AndroShield:automated Android applications vulnerability detection, a hybrid static and dynamic analysis approach

The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution

Data Leak Detection As a Service: Challenges and Solutions

We describe a network-based data-leak detection (DLD) technique, the main feature of which is that the detection does not require the data owner to reveal the content of the sensitive data. Instead, only a small amount of specialized digests are needed. Our technique – referred to as the fuzzy fingerprint – can be used to detect accidental data leaks due to human errors or application flaws. The privacy-preserving feature of our algorithms minimizes the exposure of sensitive data and enables the data owner to safely delegate the detection to others.We describe how cloud providers can offer their customers data-leak detection as an add-on service with strong privacy guarantees. We perform extensive experimental evaluation on the privacy, efficiency, accuracy and noise tolerance of our techniques. Our evaluation results under various data-leak scenarios and setups show that our method can support accurate detection with very small number of false alarms, even when the presentation of the data has been transformed. It also indicates that the detection accuracy does not degrade when partial digests are used. We further provide a quantifiable method to measure the privacy guarantee offered by our fuzzy fingerprint framework

Hydrogen leak detection in the Space Shuttle

This study focuses on a helium gas jet flowing into room air. Measurements of helium concentration and velocity in the jet-air mixture are reported. The objective is to learn about jet characteristics so that dynamically similar hydrogen leaks may be located in the Space Shuttle. The hazardous gas detection system (HGDS) in the mobile launch pad uses mass spectrometers to monitor the shuttle environment for leaks. The mass spectrometers are fed by long sample tubes which draw gas from the payload bay, mid body, aft engine compartment and external tank. The overall purpose of this study is to improve the HGDS especially in its potential for locating hydrogen leaks. A rapid-response leak detection experiment was designed, built, and tested, following on the work done in this program last summer. The apparatus included a Perkin Elmer MGA-1200 mass spectrometer and air velocity transducer, both monitored by a Macintosh IIFX computer using LabVIEW software. A jet of helium flowing into the lab air simulated a gas leak. Steady helium or hydrogen-nitrogen jets were logged for concentration and velocity, and the power spectral density of each was computed. Last year, large eddies and vortices were visually seen with Schlieren imaging, and they were detected in the time plots of the various instruments. The response time of the MGA-1200 was found in the range of 0.05 to 0.1 sec. Pulsed concentration waves were clearly detected at 25 cycles per sec by spectral analysis of MGA data. No peaks were detected in the power spectrum, so in the present study, 10 Hz bandwidth-averaged power levels were examined at regular frequency intervals. The practical consequences of last year's study are as follows: sampling frequency should be increased above the present rate of 1 sample per second so that transients could be observed and analyzed with frequency response methods. Many more experiments and conditions were observed in this second summer, including the effects of orifice diameter, jet velocity, sample tube design, radial effects, vertical flow, and low hydrogen concentrations (1 percent). A frequent observation was that the power spectrum, calculated from the Fourier transform of concentration fluctuations, gives a separate piece of information from concentration. Many of the tests suggest that power is high where mixing occurs at the helium-air interface. This fact is apparently independent of the concentration level, which could be high or low, but depends on the sample location relative to the jet (leak) origin, whereas high concentration may be due to a strong leak far away or a small leak close to the sample tube. If the power is low for any concentration level, this would signify helium is arriving at the sample tube by diffusion, not chaotic mixing caused by the jet interaction with air. The practical result is to propose a modification of the HGDL mass spectrometer data sampling and software so that sampling rates could be capable of observing at least 25 Hz fluctuations

A Survey: Data Leakage Detection Techniques

Data is an important property of various organizations and it is intellectual property of organization. Every organization includes sensitive data as customer information, financial data, data of patient, personal credit card data and other information based on the kinds of management, institute or industry. For the areas like this, leakage of information is the crucial problem that the organization has to face, that poses high cost if information leakage is done. All the more definitely, information leakage is characterize as the intentional exposure of individual or any sort of information to unapproved outsiders. When the important information is goes to unapproved hands or moves towards unauthorized destination. This will prompts the direct and indirect loss of particular industry in terms of cost and time. The information leakage is outcomes in vulnerability or its modification. So information can be protected by the outsider leakages. To solve this issue there must be an efficient and effective system to avoid and protect authorized information. From not so long many methods have been implemented to solve same type of problems that are analyzed here in this survey.  This paper analyzes little latest techniques and proposed novel Sampling algorithm based data leakage detection techniques