896 research outputs found
๊ฐ์ธ์ ๋ณด ๋ณดํธ ์ ์ฑ ๊ณผ ๋ชจ๋ฐ์ผ ์ดํ๋ฆฌ์ผ์ด์ ์ ์ผ๊ด์ฑ ๋ถ์
ํ์๋
ผ๋ฌธ (์์ฌ) -- ์์ธ๋ํ๊ต ๋ํ์ : ๊ณต๊ณผ๋ํ ์ปดํจํฐ๊ณตํ๋ถ, 2021. 2. ๊ถํ๊ฒฝ.๋ชจ๋ฐ์ผ ์ฌ์ฉ์๊ฐ ์ฆ๊ฐํจ์ ๋ฐ๋ผ, ๋ชจ๋ฐ์ผ ์ดํ๋ฆฌ์ผ์ด์
์ ์ฌ์ฉํ๋ ๋์ ๋ฏผ๊ฐํ ๊ฐ์ธ์ ๋ณด๊ฐ ์ ์ถ๋๋ ํ๋ผ์ด๋ฒ์ ๋ฌธ์ ๊ฐ ๋ง์์ก๋ค. ์ด๋ฅผ ํด๊ฒฐํ๊ธฐ ์ํด ๊ตฌ๊ธ ์ฑ์คํ ์ด์์๋ ๊ฐ๋ฐ์๋ค์ด ์ฑ์ด ๋ฐ์ดํฐ๋ฅผ ์ด๋ป๊ฒ ํ์ฉํ๋์ง ๊ฐ์ธ์ ๋ณด ๋ณดํธ ์ ์ฑ
์ ๊ณต๊ฐํ๋๋ก ํ๋ค. ์ฑ ์ ๊ณต์๋ค์ ๋ฒ์ ์ธ ์๊ตฌ์ฌํญ์ ๋ง์กฑํ๊ธฐ ์ํด ๊ฐ์ธ์ ๋ณด ๋ณดํธ ์ ์ฑ
์ ์ฑ์ ํ๋์ ๋ช
์ํ๊ณ ์๋ค. ํ์ง๋ง ๊ฐ์ธ์ ๋ณด ๋ณดํธ ์ ์ฑ
๊ณผ ์ฑ ํ๋์ ์ผ๊ด์ฑ์ ํ์ธํ ์ ์๋ ๊ธฐ์ ์ ์ธ ํด๊ฒฐ์ฑ
์ด ์์ผ๋ฉฐ, ์ฌ์ฉ์๋ ์ฑ์ด ๋ฐ์ดํฐ๋ฅผ ์ด๋ป๊ฒ ํ์ฉํ๋์ง ์๊ธฐ ์ํด ๊ฐ์ธ์ ๋ณด ๋ณดํธ ์ ์ฑ
์ ์์กดํด์ผ๋ง ํ๋ค. ์ด ๋
ผ๋ฌธ์์๋ ์ฑ์ ํตํด ์ฝ๊ฒ ์ ์ถ๋ ์ ์๋ ๊ฐ์ธ์ ๋ณด ๋ชฉ๋ก์ ์ ์ ํ๊ณ ๊ฐ์ธ์ ๋ณด ๋ณดํธ ์ ์ฑ
๊ณผ ์ฑ์ ๋ถ์ํด ๋ฏผ๊ฐํ ์ ๋ณด์ ๊ด๋ จ์๋ ํค์๋ ๋ฐ API๋ฅผ ์ฐพ์ ๊ทธ ๊ฒฐ๊ณผ๋ฅผ ๋น๊ตํ๋ค. ๋ฐ์ดํฐ์
์ผ๋ก ๊ตฌ๊ธ ํ๋ ์ด ์คํ ์ด์ ๋ฑ๋ก๋ 13,223๊ฐ ์ฑ์ ํจํค์ง ํ์ผ๊ณผ ๋ถ๊ฐ์ ๋ณด๋ฅผ ์์งํ๊ณ , ์ด๋ฅผ ์ ์ฒ๋ฆฌํ์ฌ ์คํ ๋์์ด ๋๋ ์ฑ์ ์ ์ ํ๋ค. ์ฐ๋ฆฌ๋ ์คํ ๊ฒฐ๊ณผ๋ฅผ ๋ฐํ์ผ๋ก ๋ชจ๋ฐ์ผ ์ฑ์ด ํ๋ผ์ด๋ฒ์ ๋ณดํธ ์ ์ฑ
์ ๋ช
์๋ ๊ฒ๋ณด๋ค ๋ ๋ง์ ๊ฐ์ธ์ ๋ณด์ ์ ๊ทผํ ์ ์์์ ์
์ฆํ๋ค.With the increase of mobile users, there have been many privacy issues that sensitive and personal data is leaked while using mobile applications. To deal with this problem, Google App Store has required developers to disclose how the app uses data in privacy protection policies. App developers describe all of the app practices in the privacy policy to meet these legal requirements. However, there is no technical solution to verify the consistency between privacy policies and app activities. Users must rely on privacy protection policies to see how the app uses data. In this paper, we select personal data categories that can be easily exposed through the app and analyze privacy policies and apps to find keywords and APIs related to personal data. We collected the APK files and metadata of 13,223 apps registered in Google Play Store as datasets and select the apps for analysis by preprocessing them by four conditions. According to the results, many apps can access more personal data than they disclosed in the privacy policy.Abstract i
Chapter 1 Introduction 1
Chapter 2 Related work 4
2.1 Privacy Policy Analysis 4
2.2 Mobile App Analysis 5
Chapter 3 System Design 6
3.1 Overview 6
3.2 Playstore Crawler 7
3.3 Policy Analyzer 10
3.4 App Analyzer 11
Chapter 4 Result 13
4.1 Dataset 13
4.2 Personal Data Category 14
4.3 Consistency Check 17
4.4 App Genre 20
Chapter 5 Conclusion 23
Bibliography 24
์ด๋ก 29Maste
A Security & Privacy Analysis of US-based Contact Tracing Apps
With the onset of COVID-19, governments worldwide planned to develop and
deploy contact tracing (CT) apps to help speed up the contact tracing process.
However, experts raised concerns about the long-term privacy and security
implications of using these apps. Consequently, several proposals were made to
design privacy-preserving CT apps. To this end, Google and Apple developed the
Google/Apple Exposure Notification (GAEN) framework to help public health
authorities develop privacy-preserving CT apps. In the United States, 26 states
used the GAEN framework to develop their CT apps. In this paper, we empirically
evaluate the US-based GAEN apps to determine 1) the privileges they have, 2) if
the apps comply with their defined privacy policies, and 3) if they contain
known vulnerabilities that can be exploited to compromise privacy. The results
show that all apps violate their stated privacy policy and contain several
known vulnerabilities
Advanced Security Analysis for Emergent Software Platforms
Emergent software ecosystems, boomed by the advent of smartphones and the Internet of Things (IoT) platforms, are perpetually sophisticated, deployed into highly dynamic environments, and facilitating interactions across heterogeneous domains. Accordingly, assessing the security thereof is a pressing need, yet requires high levels of scalability and reliability to handle the dynamism involved in such volatile ecosystems.
This dissertation seeks to enhance conventional security detection methods to cope with the emergent features of contemporary software ecosystems. In particular, it analyzes the security of Android and IoT ecosystems by developing rigorous vulnerability detection methods. A critical aspect of this work is the focus on detecting vulnerable and unsafe interactions between applications that share common components and devices. Contributions of this work include novel insights and methods for: (1) detecting vulnerable interactions between Android applications that leverage dynamic loading features for concealing the interactions; (2) identifying unsafe interactions between smart home applications by considering physical and cyber channels; (3) detecting malicious IoT applications that are developed to target numerous IoT devices; (4) detecting insecure patterns of emergent security APIs that are reused from open-source software. In all of the four research thrusts, we present thorough security analysis and extensive evaluations based on real-world applications. Our results demonstrate that the proposed detection mechanisms can efficiently and effectively detect vulnerabilities in contemporary software platforms.
Advisers: Hamid Bagheri and Qiben Ya
- โฆ