An investigation into the security behaviour of tertiary students regarding mobile device security

The use of mobile devices is becoming more popular by the day. With all the different features that the smart mobile devices possess, it is starting to replace personal computers both for personal use and business use. There are also more attacks concerning security on mobile devices because of their increased usage and the security measures not as effective and well-known as on personal computers. The perceived perception is that the young adult population does not act safely and they have a low level of technical advanced knowledge when using their mobile devices. Mobile users are largely responsible to protect themselves and other users from a security viewpoint. This paper reports on a study including a survey done regarding the behaviour of tertiary students concerning security of their mobile devices. Aspects of mobile device security will be discussed and the current status of tertiary students’ behaviour regarding mobile device security will be presented resulting from a survey conducted at a South African University. Findings indicate that tertiary students have diverse behaviour levels concerning mobile device security. The value of these results is that we can focus on specific content when educating smart device users on the subject of security including avoidance of risky or unsafe behaviour. Recommendations in this regard are presented in this paper

Smart and Secure? Millennials on Mobile Devices

Millennials, members of the Generation Y are constantly connected to their social circles online, they are the founders of the social media movement. These young consumers count as the largest segment of smartphone owners in most regions of the world. In fact, smartphones have become one of the most important possessions of this highly technology savvy generation. However, the advanced and widespread use of mobile devices often does not meet with the required security consciousness. People who have grown up with internet, are more likely to share personal and sensitive corporate information online by using the same device for both work and private applications, accessing free Wi-Fi networks or borrowing other devices without the appropriate protection. This work examines the crucial smartphone security risks that users face with the new technology. It aims to investigate how their practices and behaviours can pose security risks on their smartphones usage. Security practices and awareness can be improved by increasing users’ knowledge. To accomplish this, education on technology is needed

Transparent Privacy Control via Static Information Flow Analysis

Abstract A common problem faced by modern mobile-device platforms is that thirdparty applications in the marketplace may leak private information without notifying users. Existing approaches adopted by these platforms provide little information on what applications will do with the private information, failing to effectively assist users in deciding whether to install applications and in controlling their privacy. To address this problem, we propose a transparent privacy control approach, where an automatic static analysis reveals to the user how private information is used inside an application. This flow information provides users with better insights, enabling them to determine when to use anonymized instead of real information, or to force script termination when scripts access private information. To further reduce the user burden in controlling privacy, our approach provides a default setting based on an extended information flow analysis that tracks whether private information is obscured before escaping through output channels. We built our approach into TouchDevelop, a novel application-creation environment that allows users to write application scripts on mobile devices, share them in a web bazaar, and install scripts published by other users. To evaluate our approach, we plan to study a portion of published scripts in order to evaluate the effectiveness and performance of information flow analysis. We also plan to carry out a user survey to evaluate the usability of our privacy control and guide our future design

Automated Analysis of Freeware Installers Promoted by Download Portals

Abstract We present an analysis system for studying Windows application installers. The analysis system is fully automated from installer download to execution and data collection. The system emulates the behavior of a lazy user who wants to finish the installation dialogs with the default options and with as few clicks as possible. The UI automation makes use of image recognition techniques and heuristics. During the installation, the system collects data about the system modification and network access. The analysis system is scalable and can run on bare-metal hosts as well as in a data center. We use the system to analyze 792 freeware application installers obtained from popular download portals. In particular, we measure how many of them drop potentially unwanted programs (PUP) such as browser plugins or make other unwanted system modifications. We discover that most installers that download executable files over the network are vulnerable to man-in-the-middle attacks. We also find, that while popular download portals are not used for blatant malware distribution, nearly 10% of the analyzed installers come with a third-party browser or a browser extension.Peer reviewe

Usability of the Access Control System for OpenLDAP

This thesis addresses the usability of the Access Control System of OpenLDAP. OpenLDAP is a open source implementation of the Lightweight Directory Access Protocol (LDAP), which is a protocol that communicates with a directory service. A directory service is a database that stores information about network resources, such as files, printers and users. An access control system is the mechanism that mediates access, for example, read or write, to a resource by a user. The access control system makes these decisions based on an access control policy which states who should have access to what. We hypothesize that the access control system of OpenLDAP has poor usability. By usability, in this context, we mean how easy it is for a systems administrator to encode a high-level, informally expressed, enterprise security policy as an access control policy in syntax that OpenLDAP expects. We discuss the design and carrying out of a human-subject study to validate this hypothesis. The study consist of presenting a high-level policy to the participants and asking them to translate it into an OpenLDAP policy. The study has been approved by the University of Waterloo’s office of research ethics. We have carried out the study with a total of 54 users. We present the results from analyzing the data we collected from the study. We observe that our hypothesis is validated in that only few (20%) people were able to express a high-level policy as a correct OpenLDAP policy. There is a low correlation between self reported correctness and actual correctness which suggest that people are not aware if they made any mistake in their submission. The main source of error comes from confusion about the OpenLDAP syntax and how precedence rule works