98 research outputs found
Eight years of rider measurement in the Android malware ecosystem: evolution and lessons learned
Despite the growing threat posed by Android malware,
the research community is still lacking a comprehensive
view of common behaviors and trends exposed by malware families
active on the platform. Without such view, the researchers
incur the risk of developing systems that only detect outdated
threats, missing the most recent ones. In this paper, we conduct
the largest measurement of Android malware behavior to date,
analyzing over 1.2 million malware samples that belong to 1.2K
families over a period of eight years (from 2010 to 2017). We
aim at understanding how the behavior of Android malware
has evolved over time, focusing on repackaging malware. In
this type of threats different innocuous apps are piggybacked
with a malicious payload (rider), allowing inexpensive malware
manufacturing.
One of the main challenges posed when studying repackaged
malware is slicing the app to split benign components apart from
the malicious ones. To address this problem, we use differential
analysis to isolate software components that are irrelevant to the
campaign and study the behavior of malicious riders alone. Our
analysis framework relies on collective repositories and recent
advances on the systematization of intelligence extracted from
multiple anti-virus vendors. We find that since its infancy in
2010, the Android malware ecosystem has changed significantly,
both in the type of malicious activity performed by the malicious
samples and in the level of obfuscation used by malware to avoid
detection. We then show that our framework can aid analysts
who attempt to study unknown malware families. Finally, we
discuss what our findings mean for Android malware detection
research, highlighting areas that need further attention by the
research community.Accepted manuscrip
Security analysis and exploitation of arduino devices in the internet of things
The pervasive presence of interconnected objects enables new communication paradigms where devices can easily reach each other while interacting within their environment. The so-called Internet of Things (IoT) represents the integration of several computing and communications systems aiming at facilitating the interaction between these devices. Arduino is one of the most popular platforms used to prototype new IoT devices due to its open, flexible and easy-to-use architecture. Ardunio Yun is a dual board microcontroller that supports a Linux distribution and it is currently one of the most versatile and powerful Arduino systems. This feature positions Arduino Yun as a popular platform for developers, but it also introduces unique infection vectors from the security viewpoint. In this work, we present a security analysis of Arduino Yun. We show that Arduino Yun is vulnerable to a number of attacks and we implement a proof of concept capable of exploiting some of them
Compartmentation policies for Android apps:A combinatorial optimization approach
Some smartphone platforms such as Android have a distinctive message passing system that allows for sophisticated interactions among app components, both within and across app boundaries. This gives rise to various security and privacy risks, including not only intentional collusion attacks via permission re-delegation but also inadvertent disclosure of information and service misuse through confused deputy attacks. In this paper, we revisit the perils of app coexistence in the same platform and propose a risk mitigation mechanism based on segregating apps into isolated groups following classical security compartmentation principles. Compartments can be implemented using lightweight approaches such as Inter-Component Communication (ICC) firewalling or through virtualization, effectively fencing off each group of apps. We then leverage recent works on quantified risk metrics for Android apps to couch compartmentation as a combinatorial optimization problem akin to the classical bin packing or knapsack problems. We study a number of simple yet effective numerical optimization heuristics, showing that very good compartmentation solutions can be obtained for the problem sizes expected in current’s mobile environments
Smart Home Personal Assistants: A Security and Privacy Review
Smart Home Personal Assistants (SPA) are an emerging innovation that is
changing the way in which home users interact with the technology. However,
there are a number of elements that expose these systems to various risks: i)
the open nature of the voice channel they use, ii) the complexity of their
architecture, iii) the AI features they rely on, and iv) their use of a
wide-range of underlying technologies. This paper presents an in-depth review
of the security and privacy issues in SPA, categorizing the most important
attack vectors and their countermeasures. Based on this, we discuss open
research challenges that can help steer the community to tackle and address
current security and privacy issues in SPA. One of our key findings is that
even though the attack surface of SPA is conspicuously broad and there has been
a significant amount of recent research efforts in this area, research has so
far focused on a small part of the attack surface, particularly on issues
related to the interaction between the user and the SPA devices. We also point
out that further research is needed to tackle issues related to authorization,
speech recognition or profiling, to name a few. To the best of our knowledge,
this is the first article to conduct such a comprehensive review and
characterization of the security and privacy issues and countermeasures of SPA.Comment: Accepted for publication in ACM Computing Survey
Lady and the Tramp Nextdoor: Online Manifestations of Real-World Inequalities in the Nextdoor Social Network
From health to education, income impacts a huge range of life choices. Many
papers have leveraged data from online social networks to study precisely this.
In this paper, we ask the opposite question: do different levels of income
result in different online behaviors? We demonstrate it does. We present the
first large-scale study of Nextdoor, a popular location-based social network.
We collect 2.6 Million posts from 64,283 neighborhoods in the United States and
3,325 neighborhoods in the United Kingdom, to examine whether online discourse
reflects the income and income inequality of a neighborhood. We show that posts
from neighborhoods with different income indeed differ, e.g. richer
neighborhoods have a more positive sentiment and discuss crimes more, even
though their actual crime rates are much lower. We then show that
user-generated content can predict both income and inequality. We train
multiple machine learning models and predict both income (R-Square=0.841) and
inequality (R-Square=0.77)
Las obligaciones naturales en derecho comparado y en derecho español
Tesis inĂ©dita de la Universidad Complutense de Madrid, Facultad de Derecho, leĂda en 1975.ProQuestFac. de DerechoTRUEpu
Hindering data theft with encrypted data trees
Data theft is a major threat for modern organizations with potentially large economic consequences. Although these attacks may well originate outside an organization’s information systems, the attacker—or else an insider—must even-tually make contact with the system where the information resides and extract it. In this work, we propose a scheme that hinders unauthorized data extraction by modifying the basic file system primitives used to access files. Intuitively, our proposal emulates the chains used to protect valuable items in certain clothing shopping centers, where shoplifting is prevented by forcing the thief to steal the whole rack of items. We achieve this by encrypting sensitive files using nonces (i.e., pseudorandom numbers used only once) as keys. Such nonces are available, also in encrypted form, in other objects of the file system. The system globally resembles a distributed Merkle hash tree, in such a way that getting access to a file requires previous access to a number of other files. This forces any potential attacker to extract not only the targeted sensitive information, but also all the files chained to it that are necessary to compute the associated key. Further-more, our scheme incorporates a probabilistic rekeying mechanism to limit the damage that might be caused by patient extractors. We report experimental results measuring the time overhead introduced by our proposal and compare it with the effort an attacker would need to successfully extract information from the system. Our results show that the scheme increases substantially the effort required by an insider, while the introduced overhead is feasible for standard computing platforms
Detecting Targeted Smartphone Malware with Behavior-Triggering Stochastic Models
none4sinoneGuillermo Suarez-Tangil; Mauro Conti; Juan E. Tapiador; and Pedro Peris-LopezGuillermo Suarez, Tangil; Conti, Mauro; Juan E., Tapiador; Pedro Peris, Lope
- …