ARCHITECTURE SECURITY PRINCIPLES OF THE ANDROID APPLICATIONS-BASED INFORMATION SYSTEM

Abstract

In this article common attack vectors on the information systems, which are based on the Android client applications, are observed, analyzed and compared. The purpose of this analysis consists in creating the theoretical base for development the practical principles of securing the architecture level of such systems. To accomplish the aims set, there was conducted the categorization of attacks and vulnerabilities specific to the Android information infrastructure and environment. There were also conducted analysis of Android application functional components and typical underlying infrastructure which have possible impact on a system security. Available data about the widespread vulnerabilities of the described elements was analyzed in context of possible exploitation. Based on the Android application usage model there were figured out several adversary models and attack vectors related to the researched information system type. Developed adversary models were formed with a focus on technical possibilities and threat abstraction. Mentioned vectors can be used by an attacker to violate the confidentiality and integrity of critical information in the system. The carried out research was used to form the characteristic comparison of the mentioned vectors and adversary models to evaluate the attack surface on the different parts of information system represented as attack vectors. As a result, we have developed the theoretical principles for securing the architecture of Android applications-driven information systems. Achieved results can be used to form the threat and adversary model, create practical recommendations for the information risk reducing practices in Android-applications driven information systems and to develop the technical requirements for security testing and development.