Sadeh. Who s Viewed You?: The Impact of Feedback in a Mobile Location-sharing Application. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 09. New York, NY, USA: ACM, doi: / Why QWERTY Was Invented. Accessed March 8, WinZip - La Utilidad de Compresión Para Windows - Comprime y Descomprime Archivos. Accessed April 8, X.Org Wiki - ProPolice. Accessed March 9, ZertSecurity The Official Lookout Blog. Accessed April 8, Zotero Home. Accessed November 19,