发布求助
文献互助 智能选刊 最新文献

Security and Privacy in Smartphones and Mobile Devices最新文献

筛选
英文 中文
Fingerprint attack against touch-enabled devices 针对触控设备的指纹攻击
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2012-10-19 DOI: 10.1145/2381934.2381947
Yang Zhang, Peng Xia, Junzhou Luo, Z. Ling, Benyuan Liu, Xinwen Fu
{"title":"Fingerprint attack against touch-enabled devices","authors":"Yang Zhang, Peng Xia, Junzhou Luo, Z. Ling, Benyuan Liu, Xinwen Fu","doi":"10.1145/2381934.2381947","DOIUrl":"https://doi.org/10.1145/2381934.2381947","url":null,"abstract":"Oily residues left by tapping fingers on a touch screen may breach user privacy. In this paper, we introduce the fingerprint attack against touch-enabled devices. We dust the touch screen surface to reveal fingerprints, and use an iPhone camera to carefully photograph fingerprints while striving to remove the virtual image of the phone from the fingerprint image. We then sharpen the fingerprints in an image via various image processing techniques and design effective algorithms to automatically map fingerprints to a keypad in order to infer tapped passwords. Extensive experiments were conducted on iPad, iPhone and Android phone and the results show that the fingerprint attack is effective and efficient in inferring passwords from fingerprint images. To the best of our knowledge, we are the first using fingerprint powder on touch screen and inferring passwords from fingerprints. Video at http://www.youtube.com/watch?v=vRUbJIcV9vg shows the dusting process on iPhone and video at http://www.youtube.com/watch?v=6jS6KroER3Y shows the dusting process on iPad. After dusting, password characters for login are clearly disclosed.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115412908","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 74
Understanding and improving app installation security mechanisms through empirical analysis of android 通过对android的实证分析,了解并改进应用安装安全机制
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2012-10-19 DOI: 10.1145/2381934.2381949
David Barrera, Jeremy Clark, D. McCarney, P. V. Oorschot
{"title":"Understanding and improving app installation security mechanisms through empirical analysis of android","authors":"David Barrera, Jeremy Clark, D. McCarney, P. V. Oorschot","doi":"10.1145/2381934.2381949","DOIUrl":"https://doi.org/10.1145/2381934.2381949","url":null,"abstract":"We provide a detailed analysis of two largely unexplored aspects of the security decisions made by the Android operating system during the app installation process: update integrity and UID assignment. To inform our analysis, we collect a dataset of Android application metadata and extract features from these binaries to gain a better understanding of how developers interact with the security mechanisms invoked during installation. Using the dataset, we find empirical evidence that Android's current signing architecture does not encourage best security practices. We also find that limitations of Android's UID sharing method force developers to write custom code rather than rely on OS-level mechanisms for secure data transfer between apps. As a result of our analysis, we recommend incrementally deployable improvements, including a novel UID sharing mechanism with applicability to signature-level permissions. We additionally discuss mitigation options for a security bug in Google's Play store, which allows apps to transparently obtain more privileges than those requested in the manifest.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115238763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 69
Short paper: rethinking permissions for mobile web apps: barriers and the road ahead 简而言之:重新思考移动网络应用的许可:障碍和前进的道路
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2012-10-19 DOI: 10.1145/2381934.2381939
Chaitrali Amrutkar, Patrick Traynor
{"title":"Short paper: rethinking permissions for mobile web apps: barriers and the road ahead","authors":"Chaitrali Amrutkar, Patrick Traynor","doi":"10.1145/2381934.2381939","DOIUrl":"https://doi.org/10.1145/2381934.2381939","url":null,"abstract":"The distinction between mobile applications built for specific platforms and that run in mobile browsers is increasingly being blurred. As HTML5 becomes universally deployed and mobile web apps directly take advantage of device features such as the camera, microphone and geolocation information, this difference will vanish almost entirely. In spite of this increasing similarity, the permission systems protecting mobile device resources for native1 and web apps are dramatically different. In this position paper, we argue that the increasing indistinguishability between such apps coupled with the dynamic nature of mobile web apps calls for reconsidering the current permission model for mobile web apps. We first discuss factors associated with securing mobile web apps in comparison to traditional apps. We then propose a mechanism that presents a holistic view of the permissions required by a web app and provides a simple, single-stop permission management process. We then briefly discuss issues surrounding the use and deployment of this technique. In so doing, we argue that in the absence of an in-cloud security model for mobile web apps, client side defenses are limited. Our model can provide users with a better chance of making informed security decisions and may also aid researchers in assessing security of mobile web apps.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125213343","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Windows phone 8 security Windows phone 8安全
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2012-10-19 DOI: 10.1145/2381934.2381936
Geir Olsen
{"title":"Windows phone 8 security","authors":"Geir Olsen","doi":"10.1145/2381934.2381936","DOIUrl":"https://doi.org/10.1145/2381934.2381936","url":null,"abstract":"The Windows Phone security model is designed from the ground up to build upon a decade of Microsoft's experience with digital security. In its first release, it establishes a foundation which supports a core set of promises for consumers & developers, spanning privacy, safety, and profitability. This talk will go deep on the key challenges that the security model tackles, & how its provisions work together in practice to enable trustworthy mobile computing. Along the way, the talk will touch on a variety of upcoming investments in the platform security roadmap for Windows Phone.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"123 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114305470","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Short paper: enhancing users' comprehension of android permissions 短文:增强用户对android权限的理解
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2012-10-19 DOI: 10.1145/2381934.2381940
Liu Yang, Nader Boushehrinejadmoradi, P. Roy, V. Ganapathy, L. Iftode
{"title":"Short paper: enhancing users' comprehension of android permissions","authors":"Liu Yang, Nader Boushehrinejadmoradi, P. Roy, V. Ganapathy, L. Iftode","doi":"10.1145/2381934.2381940","DOIUrl":"https://doi.org/10.1145/2381934.2381940","url":null,"abstract":"Android adopts a permission-based model to protect user's data and system resources. An application needs to explicitly request user's approval of the required permissions at the installation time. The utility of the permission model depends critically on end users' ability to comprehend them. However, a recent study has shown that Android users have poor comprehension on permissions.\u0000 In this paper, we propose to help Android users better understand application permissions through crowdsourcing. In our approach, collections of users of the same application use our tool to help each other on permission understanding by sharing their permission reviews. We demonstrate the feasibility of our approach by implementing a proof-of-concept of our design, which can provide meaningful clues to users on what purposes a permission serves in an application. Our case study shows that the tool can provide helpful information of permission usage. It also exposes the limitations of the current implementation, and the challenges need to be addressed in our next step.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"311 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114025725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications SmartDroid:一种在android应用程序中显示基于ui的触发条件的自动系统
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2012-10-19 DOI: 10.1145/2381934.2381950
Cong Zheng, Shixiong Zhu, Shuaifu Dai, G. Gu, Xiaorui Gong, Xinhui Han, Wei Zou
{"title":"SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications","authors":"Cong Zheng, Shixiong Zhu, Shuaifu Dai, G. Gu, Xiaorui Gong, Xinhui Han, Wei Zou","doi":"10.1145/2381934.2381950","DOIUrl":"https://doi.org/10.1145/2381934.2381950","url":null,"abstract":"User interface (UI) interactions are essential to Android applications, as many Activities require UI interactions to be triggered. This kind of UI interactions could also help malicious apps to hide their sensitive behaviors (e.g., sending SMS or getting the user's device ID) from being detected by dynamic analysis tools such as TaintDroid, because simply running the app, but without proper UI interactions, will not lead to the exposure of sensitive behaviors. In this paper we focus on the challenging task of triggering a certain behavior through automated UI interactions. In particular, we propose a hybrid static and dynamic analysis method to reveal UI-based trigger conditions in Android applications. Our method first uses static analysis to extract expected activity switch paths by analyzing both Activity and Function Call Graphs, and then uses dynamic analysis to traverse each UI elements and explore the UI interaction paths towards the sensitive APIs. We implement a prototype system SmartDroid and show that it can automatically and efficiently detect the UI-based trigger conditions required to expose the sensitive behavior of several Android malwares, which otherwise cannot be detected with existing techniques such as TaintDroid.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131556621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 264
L4Android: a generic operating system framework for secure smartphones android:用于安全智能手机的通用操作系统框架
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2011-10-17 DOI: 10.1145/2046614.2046623
Matthias Lange, Steffen Liebergeld, A. Lackorzynski, Alexander Warg, M. Peter
{"title":"L4Android: a generic operating system framework for secure smartphones","authors":"Matthias Lange, Steffen Liebergeld, A. Lackorzynski, Alexander Warg, M. Peter","doi":"10.1145/2046614.2046623","DOIUrl":"https://doi.org/10.1145/2046614.2046623","url":null,"abstract":"Smartphones became many people's primary means of communication. Emerging applications such as Near Field Communication require new levels of security that cannot be enforced by current smartphone operating systems. Therefore vendors resort to hardware extensions that have limitations in flexibility and increase the bill of materials. In this work we present a generic operating system framework that does away with the need for such hardware extensions. We encapsulate the original smartphone operating system in a virtual machine. Our framework allows for highly secure applications to run side-by-side with the virtual machine. It is based on a state-of-the-art microkernel that ensures isolation between the virtual machine and secure applications. We evaluate our framework by sketching how it can be used to solve four problems in current smartphone security.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114311173","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 152
The network as a mobility security platform 将网络作为移动安全平台
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2011-10-17 DOI: 10.1145/2046614.2046616
G. Reyes
{"title":"The network as a mobility security platform","authors":"G. Reyes","doi":"10.1145/2046614.2046616","DOIUrl":"https://doi.org/10.1145/2046614.2046616","url":null,"abstract":"The network can be a powerful platform at the core of an advanced mobility security architecture. There are several unique benefits of using the network to provide security. Virtually all traffic - good and bad - traverses the network. Also, the network sees traffic from many places and can correlate data to find problems. The network has unlimited battery and processing power, is independent of end devices, and cannot easily be circumvented (as can software on devices).\u0000 AT&T is investing significant research resources in order to realize the vision of the network as a mobility security platform. Project Marconi is instrumenting the mobility network to be able to detect and act upon malicious traffic. Project Saturn / Smart Mobile Computing will provide a more secure environment for mobile devices that today can bypass the protection of a security perimeter. And, a new host-assisted, network-based architecture will enable fine grained detection, mitigation, and recovery on mobile devices. Current research challenges include determining the theoretical subset of attacks that can be detected in the network, and defining algorithms to do this at an extreme scale in near real time.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122395202","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors 在商业移动设备上交付安全应用程序:裸机管理程序的案例
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2011-10-17 DOI: 10.1145/2046614.2046622
Kevin Gudeth, Matthew Pirretti, Katrin Hoeper, Ron Buskey
{"title":"Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors","authors":"Kevin Gudeth, Matthew Pirretti, Katrin Hoeper, Ron Buskey","doi":"10.1145/2046614.2046622","DOIUrl":"https://doi.org/10.1145/2046614.2046622","url":null,"abstract":"A problem faced by security sensitive mobile applications is assurance of correct execution on a commercial device. Prior approaches typically address this problem by assuming a trusted operating system (OS) as part of their trusted computing base (TCB). However, the vast amount of privileged code running in a typical mobile OS makes the presence of system vulnerabilities inevitable. As an alternative, we recommend the use of a bare metal hypervisor, which typically consists of orders of magnitude fewer lines of code than a full OS. This makes formal verification practical. Thus bare metal hypervisors are much more suitable for the basis of a TCB. We shall present a bare metal hypervisor-based architecture that enables trusted apps on mobile devices to be protected despite: OS compromise, malicious applications, and the inability of the end user to distinguish between trusted and untrusted apps.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"142 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127675229","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Securing electronic medical records using attribute-based encryption on mobile devices 在移动设备上使用基于属性的加密保护电子医疗记录
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2011-10-17 DOI: 10.1145/2046614.2046628
Joseph A. Akinyele, M. Pagano, M. Green, Christoph U. Lehmann, Zachary N. J. Peterson, A. Rubin
{"title":"Securing electronic medical records using attribute-based encryption on mobile devices","authors":"Joseph A. Akinyele, M. Pagano, M. Green, Christoph U. Lehmann, Zachary N. J. Peterson, A. Rubin","doi":"10.1145/2046614.2046628","DOIUrl":"https://doi.org/10.1145/2046614.2046628","url":null,"abstract":"We provide a design and implementation of self-protecting electronic medical records (EMRs) using attribute-based encryption on mobile devices. Our system allows healthcare organizations to export EMRs to locations outside of their trust boundary. In contrast to previous approaches, our solution is designed to maintain EMR availability even when providers are offline, i.e., where network connectivity is not available. To balance the needs of emergency care and patient privacy, our system is designed to provide fine-grained encryption and is able to protect individual items within an EMR, where each encrypted item may have its own access control policy. We implemented a prototype system using a new key- and ciphertext-policy attribute-based encryption library that we developed. Our implementation, which includes an iPhone app for storing and managing EMRs offline, allows for flexible and automated policy generation. An evaluation of our design shows that our ABE library performs well, has acceptable storage requirements, and is practical and usable on modern smartphones.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"696 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132210418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 168
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信