Computer Engineering Commons^™

Advanced Security Analysis For Emergent Software Platforms, Mohannad Alhanahnah

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Emergent software ecosystems, boomed by the advent of smartphones and the Internet of Things (IoT) platforms, are perpetually sophisticated, deployed into highly dynamic environments, and facilitating interactions across heterogeneous domains. Accordingly, assessing the security thereof is a pressing need, yet requires high levels of scalability and reliability to handle the dynamism involved in such volatile ecosystems.

This dissertation seeks to enhance conventional security detection methods to cope with the emergent features of contemporary software ecosystems. In particular, it analyzes the security of Android and IoT ecosystems by developing rigorous vulnerability detection methods. A critical aspect of this work is the …

If I Had A Million Cryptos: Cryptowallet Application Analysis And A Trojan Proof-Of-Concept, Trevor Haigh, Frank Breitinger, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Cryptocurrencies have gained wide adoption by enthusiasts and investors. In this work, we examine seven different Android cryptowallet applications for forensic artifacts, but we also assess their security against tampering and reverse engineering. Some of the biggest benefits of cryptocurrency is its security and relative anonymity. For this reason it is vital that wallet applications share the same properties. Our work, however, indicates that this is not the case. Five of the seven applications we tested do not implement basic security measures against reverse engineering. Three of the applications stored sensitive information, like wallet private keys, insecurely and one was …

Breaking Into The Vault: Privacy, Security And Forensic Analysis Of Android Vault Applications, Xiaolu Zhang, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we share the first account for the forensic analysis, security and privacy of Android vault applications. Vaults are designed to be privacy enhancing as they allow users to hide personal data but may also be misused to hide incriminating files. Our work has already helped law enforcement in the state of Connecticut to reconstruct 66 incriminating images and 18 videos in a single criminal case. We present case studies and results from analyzing 18 Android vault applications (accounting for nearly 220 million downloads from the Google Play store) by reverse engineering them and examining the forensic artifacts …

Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Software repackaging is a common approach for creating malware. In this approach, malware authors inject malicious payloads into legitimate applications; then, to ren- der security analysis more difficult, they obfuscate most or all of the code. This forces analysts to spend a large amount of effort filtering out benign obfuscated methods in order to locate potentially malicious methods for further analysis. If an effective mechanism for filtering out benign obfuscated methods were available, the number of methods that must be analyzed could be reduced, allowing analysts to be more productive. In this thesis, we introduce SEMEO, a highly effective and …

Significant Permission Identification For Android Malware Detection, Lichao Sun

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

A recent report indicates that a newly developed malicious app for Android is introduced every 11 seconds. To combat this alarming rate of malware creation, we need a scalable malware detection approach that is effective and efficient. In this thesis, we introduce SigPID, a malware detection system based on permission analysis to cope with the rapid increase in the number of Android malware. Instead of analyzing all 135 Android permissions, our approach applies 3-level pruning by mining the permission data to identify only significant permissions that can be effective in distinguishing benign and malicious apps. Based on the identified significant …

Pinpoint: Efficient And Effective Resource Isolation For Mobile Security And Privacy, Paul Ratazzi, Ashok Bommisetti, Nian Ji, Wenliang Du

Electrical Engineering and Computer Science - All Scholarship

Virtualization is frequently used to isolate untrusted processes and control their access to sensitive resources. However, isolation usually carries a price in terms of less resource sharing and reduced inter-process communication. In an open architecture such as Android, this price and its impact on performance, usability, and transparency must be carefully considered. Although previous efforts in developing general-purpose isolation solutions have shown that some of these negative sideeffects can be mitigated, doing so involves overcoming significant design challenges by incorporating numerous additional platform complexities not directly related to improved security. Thus, the general purpose solutions become inefficient and burdensome if …

Network And Device Forensic Analysis Of Android Social-Messaging Applications, Daniel Walnycky, Ibrahim Baggili, Andrew Marrington, Jason Moore, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In this research we forensically acquire and analyze the device-stored data and network traffic of 20 popular instant messaging applications for Android. We were able to reconstruct some or the entire message content from 16 of the 20 applications tested, which reflects poorly on the security and privacy measures employed by these applications but may be construed positively for evidence collection purposes by digital forensic practitioners. This work shows which features of these instant messaging applications leave evidentiary traces allowing for suspect data to be reconstructed or partially reconstructed, and whether network forensics or device forensics permits the reconstruction of …

The Impact Of Custom Rom Backups On Android External Storage Erasure, Haydon Hope, Peter Hannay

Australian Digital Forensics Conference

The Android operating system is the current market leader on mobile devices such as smartphones and tablet computers. The core operating system is open source and has a number of developers creating variants of this operating system. These variants, often referred to as custom ROMs are available for a wide number of mobile devices. Custom ROMs provide a number of features, such as enhanced control over the operating system, variation in user interfaces and so on. The process of installing custom ROMs is often accomplished through the use of a ROM manager application. Such applications often provide mechanisms to back …

Forensic Analysis Of Social Networking Applications On Mobile Devices, Noora Al Mutawa, Ibrahim Baggili, Andrew Marrington

Electrical & Computer Engineering and Computer Science Faculty Publications

The increased use of social networking applications on smartphones makes these devices a goldmine for forensic investigators. Potential evidence can be held on these devices and recovered with the right tools and examination methods. This paper focuses on conducting forensic analyses on three widely used social networking applications on smartphones: Facebook, Twitter, and MySpace. The tests were conducted on three popular smartphones: BlackBerrys, iPhones, and Android phones. The tests consisted of installing the social networking applications on each device, conducting common user activities through each application, acquiring a forensically sound logical image of each device, and performing manual forensic analysis …