7,735 research outputs found
SeMA: A Design Methodology for Building Secure Android Apps
UX (user experience) designers visually capture the UX of an app via
storyboards. This method is also used in Android app development to
conceptualize and design apps.
Recently, security has become an integral part of Android app UX because
mobile apps are used to perform critical activities such as banking,
communication, and health. Therefore, securing user information is imperative
in mobile apps.
In this context, storyboarding tools offer limited capabilities to capture
and reason about security requirements of an app. Consequently, security cannot
be baked into the app at design time. Hence, vulnerabilities stemming from
design flaws can often occur in apps. To address this concern, in this paper,
we propose a storyboard based design methodology to enable the specification
and verification of security properties of an Android app at design time.Comment: Updates based on AMobile 2019 review
Mal-Netminer: Malware Classification Approach based on Social Network Analysis of System Call Graph
As the security landscape evolves over time, where thousands of species of
malicious codes are seen every day, antivirus vendors strive to detect and
classify malware families for efficient and effective responses against malware
campaigns. To enrich this effort, and by capitalizing on ideas from the social
network analysis domain, we build a tool that can help classify malware
families using features driven from the graph structure of their system calls.
To achieve that, we first construct a system call graph that consists of system
calls found in the execution of the individual malware families. To explore
distinguishing features of various malware species, we study social network
properties as applied to the call graph, including the degree distribution,
degree centrality, average distance, clustering coefficient, network density,
and component ratio. We utilize features driven from those properties to build
a classifier for malware families. Our experimental results show that
influence-based graph metrics such as the degree centrality are effective for
classifying malware, whereas the general structural metrics of malware are less
effective for classifying malware. Our experiments demonstrate that the
proposed system performs well in detecting and classifying malware families
within each malware class with accuracy greater than 96%.Comment: Mathematical Problems in Engineering, Vol 201
'Yep, I'm Gay': Understanding Agential Identity
What’s important about ‘coming out’? Why do we wear business suits or Star Trek pins? Part of the answer, we think, has to do with what we call agential identity. Social metaphysics has given us tools for understanding what it is to be socially positioned as a member of a particular group and what it means to self-identify with a group. But there is little exploration of the general relationship between self-identity and social position. We take up this exploration, developing an account of agential identity—the self-identities we make available to others. Agential identities are the bridge between what we take ourselves to be and what others take us to be. Understanding agential identity not only fills an important gap in the
literature, but also helps us explain politically important phenomena concerning discrimination, malicious identities, passing, and code-switching. These phenomena, we argue, cannot be understood solely in terms of self-identity or social position
Keeping Context In Mind: Automating Mobile App Access Control with User Interface Inspection
Recent studies observe that app foreground is the most striking component
that influences the access control decisions in mobile platform, as users tend
to deny permission requests lacking visible evidence. However, none of the
existing permission models provides a systematic approach that can
automatically answer the question: Is the resource access indicated by app
foreground? In this work, we present the design, implementation, and evaluation
of COSMOS, a context-aware mediation system that bridges the semantic gap
between foreground interaction and background access, in order to protect
system integrity and user privacy. Specifically, COSMOS learns from a large set
of apps with similar functionalities and user interfaces to construct generic
models that detect the outliers at runtime. It can be further customized to
satisfy specific user privacy preference by continuously evolving with user
decisions. Experiments show that COSMOS achieves both high precision and high
recall in detecting malicious requests. We also demonstrate the effectiveness
of COSMOS in capturing specific user preferences using the decisions collected
from 24 users and illustrate that COSMOS can be easily deployed on smartphones
as a real-time guard with a very low performance overhead.Comment: Accepted for publication in IEEE INFOCOM'201
Recommended from our members
A Static Verification Framework for Secure Peer-to-Peer Applications
In this paper we present a static verification framework to support the design and verification of secure peer-to-peer applications. The framework supports the specification, modeling, and analysis of security aspects together with the general characteristics of the system, during early stages of the development life-cycle. The approach avoids security issues to be taken into consideration as a separate layer that is added to the system as an afterthought by the use of security protocols. The main functionality supported by the framework are concerned with the modeling of the system together with its security aspects by using an extension of UML, modeling of abuse cases to represent scenarios of attackers and assist with the identification of properties to be verified, specification of properties to be verified in a graphical template language, verification of the models against the properties, and visualization of the results of the verification process
- …