LibiD: Reliable identification of obfuscated third-party android libraries

Third-party libraries are vital components of Android apps, yet they can also introduce serious security threats and impede the accuracy and reliability of app analysis tasks, such as app clone detection. Several library detection approaches have been proposed to address these problems. However, we show these techniques are not robust against popular code obfuscators, such as ProGuard, which is now used in nearly half of all apps. We then present LibID, a library detection tool that is more resilient to code shrinking and package modification than state-of-the-art tools. We show that the library identification problem can be formulated using binary integer programming models. LibID is able to identify specific versions of third-party libraries in candidate apps through static analysis of app binaries coupled with a database of third-party libraries. We propose a novel approach to generate synthetic apps to tune the detection thresholds. Then, we use F-Droid apps as the ground truth to evaluate LibID under different obfuscation settings, which shows that LibID is more robust to code obfuscators than state-of-the-art tools. Finally, we demonstrate the utility of LibID by detecting the use of a vulnerable version of the OkHttp library in nearly 10% of 3,958 most popular apps on the Google Play Store.The Boeing Company, China Scholarship Council, Microsoft Researc

Creating a Standardized Risk Assessment Framework Library for Healthcare Information Technology

Data breaches are occurring at an unprecedented rate. In February 2019 alone, over a million individuals were reported to the United States government as having been involved in a breach of their medical data by healthcare entities. Although many organizations have some policies, procedures and risk management components in place, few (if any) organizations are centrally connecting legal requirements, penetration tests, policies and procedures into a standardized and consistent methodology for further analysis and auditing. This research produces a new open source risk management standardized library coordinating the aforementioned risk management components. The new library is applied to an open source vulnerable web-application example to emphasize the benefits from the adoption of such a public standardized risk assessment library

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse

Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study a specific type of domain squatting called "combosquatting," in which attackers register domains that combine a popular trademark with one or more phrases (e.g., betterfacebook[.]com, youtube-live[.]com). We perform the first large-scale, empirical study of combosquatting by analyzing more than 468 billion DNS records---collected from passive and active DNS data sources over almost six years. We find that almost 60% of abusive combosquatting domains live for more than 1,000 days, and even worse, we observe increased activity associated with combosquatting year over year. Moreover, we show that combosquatting is used to perform a spectrum of different types of abuse including phishing, social engineering, affiliate abuse, trademark abuse, and even advanced persistent threats. Our results suggest that combosquatting is a real problem that requires increased scrutiny by the security community.Comment: ACM CCS 1

Adaptive Web Portal

Bakalářská práce byla vypracována na studijním pobytu na "Universidade de Trás-os-Montes e Alto Douro, Vila Real, Portugalsko (UTAD)", a je zpracována v angličtině. Práce se zabývá dvěma hlavními tématy. V prvním zkoumáme možnosti nabízení obsahu portálu jeho navštěvníkům. Nabízení je založeno na modelování chování uživatele portálu a na systému hierarchického nabízení obsahu. Druhé téma se zabývá šířením obsahu webu do sociálních sítí a poskytováním dat a funkcionality webu aplikacím třetí strany pomocí aplikačního programového rozhraní. První kapitoly popisují použité technologie, protokoly a bezpečnostní zranitelnosti webu. Další kapitoly jsou věnované návrhu aplikace a její následné implementaci. Práce je součástí projektu na univerzitě UTAD a funkce v tomto projektu je definována v úvodu technické zprávy.This Bachelor's Thesis was performed during a study stay at the Universidade de Trás-os-Montes e Alto Douro, Vila Real, Portugal. The Thesis deals with two main topics. The first topic studies possibilities of content offering to a particular user. Content offering is built on the model of portal user behavior and hierarchical system of content offering. The second topic deals with content propagation to the social networks and way how to provide data and web functionality to a third party application throught the application programming interface. The first chapters of technical report describe used technologies, protocols and web security vulnerabilities. Other chapters are devoted to the application design and subsequent implementation. This Thesis is a part of the project at the Universidade de Trás-os-Montes e Alto Douro. Functionality of the Thesis in this project is described in the introduction of technical report.