Dissertations / Theses on the topic 'Android system security'
To see the other types of publications on this topic, follow the link: Android system security.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 34 dissertations / theses for your research on the topic 'Android system security.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Cheng, Zhiyong. "A multi-agent security system for Android platform." Thesis, University of British Columbia, 2012. http://hdl.handle.net/2429/43775.
Abstract:
The Android mobile platform is fast becoming the most popular operating system for mobile devices. Although Android security is an emerging research area and there have been many commercial and research solutions made available, the resource constrained nature of mobile devices dedicates a continuous pursuit for efficiencies. In this thesis, we present the design and implementation of a multi-agent security system on the Android platform, which is built on the Foundation for Intelligent Physical Agents (FIPA) specifications compliant Java Agent Development framework (JADE). A prototype system is implemented and studied. In our design, the agents in the prototype system are aware of resource constraints such as battery capacity, network bandwidth, and dynamically adjust their behaviors accordingly to achieve a balance between the resources consumption and security needs. Following an analysis and design methodology recommended by JADE and Android development guidelines, the prototype system provides compatibility with other multi-agent systems and allows easy adaptations to many security scenarios. Several baseline performance measurements are adopted to measure the efficiency of the prototype system.
2
Xu, Mingzhe. "Security Enhancement of Secure USB Debugging in Android System." University of Toledo / OhioLINK, 2014. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1417536423.
3
Burguera, Hidalgo Iker. "Behavior-based malware detection system for the Android platform." Thesis, Linköpings universitet, RTSLAB - Laboratoriet för realtidssystem, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-73647.
Abstract:
Malware in smartphones is growing at a significant rate. There are currently more than 250 million smartphone users in the world and this number is expected to grow in coming years. In the past few years, smartphones have evolved from simple mobile phones into sophisticated computers. This evolution has enabled smartphone users to access and browse the Internet, to receive and send emails, SMS and MMS messages and to connect devices in order to exchange information. All of these features make the smartphone a useful tool in our daily lives, but at the same time they render it more vulnerable to attacks by malicious applications. Given that most users store sensitive information on their mobile phones, such as phone numbers, SMS messages, emails, pictures and videos, smartphones are a very appealing target for attackers and malware developers. The need to maintain security and data confidentiality on the Android platform makes the analysis of malware on this platform an urgent issue. We have based this report on previous approaches to the dynamic analysis of application behavior, and have adapted one approach in order to detect malware on the Android platform. The detector is embedded in a framework to collect traces from a number of real users and is based on crowdsourcing. Our framework has been tested by analyzing data collected at the central server using two types of data sets: data from artificial malware created for test purposes and data from real malware found in the wild. The method used is shown to be an effective means of isolating malware and alerting users of downloaded malware, which suggests that it has great potential for helping to stop the spread of detected malware to a larger community. This thesis project shows that it is feasible to create an Android malware detection system with satisfactory results.
4
Vančo, Matúš. "Dynamická úprava bezpečnostní politiky na platformě Android." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2016. http://www.nusl.cz/ntk/nusl-255426.
Abstract:
This work proposes the system for dynamic enforcement of access rights on Android. Each suspicious application can be repackaged by this system, so that the access to selected private data is restricted for the outer world. The system intercepts the system calls using Aurasium framework and adds an innovative approach of tracking the information flows from the privacy-sensitive sources using tainting mechanism without need of administrator rights. There has been designed file-level and data-level taint propagation and policy enforcement based on Android binder.
5
Possemato, Andrea. "A Multidimensional Analysis of The Android Security Ecosystem." Electronic Thesis or Diss., Sorbonne université, 2021. https://accesdistant.sorbonne-universite.fr/login?url=https://theses-intra.sorbonne-universite.fr/2021SORUS455.pdf.
Abstract:
Avec plus de 2,5 milliards d'appareils actifs basés sur Android, le système d'exploitation mobile de Google est désormais l'un des plus utilisés au monde.Malgré tous les efforts déployés par Google pour améliorer la sécurité de l'ensemble de l'écosystème Android, il existe encore plusieurs problèmes non résolus. Dans cette thèse, nous analysons en détail certains des problèmes ouverts qui affectent différents composants et acteurs qui font partie de l'écosystème Android. Nous commençons par l'analyse de la sécurité des communications réseau des applications Android, montrant comment, même si Android fournit plusieurs techniques pour sécuriser les communications réseau, les développeurs sont parfois obligés d'utiliser des protocoles en clair. Notre étude se poursuit par l'analyse d'un autre problème qui met en danger la sécurité et la vie privée de l'utilisateur. Nous analysons les vulnérabilités exploitées par les applications malveillantes pour réaliser des attaques de phishing et comment il n'y a toujours pas de système en place pour permettre aux applications de se protéger contre ces attaques. Enfin, nous analysons ce que nous pensons être un tres bon example de la difficulté d'assurer la sécurité dans un domaine aussi vaste qu'Android, en analysant comment les personnalisations, même si elles sont avantageuses pour les vendeurs, peuvent conduire à des problèmes de sécurité qui diminuent la sécurité globale du système Android. Dans cette thèse, pour chacun des problèmes, nous analysons le problème en détail, nous mesurons son ampleur et nous proposons une solution alternative dans le but de résoudre le problème et de faire un pas vers un écosystème Android plus sûrWith more than 2.5 billion active devices based on Android, Google's mobile operating system is now one of the most widely used in the world.Despite all the efforts made by Google to constantly improve the security of the entire Android ecosystem, there are still several problems that remain unresolved. In this thesis, we analyse in detail some of the open problems that affect different components and players that are part of and contribute to the Android ecosystem. We start with the security analysis of the network communication of Android applications, showing how, even if Android provides several techniques to secure network communications, developers sometimes are still forced to use cleartext protocols. Our study continues with the analysis of another issue that puts the security and privacy of the user at risk. We analyze the vulnerabilities exploited by malicious applications to perform phishing attacks and how there is still no system in place to allow applications to protect themselves against these attacks. Last, we analyze what we think may be the perfect representation of how difficult it is to ensure security in a domain as extensive as Android analyzing how customizations, even though beneficial to vendors, can lead to security problems that are lowering down the overall security of the Android system. In this thesis, for each of the problems, we analyze the issue in detail, we measure how widespread it is, and we propose an alternative solution with the aim of solving the problem, making a step towards a more secure Android ecosystem
6
Borek, Martin. "Intrusion Detection System for Android : Linux Kernel System Salls Analysis." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-222382.
Abstract:
Smartphones provide access to a plethora of private information potentially leading to financial and personal hardship, hence they need to be well protected. With new Android malware obfuscation and evading techniques, including encrypted and downloaded malicious code, current protection approaches using static analysis are becoming less effective. A dynamic solution is needed that protects Android phones in real time. System calls have previously been researched as an effective method for Android dynamic analysis. However, these previous studies concentrated on analysing system calls captured in emulated sandboxed environments, which does not prove the suitability of this approach for real time analysis on the actual device. This thesis focuses on analysis of Linux kernel system calls on the ARMv8 architecture. Given the limitations of android phones it is necessary to minimise the resources required for the analyses, therefore we focused on the sequencing of system calls. With this approach, we sought a method that could be employed for a real time malware detection directly on Android phones. We also experimented with different data representation feature vectors; histogram, n-gram and co-occurrence matrix. All data collection was carried out on a real Android device as existing Android emulators proved to be unsuitable for emulating a system with the ARMv8 architecture. Moreover, data were collected on a human controlled device since reviewed Android event generators and crawlers did not accurately simulate real human interactions. The results show that Linux kernel sequencing carry enough information to detect malicious behaviour of malicious applications on the ARMv8 architecture. All feature vectors performed well. In particular, n-gram and co-occurrence matrix achieved excellent results. To reduce the computational complexity of the analysis, we experimented with including only the most commonly occurring system calls. While the accuracy degraded slightly, it was a worthwhile trade off as the computational complexity was substantially reduced.Smartphones ger tillgång till en uppsjö av privat information som potentiellt kan leda till finansiella och personliga svårigheter. Därför måste de vara väl skyddade. En dynamisk lösning behövs som skyddar Android-telefoner i realtid. Systemanrop har tidigare undersökts som en effektiv metod för dynamisk analys av Android. Emellertid fokuserade dessa tidigare studier på systemanrop i en emulerad sandbox miljö, vilket inte visar lämpligheten av detta tillvägagångssätt för realtidsanalys av själva enheten. Detta arbete fokuserar på analys av Linux kärnan systemanrop på ARMv8 arkitekturen. Givet begränsningarna som existerar i Android-telefoner är det väsentligt att minimera resurserna som krävs för analyserna. Därför fokuserade vi på sekvenseringen av systemanropen. Med detta tillvägagångssätt sökte vi en metod som skulle kunna användas för realtidsdetektering av skadliga program direkt på Android-telefoner. Vi experimenterade dessutom med olika funktionsvektorer för att representera data; histogram, n-gram och co-occurrence matriser. All data hämtades från en riktig Android enhet då de existerande Android emulatorerna visade sig vara olämpliga för att emulera ett system med ARMv8 arkitekturen. Resultaten visar att Linus kärnans sekvensering har tillräckligt med information för att upptäcka skadligt beteende av skadliga applikationer på ARMv8 arkitekturen. Alla funktionsvektorer presterade bra. N-gram och cooccurrence matriserna uppnådde till och med lysande resultat. För att reducera beräkningskomplexiteten av analysen, experimenterade vi med att enbart använda de vanligaste systemanropen. Fast noggrannheten minskade lite, var det värt uppoffringen eftersom beräkningskomplexiteten reducerades märkbart.
7
Trabalza, Daniele. "Implementation and Evaluation of Datagram Transport Layer Security (DTLS) for the Android Operating System." Thesis, KTH, Kommunikationsnät, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-119825.
Abstract:
Smartphones are nowadays a tool that everyone posses. With the replacement of the IPv4 with the IPv6 it is possible to connect to the Internet an extremely large number of electronic devices. Those two factors are the premises to use smartphones to access those devices over a hybrid network, composed of Wireless Sensor Networks, IPv6-based Internet of Things, constrained networks and the conventional Internet. Some of these networks are very lossy and use the UDP protocol, hence the most suitable protocol to access resources is CoAP, a connection-less variant of the HTTP protocol, standardized as web protocol for the Internet of Things. The sensitivity of information and the Machine-to-Machine interaction as well as the presence of humans make the End-to-End security one of the requirements of the IPv6 Internet of Things. Secure CoAP (CoAPS) provide security for the CoAP protocol in this context. In this thesis secure CoAP for Android smartphones is designed implemented and evaluated, which is at the moment the rst work that enables CoAPS for smartphones. All the cryptographic cipher suites proposed in the CoAP protocol, among which the pre-shared key and certicate-based authentications are implemented, using the Elliptic Curve Cryptography and the AES algorithm in the CCM mode. The feasibility of this implementation is evaluated on a Nexus phone, which takes the handshake time in order to exchange parameters to secure the connection to about ve seconds, and an increase from one to three seconds of the DTLS retransmission timer. A part for this initial delays the performances us-ing secure CoAP are comparable to the performances obtained using the same protocol without security. The implementation allows also to secure the UDP transport thanks to the DTLS implementation, allowing any potential application to exchange secure data and have mutual authentication.
8
Palm, Alexander, and Benjamin Gafvelin. "Ethical Hacking of Android Auto in the Context of Road Safety." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-299647.
Abstract:
With a more than ever increasing demand to interconnect smartphones with infotainment systems, Android Auto has risen in popularity with its services used in modern vehicles worldwide. However, as users progressively connect their smartphones to in-vehicle infotainment systems, the opportunity for malicious actors to endanger and access private data of Android Auto users advances as well. The goal with this thesis is to determine how secure Android Auto is for road use. The main research question is to figure out if Android Auto is susceptible to attacks that exploit certain vulnerabilities in the Android operating system. The research question was answered by creating several proof-of-concept attacks on Android Auto using an emulated infotainment system with mobile devices. An investigation was also conducted regarding the application’s communication channel between the mobile device and infotainment display. Results of this thesis demonstrate that several attacks are substantially severe to endanger drivers on the road. There is a great risk of successful exploits when running Android Auto locally on the phone without a connection to the infotainment system, and a lesser risk when connected to the infotainment system. Intercepting communication in the USB channel revealed an encryption algorithm whose version has published exploits and can be cracked to potentially exploit Android Auto.I takt med en evigt ökande efterfrågan på att sammankoppla smarttelefoner med infotainmentsystem, har allt fler börjat använda Android Auto i sina fordon världen över. En bieffekt av att allt fler sammankopplar sina mobiler till infotainmentsystem, är att det leder till fler möjligheter för illvilliga parter att stjäla privat data och sätta Android Autoanvändares liv i fara. Målet med denna avhandling är att fastställa hur säkert Android Auto är i avseende till vägsäkerhet. Den huvudsakliga forskningsfrågan är att lista ut om Android Auto kan attackeras av attacker som utnyttjar sårbarheter i Android operativsystemet. Forskningsfrågan besvarades genom att skapa flertal konceptattacker mot Android Auto användandes av ett emulerat infotainmentsystem och mobiltelefoner. En utredning utfördes även gällande applikationens kommunikationskanal mellan telefonen och infotainmentskärmen. Resultatet från denna avhandling demonstrerade att många attacker är tillräckligt allvarliga för att äventyra trafikanternas säkerhet. Det finns en avsevärd risk för framgångsrika attacker när Android Auto körs lokalt på telefonen utan en USB koppling till infotainmentsystemet, och en liten risk när telefonen är kopplad till infotainmentsystemet. Avlyssning och uppfångning av kommunikationen i USB kanalen visade att en krypteringsalgoritm vars version har existerande sårbarheter kan avkrypteras och utnyttjas för att potentiellt attackera Android Auto.
9
Krishnan, Neelima. "Android Hypovisors: Securing Mobile Devices through High-Performance, Light-Weight, Subsystem Isolation with Integrity Checking and Auditing Capabilities." Thesis, Virginia Tech, 2014. http://hdl.handle.net/10919/51129.
Abstract:
The cellphone turned 40 years old in 2013, and its evolution has been phenomenal in these 40 years. Its name has evolved from "cellphone" to "mobile phone" and "smartphone" to "mobile device."] Its transformation has been multi-dimensional in size, functionality, application, and the like. This transformation has allowed the mobile device to be utilized for casual use, personal use, and enterprise use. Usage is further driven by the availability of an enormous number of useful applications for easy download from application (App) markets. Casual download of a seemingly useful application from an untrusted source can cause immense security risks to personal data and any official data resident in the mobile device. Intruding malicious code can also enter the enterprise networks and create serious security challenges.
Thus, a mobile device architecture that supports secure multi-persona operation is strongly needed. The architecture should be able to prevent system intrusions and should be able to perform regular integrity checking and auditing. Since Android has the largest user base among mobile device operating systems (OS), the architecture presented here is implemented for Android. This thesis describes how an architecture named the "Android Hypovisor" has been developed and implemented successfully as part of this project work. The key contributions of the project work are:
1. Enhancement of kernel security
2. Incorporation of an embedded Linux distribution layer that supports Glibc/shared libraries so that open-source tools can be added easily
3. Integration of integrity checking and auditing tools (Intrusion Detection and Prevention System; IDPS)
4. Integration of container infrastructure to support multiple OS instances.
5. Analysis shows that the hypovisor increases memory usages by 40-50 MB. As the proposed OS is stripped down to support the embedded hypovisor, power consumption is only minimally increased.
This thesis describes how the implemented architecture secures mobile devices through high-performance, light-weight, subsystem isolation with integrity checking and auditing capabilities.Master of Science
10
Bjurling, Patrik. "Design and Implementation of a Secure In-app Credit Card Payment System." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-112745.
Abstract:
Smartphones are often used in order to make purchases today and mobile payments are estimated to continue growing in numbers the following years. This makes mobile payment systems attractive to companies as a new business platform. It also increases the number of malicious users trying to exploit the systems for financial gain. This thesis is conducted for the company TaxiCaller which desires to integrate mobile payments into their existing service. It discusses the current security standards for mobile payments and evaluates existing mobile payment solutions. The focus of the evaluation is on the security of the solutions and vulnerabilities, as well as mitigations of identified vulnerabilities, are discussed. Based on the evaluation, a mobile payment solution is designed and implemented. This system fully integrates with TaxiCaller’s existing system. A threat analysis of the implemented mobile payment solution is performed to provide confidence in the security. This thesis also provides an insight into the ecosystem of mobile payments including the stakeholders, the regulations, the security standards and difficulties during implementations.
11
Zeitz, Kimberly Ann. "An Optimized Alert System Based on Geospatial Location Data." Thesis, Virginia Tech, 2014. http://hdl.handle.net/10919/49265.
Abstract:
Crises are spontaneous and highly variable events that lead to life threatening and urgent situations. As such, crisis and emergency notification systems need to be both flexible and highly optimized to quickly communicate to users. Implementing the fastest methods, however, is only half of the battle. The use of geospatial location is missing from alert systems utilized at university campuses across the United States. Our research included the design and implementation of a mobile application addition to our campus notification system. This addition is complete with optimizations including an increase in the speed of delivery, message differentiation to enhance message relevance to the user, and usability studies to enhance user trust and understanding. Another advantage is that our application performs all location data computations on the user device with no external storage to protect user location privacy. However, ensuring the adoption of a mobile application that requests location data permissions and relating privacy measures to users is not a trivial matter. We conducted a campus-wide survey and interviews to understand mobile device usage patterns and obtain opinions of a representative portion of the campus population. These findings guided the development of this mobile application and can provide valuable insights which may be helpful for future application releases. Our addition of a mobile application with geospatial location awareness will send users relevant alerts at speeds faster than those of the current campus notification system while still guarding user location privacy, increasing message relevance, and enhancing the probability of adoption and use.Master of Science
12
Motuzas, Armandas. "Patalpų apsaugos sistemos kūrimas Arduino mikrokontroleriu." Bachelor's thesis, Lithuanian Academic Libraries Network (LABT), 2014. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2014~D_20140716_143615-40294.
Abstract:
Darbe buvo susipažinta su apsaugos sistemomis, Arduino platforma ir Android sistema. Projektuojant standartinę apsaugos sistemą su Arduino mikrokontroleriu, buvo pasirinktos tinkamiausios dalys. Rasti ir išanalizuoti galimi komunikavimo būdai tarp Arduino platformos ir Android operacinės sistemos. Pasirinktu geriausiu komunikavimo būdu, buvo realizuota standartinė apsaugos sistema, kurią galima valdyti nuotoliniu būdu internetiniu puslapiu arba Android programėle.In this Project were been familiarized with security systems, Arduino platform and Android system. Designing a standart security system with Arduino microcontroller was choosen the most suitable components. Was choosed and analized possible ways to communicate between the Arduino platform and the Android operating system. Choosen best way of comunication, has been realized in standart security system that can be operated by remote with web page or Android application.
13
Thakur, Neha S. "Forensic Analysis of WhatsApp on Android Smartphones." ScholarWorks@UNO, 2013. http://scholarworks.uno.edu/td/1706.
Abstract:
Android forensics has evolved over time offering significant opportunities and exciting challenges. On one hand, being an open source platform Android is giving developers the freedom to contribute to the rapid growth of the Android market whereas on the other hand Android users may not be aware of the security and privacy implications of installing these applications on their phones. Users may assume that a password-locked device protects their personal information, but applications may retain private information on devices, in ways that users might not anticipate. In this thesis we will be concentrating on one such application called 'WhatsApp', a popular social networking application. We will be forming an outline on how forensic investigators can extract useful information from WhatsApp and from similar applications installed on an Android platform. Our area of focus is extraction and analysis of application user data from non-volatile external storage and the volatile memory (RAM) of an Android device.
14
Whitelaw, Clayton. "Precise Detection of Injection Attacks on Concrete Systems." Scholar Commons, 2015. http://scholarcommons.usf.edu/etd/6051.
Abstract:
Injection attacks, including SQL injection, cross-site scripting, and operating system command injection, rank the top two entries in the MITRE Common Vulnerability Enumeration (CVE) [1]. Under this attack model, an application (e.g., a web application) uses some untrusted input to produce an output program (e.g., a SQL query). Applications may be vulnerable to injection attacks because the untrusted input may alter the output program in malicious ways. Recent work has established a rigorous definition of injection attacks. Injections are benign iff they obey the NIE property, which states that injected symbols strictly insert or expand noncode tokens in the output program. Noncode symbols are strictly those that are either removed by the tokenizer (e.g., insignificant whitespace) or span closed values in the output program language, and code symbols are all other symbols. This thesis demonstrates that such attacks are possible on applications for Android—a mobile device operating system—and Bash—a common Linux shell—and shows by construction that these attacks can be detected precisely. Specifically, this thesis examines the recent Shellshock attacks on Bash and shows how it widely differs from ordinary attacks, but can still be precisely detected by instrumenting the output program’s runtime. The paper closes with a discussion of the lessons learned from this study and how best to overcome the practical challenges to precisely preventing these attacks in practice.
15
MUTTI, Simone. "Policy and Security Conguration Management in Distributed Systems." Doctoral thesis, Università degli studi di Bergamo, 2015. http://hdl.handle.net/10446/49849.
Abstract:
The evolution of information system sees a continuously increasing need of flexible and sophisticated approaches for the management of security requirements. On one hand, systems are increasingly more integrated (e.g., Bring Your Own Device) and present interfaces for the invocation of services accessible through network connections. On the other hand, system administrators have the responsibility to guarantee that this integration and the consequent exposure of internal resources does not introduce vulnerabilities. The need to prove that the system correctly manages the security requirements is not only motivated by the increased exposure, but also by the need to show compliance with respect to the many regulations promulgated by governments and commercial bodies.
In modern information systems a particular area of security requirement is access control management, with security policies that describe how resources and services should be protected. These policies offer a classification of the actions on the system that distinguishes them into authorized and forbidden, depending on a variety of parameters. Given the critical role of security and their large size and complexity, concerns arise about the correctness of the policy. It is not possible anymore to rely on the security designer to have a guarantee that the policy correctly represents how the system should protect the access to resources.
The research documented in this thesis investigates new approaches for the development of a collection of both methodologies and tools, which are flexible enough to help the system administrators, or generally users, in the correct management of security requirements. Due to the complexity of this topic, the research was focused on (i) enterprise and (ii) mobile scenario.
16
Dahlberg, Daniel, Tim Irmel, and Jacob Forsström. "Android-användaren och appbehörigheter : Attityder och beteenden kopplat till säkerhet på mobilen." Thesis, Umeå universitet, Institutionen för informatik, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:umu:diva-148004.
Abstract:
The Android OS is ever growing on the global market, reaching more and more people. This have led to the distribution of millions of applications, that the Android user can interact with. However, the usage of Android apps is not risk free and there are various methods deployed by Google Play to protect the privacy of the Android owner. One of these protective measures are permissions. However, as permissions are controlled by the user, there is a need of comprehending the user behaviour and attitude to the permissions. Lack of understanding the importance, and of the permission itself, could present a real danger of privacy trespassing to the user. In this paper we evaluate the rate of attitude and behaviour by questionnaire and empirical quality-driven interviews. We compare and scrutinize our data with older studies. We identify factors contributing the failure to comply with permission warnings. Also, we find that there are connections between factors such as gender and age, for how the user behaviour and attitude conclude with permissions. In the end we present an exhaustive analysis and discussion to our results, ending with a conclusion that there are differences to be found from older studies and that there are connections in gender and age with how the user acts by permissions.
17
MAIORCA, DAVIDE. "Design and implementation of robust systems for secure malware detection." Doctoral thesis, Università degli Studi di Cagliari, 2016. http://hdl.handle.net/11584/266872.
Abstract:
Malicious software (malware) have significantly increased in terms of number and effectiveness
during the past years. Until 2006, such software were mostly used to disrupt
network infrastructures or to show coders’ skills. Nowadays, malware constitute a very
important source of economical profit, and are very difficult to detect. Thousands of
novel variants are released every day, and modern obfuscation techniques are used to
ensure that signature-based anti-malware systems are not able to detect such threats.
This tendency has also appeared on mobile devices, with Android being the most targeted
platform. To counteract this phenomenon, a lot of approaches have been developed
by the scientific community that attempt to increase the resilience of anti-malware systems.
Most of these approaches rely on machine learning, and have become very popular
also in commercial applications. However, attackers are now knowledgeable about these
systems, and have started preparing their countermeasures. This has lead to an arms
race between attackers and developers. Novel systems are progressively built to tackle
the attacks that get more and more sophisticated. For this reason, a necessity grows
for the developers to anticipate the attackers’ moves. This means that defense systems
should be built proactively, i.e., by introducing some security design principles in their
development. The main goal of this work is showing that such proactive approach can
be employed on a number of case studies. To do so, I adopted a global methodology that
can be divided in two steps. First, understanding what are the vulnerabilities of current
state-of-the-art systems (this anticipates the attacker’s moves). Then, developing novel
systems that are robust to these attacks, or suggesting research guidelines with which
current systems can be improved. This work presents two main case studies, concerning
the detection of PDF and Android malware. The idea is showing that a proactive approach
can be applied both on the X86 and mobile world. The contributions provided on
this two case studies are multifolded. With respect to PDF files, I first develop novel attacks
that can empirically and optimally evade current state-of-the-art detectors. Then,
I propose possible solutions with which it is possible to increase the robustness of such
detectors against known and novel attacks. With respect to the Android case study,
I first show how current signature-based tools and academically developed systems are
weak against empirical obfuscation attacks, which can be easily employed without particular
knowledge of the targeted systems. Then, I examine a possible strategy to build a
machine learning detector that is robust against both empirical obfuscation and optimal
attacks. Finally, I will show how proactive approaches can be also employed to develop
systems that are not aimed at detecting malware, such as mobile fingerprinting systems.
In particular, I propose a methodology to build a powerful mobile fingerprinting system,
and examine possible attacks with which users might be able to evade it, thus preserving
their privacy. To provide the aforementioned contributions, I co-developed (with the cooperation
of the researchers at PRALab and Ruhr-Universität Bochum) various systems:
a library to perform optimal attacks against machine learning systems (AdversariaLib),
a framework for automatically obfuscating Android applications, a system to the robust
detection of Javascript malware inside PDF files (LuxOR), a robust machine learning system
to the detection of Android malware, and a system to fingerprint mobile devices. I
also contributed to develop Android PRAGuard, a dataset containing a lot of empirical
obfuscation attacks against the Android platform. Finally, I entirely developed Slayer
NEO, an evolution of a previous system to the detection of PDF malware. The results
attained by using the aforementioned tools show that it is possible to proactively build
systems that predict possible evasion attacks. This suggests that a proactive approach
is crucial to build systems that provide concrete security against general and evasion
attacks.
18
Fergus, Seamus. "Internet Safety for Children : Stranger danger, misbehaviour and problems when online." Thesis, Luleå tekniska universitet, Datavetenskap, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-70126.
Abstract:
The Internet has evolved and continues to evolve rapidly and as adults we understand the need to be careful with various issues including our privacy, scams, bullying and as adults we stumble across unwanted material that might be considered inappropriate. Children also need to be protected and this thesis will research what children do when they are online, and what protection is currently given to children. The research will also include input from teachers and parents and find out what experiences they have and what they are doing to protect children. The thesis will involve software testing to evaluate how effective parental control software is, and possibilities of it being hacked. This research will concentrate on smartphones, and in particular the Android operating system, the reason is that Android phones can be purchased cheaper than an iPhone, and therefore are more likely to be used by a child. A developer’s version of Android can also be configured to run it in a virtual machine running on a PC which makes various testing possible. The thesis will also involve reviewing other organisation’s research and findings and how it compares to my own research. The thesis will give advice on how to move forward in relation to keeping children safe online.
19
Sokolova, Karina. "Bridging the gap between Privacy by Design and mobile systems by patterns." Thesis, Troyes, 2016. http://www.theses.fr/2016TROY0008/document.
Abstract:
De nos jours, les smartphones et les tablettes génèrent, reçoivent, mémorisent et transfèrent vers des serveurs une grande quantité de données en proposant des services aux utilisateurs via des applications mobiles facilement téléchargeables et installables. Le grand nombre de capteurs intégrés dans un smartphone lui permet de collecter de façon continue des informations très précise sur l'utilisateur et son environnement. Cette importante quantité de données privées et professionnelles devient difficile à superviser.L'approche «Privacy by Design», qui inclut sept principes, propose d'intégrer la notion du respect des données privées dès la phase de la conception d’un traitement informatique. En Europe, la directive européenne sur la protection des données privées (Directive 95/46/EC) intègre des notions du «Privacy by Design». La nouvelle loi européenne unifiée (General Data Protection Régulation) renforce la protection et le respect des données privées en prenant en compte les nouvelles technologies et confère au concept de «Privacy by Design» le rang d’une obligation légale dans le monde des services et des applications mobiles.L’objectif de cette thèse est de proposer des solutions pour améliorer la transparence des utilisations des données personnelles mobiles, la visibilité sur les systèmes informatiques, le consentement et la sécurité pour finalement rendre les applications et les systèmes mobiles plus conforme au «Privacy by (re)Design»Nowadays, smartphones and smart tablets generate, receive, store and transfer substantial quantities of data, providing services for all possible user needs with easily installable programs, also known as mobile applications. A number of sensors integrated into smartphones allow the devices to collect very precise information about the owner and his environment at any time. The important flow of personal and business data becomes hard to manage.The “Privacy by Design” approach with 7 privacy principles states privacy can be integrated into any system from the software design stage. In Europe, the Data Protection Directive (Directive 95/46/EC) includes “Privacy by Design” principles. The new General Data Protection Regulation enforces privacy protection in the European Union, taking into account modern technologies such as mobile systems and making “Privacy by Design” not only a benefit for users, but also a legal obligation for system designers and developers.The goal of this thesis is to propose pattern-oriented solutions to cope with mobile privacy problems, such as lack of transparency, lack of consent, poor security and disregard for purpose limitation, thus giving mobile systems more Privacy by (re) Design
20
Berrios-Ayala, Mark. "Brave New World Reloaded: Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities." Honors in the Major Thesis, University of Central Florida, 2013. http://digital.library.ucf.edu/cdm/ref/collection/ETH/id/1547.
Abstract:
Imagine a world where someone’s personal information is constantly compromised, where federal government entities AKA Big Brother always knows what anyone is Googling, who an individual is texting, and their emoticons on Twitter. Government entities have been doing this for years; they never cared if they were breaking the law or their moral compass of
human dignity. Every day the Federal government blatantly siphons data with programs from the original ECHELON to the new series like PRISM and Xkeyscore so they can keep their tabs on issues that are none of their business; namely, the personal lives of millions. Our allies are taking note; some are learning our bad habits, from Government Communications Headquarters’ (GCHQ) mass shadowing sharing plan to America’s Russian inspiration, SORM. Some countries are following the United States’ poster child pose of a Brave New World like order of global events. Others like Germany are showing their resolve in their disdain for the rise of tyranny. Soon, these new found surveillance troubles will test the resolve of the American Constitution and its nation’s strong love and tradition of liberty. Courts are currently at work to resolve how current concepts of liberty and privacy apply to the current conditions facing the privacy of society. It remains to be determined how liberty will be affected as well; liberty for the United States of America, for the European Union, the Russian Federation and for the people of the World in regards to the extent of privacy in today’s blurred privacy expectations.B.S.
Bachelors
Health and Public Affairs
Legal Studies
21
Lin, Yu-Cheng, and 林禹成. "A Security Vulnerability Analysis System for Android Application." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/42unf5.
22
Costa, Sara Silva. "Security threats management in android systems." Master's thesis, 2017. http://hdl.handle.net/1822/55037.
Abstract:
Dissertação de mestrado integrado em Engenharia Eletrónica Industrial e ComputadoresWith the exponential use of mobile phones to handle sensitive information, the intrusion systems development has also increased. Malicious software is constantly being developed and the intrusion techniques are increasingly more sophisticated. Security protection systems trying to counteract these intrusions are constantly being improved and updated. Being Android one of the most popular operating systems, it became an intrusion’s methods development target. Developed security solutions constantly monitor their host system and by accessing a set of defined parameters they try to find potentially harmful changes. An important topic when addressing malicious applications detection is the malware identification and characterization. Usually, to separate the normal system behavior from the malicious behavior, security systems employ machine learning or data mining techniques. However, with the constant evolution of malicious applications, such techniques are still far from being capable of completely responding to the market needs. This dissertation aim was to verify if malicious behavior patterns definition is a viable way of addressing this challenge. As part of the proposed research two data mining classification models were built and tested with the collected data, and their performances were compared. the RapidMiner software was used for the proposed model development and testing, and data was collected from the FlowDroid application. To facilitate the understanding of the security potential of the Android framework, research was done on the its architecture, overall structure, and security methods, including its protection mechanisms and breaches. It was also done a study on models threats/attacks’ description, as well as, on the current existing applications for anti-mobile threats, analyzing their strengths and weaknesses.
Com o uso exponencial de telefones para lidar com informações sensíveis, o desenvolvimento de sistemas de intrusão também aumentou. Softwares maliciosos estão constantemente a ser desenvolvidos e as técnicas de intrusão são cada vez mais sofisticadas. Para neutralizar essas intrusões, os sistemas de proteção de segurança precisam constantemente de ser melhorados e atualizados. Sendo o Android um dos sistemas operativos (SO) mais populares, tornou-se também num alvo de desenvolvimento de métodos de intrusão. As soluções de segurança desenvolvidas monitoram constantemente o sistema em que se encontram e acedendo a um o conjunto definido de parâmetros procuram alterações potencialmente prejudiciais. Um tópico importante ao abordar aplicações mal-intencionadas é a identificação e caracterização do malware. Normalmente, para separar o comportamento normal do sistema do comportamento mal-intencionado, os sistemas de segurança empregam técnicas de machine learning ou de data mining. No entanto, com a constante evolução das aplicações maliciosas, tais técnicas ainda estão longe de serem capazes de responder completamente às necessidades do mercado. Esta dissertação teve como objetivo verificar se os padrões de comportamento malicioso são uma forma viável de enfrentar esse desafio. Para responder à pesquisa proposta foram construídos e testados dois modelos de classificação de dados, usando técnicas de data mining, e com os dados recolhidos compararam-se os seus desempenhos. Para o desenvolvimento e teste do modelo proposto foi utilizado o software RapidMiner, e os dados foram recolhidos através do uso da aplicação FlowDroid. Para facilitar a compreensão sobre as potencialidades de segurança da framework do Android, realizou-se uma pesquisa sobre a sua arquitetura, estrutura geral e métodos de segurança, incluindo seus mecanismos de defesa e algumas das suas limitações. Além disso, realizou-se um estudo sobre algumas das atuais aplicações existentes para a defesa contra aplicações maliciosas, analisando os seus pontos fortes e fracos.
23
(9728690), Ayush Maharjan. "Ranking of Android Apps based on Security Evidences." Thesis, 2021.
Abstract:
With the large number of Android apps available in app stores such as Google Play, it has become increasingly challenging to choose among the apps. The users generally select the apps based on the ratings and reviews of other users, or the recommendations from the app store. But it is very important to take the security into consideration while choosing an app with the increasing security and privacy concerns with mobile apps. This thesis proposes different ranking schemes for Android apps based on security apps evaluated from the static code analysis tools that are available. It proposes the ranking schemes based on the categories of evidences reported by the tools, based on the frequency of each category, and based on the severity of each evidence. The evidences are gathered, and rankings are generated based on the theory of Subjective Logic. In addition to these ranking schemes, the tools are themselves evaluated against the Ghera benchmark. Finally, this work proposes two additional schemes to combine the evidences from difference tools to provide a combined ranking.
24
Gunadi, Hendra. "Design and Analysis of Mobile Operating System Security Architecture using Formal Methods." Phd thesis, 2017. http://hdl.handle.net/1885/133821.
Abstract:
The Android operating system (OS) is now used in the majority of
mobile devices.
Hence, Android security is an important issue to handle. In this
work, we tackle
the problem using two separate approaches: directly modifying
Android OS and
developed a framework to provide a guarantee of
non-interference.
Firstly, we present a design and an implementation of a security
policy specifi-
cation language based on metric linear-time temporal logic (MTL)
to specify timing-
dependent security policies. The design of the language is driven
by the problem of
runtime monitoring of applications in mobile devices. A main case
of the study is the
privilege escalation attack in the Android OS, where an
unprivileged app gains ac-
cess to privileged resource or functionalities through indirect
flow. To capture these
attacks, we extend MTL with recursive definitions to express call
chains between
apps. We then show how our language design can be used to specify
policies to
detect privilege escalation under various fine-grained
constraints. We present a new
algorithm for monitoring safety policies written in our
specification language. The
monitor does not need to store the entire history of events
generated by the apps. We
modified the Android OS kernel to allow us to insert our
generated monitors mod-
ularly. We have tested the modified OS (LogicDroid) on an actual
device, and show
that it is effective in detecting policy violations. Furthermore,
LogicDroid is able to
prevent a previously unknown exploit to breach Android security
which allows an
unprivileged application to access certain critical and
privileged functionalities of an
Android phone, such as making phone calls, terminating phone
calls, and sending
SMS, without having to ask any permissions to do so.
Subsequently, we provided a framework to ensure non-interference
properties
of DEX bytecode. Each application in Android runs in an instance
of the Dalvik
virtual machine, which is a register-based virtual machine (VM).
Most applications
for Android are developed using Java, compiled to Java bytecode
and further into
DEX bytecode. Following a methodology that has been developed for
Java byte-
code certification by Barthe et al., we developed a type-based
method for certifying
non-interference property of a DEX program. To this end, we
develop a formal oper-
ational semantics of the Dalvik VM, a type system for DEX
bytecode, and prove the
soundness of the type system with respect to a notion of
non-interference. We have
also formalized the proof of a subset of DEX in Coq for an
additional guarantee that
our proof is correct.
We then study the translation process from Java bytecode to DEX
bytecode, as
implemented in the dx tool in the Android SDK. We show that an
abstracted version
of the translation from Java bytecode to DEX bytecode preserves
the non-interference
property. More precisely, we show that if the Java bytecode is
typable in Barthe
et al.’s type system, then its translation is typable in our
type system.
This result opens up the possibility to leverage existing
bytecode verifiers for Java to certify
non-interference properties of Android bytecode.
25
Vigário, Francisco Dias Pereira Nunes. "Assessing and Addressing the Security of Persistent Data in the Android Operating System." Master's thesis, 2015. http://hdl.handle.net/10400.6/5894.
Abstract:
The widespread adoption of mobile devices and the way users interact with them led to the development
of new ways of implementing, distributing and installing applications, paving the way
for new business models also. Mobile applications can be bought as a single piece of software,
or some of its features, extensions or contents may be the subject of purchases. In many mobile
applications for the Android Operating System (OS), paid items are most of the times delivered
via in-app purchases, a feature that enables a user to make micro-payments within the application
context via Google Play store. The revenue of many developers is obtained by selling
small features after releasing a free or paid version of their application. On the other hand,
the increasing capabilities of mobile devices, along with their personal nature, turns them into
aggregators of private information and interesting targets for attackers. Additionally, control
data stored in the devices may be manipulated to change the flow of programs and potentially
access blocked features or content without paying.
This dissertation is focused on secure data storage problems in mobile devices, particularly on
Android systems. Its main contribution is the quantification of the susceptibility to data manipulation
and exposure of Android applications through an exhaustive study of many applications
downloaded from the official Android store. This study included the construction of two data
sets with a total number of 1542 applications (849 games and 693 common applications) and the
human analyses of each one of them: the applications were first used in a smartphone, then
transfered to a computer with a Linux OS, their data was analyzed and modified (when possible),
the transfered back to the Android environment. The entire procedure takes advantage
of the backup utility provided by the OS and using only freely and readily available tools, and
does not require administrative permissions on the mobile device. proving the feasibility of the
approach.
In the case of the games data set, it was found that at least 1 in each 6 was susceptible to data
manipulation, meaning that it was possible to obtain paid items without any payment. In the
case of the common applications data set, 1 in each 5 was either susceptible to the same data
manipulation problem or were storing sensitive data like passwords and Personal Identification
Numbers (PINs) in plaintext. Vulnerable applications do not include mechanisms to prevent the
data from being eavesdropped or modified, which would be the preferred way of attenuating
the problem. Based on lessons learned, several proposals to solve the problem from a general
perspective are discussed towards the end of the dissertation.A adoção generalizada de dispositivos móveis, e a maneira como os utilizadores interagem com eles, levou ao desenvolvimento de novas formas de execução, distribuição e instalação de aplicações, abrindo também caminho para novos modelos de negócio. As aplicações móveis podem ser compradas como uma única peça de software, ou algumas das suas características, extensões ou conteúdos podem ser também objeto de compra. Em muitas aplicações para o Sistema Operativo Android, os itens pagos são, na maioria das vezes, obtidos através das chamadas compras na aplicação (da expressão in-app purchases), um recurso que permite ao utilizador fazer micro pagamentos no contexto da aplicação via Google Play Store. A receita de muitos programadores é obtida através da venda de pequenos recursos após lançar uma versão gratuita ou paga da sua aplicação. Por outro lado, as capacidades crescentes dos dispositivos móveis, juntamente com a sua natureza pessoal, transforma-os em agregadores de informação privada e alvos interessantes para os atacantes. Além disso, os dados de controlo armazenados nos dispositivos podem ser manipulados para alterar o fluxo de programas e aceder a funcionalidades bloqueadas ou a conteúdo sem pagar. Esta dissertação está focada em problemas de armazenamento seguro de dados em dispositivos móveis, especialmente em sistemas Android. A principal contribuição é a quantificação da suscetibilidade à manipulação e à exposição de dados em aplicações Android através de um exaustivo estudo de muitas aplicações retiradas da loja oficial Android. Este estudo incluiu a construção de dois conjuntos de dados com um total de 1542 aplicações (849 jogos e 693 aplicações comuns) e a análise humana de cada um deles. O método consistia em: utilizar as aplicações num smartphone; transferi-las para um computador com um sistema operativo Linux de seguida; analisar e modificar os seus dados (quando possível); e por fim transferi-las de volta para o ambiente Android. Todo o procedimento aproveita a funcionalidade de backup disponibilizada pelo sistema operativo e usa apenas ferramentas disponíveis livremente, não sendo necessário permissões de administração no dispositivo móvel, comprovando a viabilidade da abordagem. No caso do conjunto de jogos, verificou-se que pelo menos 1 em cada 6 era suscetível à manipulação de dados, o que significa que foi possível obter itens pagos sem qualquer pagamento. No caso do conjunto de aplicações comuns, 1 em cada 5 é suscetível ao mesmo problema de manipulação de dados ou foi possível obter informação armazenada sensível, como palavras-passe e números de identificação pessoal em texto limpo. As aplicações vulneráveis não incluem mecanismos para evitar que os dados sejam vistos ou modificados, o que constituiria a melhor forma de atenuar o problema. Com base no que foi aprendido, várias propostas generalistas para resolver o problema são discutidos no final da dissertação.
26
TUNG, LUN-MING, and 董倫銘. "A Remote Control System for Improving the Mobile Device Security Based on SE Android." Thesis, 2016. http://ndltd.ncl.edu.tw/handle/82144847227033942980.
Abstract:
碩士國立高雄師範大學
軟體工程與管理學系
104
Mobile devices becoming more authoritative and developers of the device are continuously striving to combine the device with human life for the enhancement of user intention. On the other hand, mobile device system security also needs to upgrade in order to protect the privacy of users’ private messages. The purpose of this paper is to use mobile device permission management systems to protect user privacy information from malicious attacks. We introduce the Android Open Source Project (AOSP), extensible security framework “SE Android”. It was developed by Google and National Security Agency (NSA). SE Android provides a security application that supports Android systems of permission management. We modify the application combined with remote server to form remote control software that provides additional support features to Mobile Device Management (MDM).
27
(10732161), Yung Han Yoon. "A FRAMEWORK FOR THE SOFTWARE SECURITY ANALYSIS OF MOBILEPOWER SYSTEMS." Thesis, 2021.
Abstract:
Mobile devices have become increasingly ubiquitous as they serve many important functions in our daily lives. However, there is not much research on remote threats to the battery and power systems of these mobile devices. The consequences of a successful attack on the power system of a mobile device can range from being a general nuisance, financial harm, to loss of life if emergency communications were interrupted. Despite the relative abundance of work on implementing chemical and physical safety systems for battery cells and power systems, remote cyber threats against a mobile battery system have not been as well studied. This work created a framework aimed at auditing the power systems of mobile devices and validated the framework by implementing it in a case study on an Android device. The framework applied software auditing techniques to both the power system and operating system of a mobile device in a case study to discover possible vulnerabilities which could be used to exploit the power system. Lessons learned from the case study are then used to improve, revise, and discuss the limitations of the framework when put in practice. The effectiveness of the proposed framework was discovered to be limited by the availability of appropriate tools to conduct vulnerability assessments.
28
LIN, CHING-CHANG, and 林慶展. "The Wireless Remote Monitoring Home Security and Appliance System in Combination of Android App and Arduino." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/94j534.
Abstract:
碩士逢甲大學
自動控制工程學系
105
Smart mobile devices flourish in the recent years. We need a computer to deal with the program before, but now we can finish the most of all in smart phone or tab-let. It looks like the PC, to install third-party software on the smart mobile devices, it can achieve our goal. For an example, app (application) is a typical mobile software, it makes our mobile being more convenience by the technology advancement and web development. From game playing, vedio calling, file editing, evan nowdays remote monitoring, app has became the trend of the times. Since the development of the IOT (Internet of Things), by using the network propagate technology, information had be applied to all levels. Diverse sensors can not limit to wired device,for examples, bluetooths, WIFI, 3G network…etc. They are all the most efficient way to deliver the message of wireless device. This subject is explaining how to use app system of mo-bile, combined with arduino for monitoring security of remote home. Through the arduino in the central control system integrated with App, and finally controlled the home appliances through the cloud of real-time detection curve. Let make it safe and convenient.
29
Kuo, Hsin-Yi, and 郭心怡. "Using Mobile Peer-to-Peer skills to develop a Security System for Family members on Android." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/61000578827662681633.
Abstract:
碩士淡江大學
資訊工程學系碩士在職專班
98
Technology develops and changes with each passing day rapidly. In such a mobile life with Internet, the new generation has relied on mobile phones tremendously. Hence, a mobile phone will be a more appropriate medium for information communication better than a computer. In view of this, Google Maps and Global Positioning System (GPS) were utilized in this study, plus the property of MP2P on mobile phones, to implement and construct the application of Security System for Family Members based on Android. The software “Security System for Family Members” is an application service program widely feasible for the public. By integrating message transmission mechanisms and GPS, and by utilizing the “Android” launched by Google recently, it has evolved into a diversified application service program. Through such an application service, we can guard our family members, especially the disabled or handicapped ones, by applying this software “Security System for Family Members” to the processes in which the elders are going out or children are going to school and returning home from school, and so on. This software “Security System for Family Members” is able to prevent elders and children from wandering away, and reduce the time spent on looking for missing family members if they get lost. Also, it can prevent the panic situation due to the occurrence of any accident.
30
Yang, Hsing-Chung, and 楊興忠. "A Mobile Security and Surveillance System Based on Android Embedded Platform - A Case Study for Indoor Parking." Thesis, 2015. http://ndltd.ncl.edu.tw/handle/y3c4wb.
Abstract:
碩士國立中正大學
通訊資訊數位學習碩士在職專班
103
In recent years, due to the rapid growth of wireless internet, and the appearance of smart phones and other mobile devices with small size, good efficacy and low cost, the related applications have more advantages and space. In this paper, android smart phones, quadcopters, video streaming was used to design and implement the mobile security and surveillance system with an android embedded system. RTP/RTSP application layer protocols and TCP/UDP protocols are used in Wi-Fi wireless network. The smart phone on the quadcopter provides the live video stream. The security guard can see the remote picture by using the monitoring center computer with VLC player. In the future, the contribution of this paper can be applied to residential buildings and public indoor parks to save the human resources, enhance the reactive processing speed, improve the premise safety and reduce the property losses.
31
(8800973), Kelsey Billups. "New and Emerging Mobile Apps Among Teens - Are Forensic Tools Keeping Up?" Thesis, 2020.
Abstract:
Mobile applications are an important but fast changing piece of the digital forensics’ world. For mobile forensics researchers and field analysts, it is hard to keep up with the pace of the ever-changing world of the newest and most popular applications teens are using. Mobile forensic tools are quickly becoming more and more supportive of new applications, but with how quickly apps are changing and new ones being released, it is still difficult for the tools to keep up. The research question for this project examines to what extent digital forensic tools support new and emerging applications seen recently in investigations involving teenagers? For this research, a survey was conducted asking digital forensic analysts, and others who investigate digital crimes, what applications they are coming across most frequently during investigations involving teens and whether those applications are being supported by forensic tools. The top three applications from the survey that were not supported by mobile forensic tools, Monkey, Houseparty, and Likee were populated onto a test device and then evaluated and analyzed to see what forensic artifacts were found in those applications. The mobile application artifacts were then compared on two different forensic tools to see which tool obtains the most forensic artifacts from the applications. Through the examination and analysis of the applications and data contained within the apps, it was determined that 61% of the populated forensic artifacts were recovered manually and only 45% were recovered by a forensic tool for the Monkey application. 100% of the populated forensic artifacts were recovered manually and only 29% were recovered by a forensic tool for the Houseparty application. 42% of the populated forensic artifacts were recovered manually and only 3% were recovered by a forensic tool for the Likee application. It was found that the extent of support from digital forensic tools for these types of applications depends greatly on how the application stores the artifacts, but the artifact extraction support was limited for all applications. This research benefits in helping researchers and analysts by understanding the data and artifacts contained within the applications, what forensic artifacts are recoverable, and where to find those important artifacts. This research can help in finding important evidence for future investigations.
32
YANG, CHIA-PEI, and 楊家沛. "Security Risks of Communication APP Services and Near Field Communication in Mobile Android Systems." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/8b4zhw.
Abstract:
碩士中央警察大學
資訊管理研究所
107
The rapid advancement of science and technology has made people's lives more convenient. Many of the original complicated procedures have become more simple after the growth of technology and technology. As in the past, the texts and books electronically made the writing, management and carrying of texts easier. In daily life, the "payment" action during shopping can also be done by using electronic wallet or mobile payment, and gradually replace the original banknote transaction. With the maturity of wireless Internet access and the popularity of mobile devices, the development of mobile commerce has made people's economic activities more active. The emergence of smart phones with NFC (Near Field Communication) function is a great tool, and brings convenience for mobile payment. NFC security is also receiving more and more attention. Due to the characteristics of NFC, it can be easily integrated into a large number of devices at a very low cost. However, the advancement brings convenience and risks. The most difficult problem in the highly information age is how to ensure information security. With the rise of communication software, instant messaging has gradually replaced the traditional mode of telephone communication. Although these technological advances have enriched people's lives, they have made these readily available means of communication a hotbed of potential crime. This article will combine the actual situation of the case, using the existing NFC transmission vulnerability, to confirm the feasibility of using NFC transmission function to carry out man-in-the-middle attacks on another mobile vehicle. Combined with the world-famous FB Messenger, the phone after Root is backed up by the Android Debug Bridge (ADB) tool, and after extracting its data, use Cygwin to restore the operational data of the Windows environment, and use SQLite Database Browser. Analysis of information such as chat records within it. Follow-up through the case study, the current NFC security architecture risks, and the preventable methods that can be observed and analyzed.
33
Wang, Liang-Chun, and 王亮鈞. "Enhancing Security Features in Off-the-shelf Operating Systems: A Case Study with The Android Open Source Project." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/w57jt9.
Abstract:
碩士國立交通大學
資訊科學與工程研究所
105
Mobile devices have many function such as surfing the Internet, taking pictures, recording and locating. And can be turned to many functions and features like receiving and sending message, e-mail, GPS, etc. Mobile devices bring users a lot of convenience, but also bring us privacy-sensitive problem. For the full control of the whole mobile, there are many off-the-shelf MDM (Mobile Device Manager) App. Through MDM, we can limit sensitive behaviors of Apps or the whole device for the privacy policy of the corporate. But normal Apps can’t take powerful control of the whole device. So we install MDM client on the device as system App, thus MDM can take advantage of system API. Then we trace the source code of AOSP (Android Open Source Project). And insert some hooks in the points which control the usage of sensitive behavior to make MDM more powerful. After that, we use SELinux on Android to achieve the goal of deeper control of the whole device.
34
Dbouba, Selsabil. "Caractérisation et étude de l’impact des permissions dans les applications mobiles." Thèse, 2017. http://hdl.handle.net/1866/20844.