Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Automated Mobile Application Testing (1)
- Automated program repair (1)
- Binary analysis (1)
- Clock Drift (1)
- Clock Rate (1)
-
- Code obfuscation (1)
- Cryptographic misuse (1)
- Global Clock (1)
- Hierarchical structure (1)
- Indoor Localization (1)
- Local Clock (1)
- Mobile Privacy (1)
- Mobile privacy (1)
- Multi-Modal Data (1)
- Neural network (1)
- Proxy signature (1)
- Revocation (1)
- Security Protocol (1)
- Smart Phone (1)
- Software fingerprinting (1)
- User-behavioural factors (1)
- Vulnerability detection (1)
Articles 1 - 7 of 7
Full-Text Articles in Information Security
Automated Verification Of Timed Security Protocols With Clock Drift, Li Li, Jun Sun
Automated Verification Of Timed Security Protocols With Clock Drift, Li Li, Jun Sun
Research Collection School Of Computing and Information Systems
Time is frequently used in security protocols to provide better security. For instance, critical credentials often have limited lifetime which improves the security against brute-force attacks. However, it is challenging to correctly use time in protocol design, due to the existence of clock drift in practice. In this work, we develop a systematic method to formally specify as well as automatically verify timed security protocols with clock drift. We first extend the previously proposed timed applied ππ -calculus as a formal specification language for timed protocols with clock drift. Then, we define its formal semantics based on timed logic rules, …
Integrated Software Fingerprinting Via Neural-Network-Based Control Flow Obfuscation, Haoyu Ma, Ruiqi Li, Xiaoxu Yu, Chunfu Jia, Debin Gao
Integrated Software Fingerprinting Via Neural-Network-Based Control Flow Obfuscation, Haoyu Ma, Ruiqi Li, Xiaoxu Yu, Chunfu Jia, Debin Gao
Research Collection School Of Computing and Information Systems
Dynamic software fingerprinting has been an important tool in fighting against software theft and pirating by embedding unique fingerprints into software copies. However, existing work uses methods from dynamic software watermarking as direct solutions in which secret marks are inside rather independent code modules attached to the software. This results in an intrinsic weakness against targeted collusive attacks since differences among software copies correspond directly to the fingerprint-related components. In this paper, we suggest a novel mode of dynamic fingerprinting called integrated fingerprinting, of which the goal is to ensure all fingerprinted software copies possess identical behaviors at semantic level. …
Indoor Localization Via Multi-Modal Sensing On Smartphones, Han Xu, Zheng Yang, Zimu Zhou, Longfei Shangguan, Ke Yi, Yunhao Liu
Indoor Localization Via Multi-Modal Sensing On Smartphones, Han Xu, Zheng Yang, Zimu Zhou, Longfei Shangguan, Ke Yi, Yunhao Liu
Research Collection School Of Computing and Information Systems
Indoor localization is of great importance to a wide range ofapplications in shopping malls, office buildings and publicplaces. The maturity of computer vision (CV) techniques andthe ubiquity of smartphone cameras hold promise for offering sub-meter accuracy localization services. However, pureCV-based solutions usually involve hundreds of photos andpre-calibration to construct image database, a labor-intensiveoverhead for practical deployment. We present ClickLoc, anaccurate, easy-to-deploy, sensor-enriched, image-based indoor localization system. With core techniques rooted insemantic information extraction and optimization-based sensor data fusion, ClickLoc is able to bootstrap with few images. Leveraging sensor-enriched photos, ClickLoc also enables user localization with a single photo of the …
Proxy Signature With Revocation, Shengmin Xu, Guomin Yang, Yi Mu, Shu Ma
Proxy Signature With Revocation, Shengmin Xu, Guomin Yang, Yi Mu, Shu Ma
Research Collection School Of Computing and Information Systems
Proxy signature is a useful cryptographic primitive that allows signing right delegation. In a proxy signature scheme, an original signer can delegate his/her signing right to a proxy signer (or a group of proxy signers) who can then sign documents on behalf of the original signer. In this paper, we investigate the problem of proxy signature with revocation. The revocation of delegated signing right is necessary for a proxy signature scheme when the proxy signer’s key is compromised and/or any misuse of the delegated right is noticed. Although a proxy signature scheme usually specifies a delegation time period, it may …
Cdrep: Automatic Repair Of Cryptographic-Misuses In Android Applications, Siqi Ma, David Lo, Teng Li, Robert H. Deng
Cdrep: Automatic Repair Of Cryptographic-Misuses In Android Applications, Siqi Ma, David Lo, Teng Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
Cryptography is increasingly being used in mobile applications to provide various security services; from user authentication, data privacy, to secure communications. However, there are plenty of mistakes that developers could accidentally make when using cryptography in their mobile apps and such mistakes can lead to a false sense of security. Recent research efforts indeed show that a significant portion of mobile apps in both Android and iOS platforms misused cryptographic APIs. In this paper, we present CDRep, a tool for automatically repairing cryptographic misuse defects in Android apps. We classify such defects into seven types and manually assemble the corresponding …
Graph-Aided Directed Testing Of Android Applications For Checking Runtime Privacy Behaviours, Joseph Joo Keng Chan, Lingxiao Jiang, Kiat Wee Tan, Rajesh Krishna Balan
Graph-Aided Directed Testing Of Android Applications For Checking Runtime Privacy Behaviours, Joseph Joo Keng Chan, Lingxiao Jiang, Kiat Wee Tan, Rajesh Krishna Balan
Research Collection School Of Computing and Information Systems
While automated testing of mobile applications is very useful for checking run-time behaviours and specifications, its capability in discovering issues in apps is often limited in practice due to long testing time. A common practice is to randomly and exhaustively explore the whole app test space, which takes a lot of time and resource to achieve good coverage and reach targeted parts of the apps. In this paper, we present MAMBA, a directed testing system for checking privacy in Android apps. MAMBA performs path searches of user events in control-flow graphs of callbacks generated from static analysis of app bytecode. …
Leveraging Automated Privacy Checking For Design Of Mobile Privacy Protection Mechanisms, Joseph Joo Keng Chan, Lingxiao Jiang, Kiat Wee Tan, Rajesh Balan
Leveraging Automated Privacy Checking For Design Of Mobile Privacy Protection Mechanisms, Joseph Joo Keng Chan, Lingxiao Jiang, Kiat Wee Tan, Rajesh Balan
Research Collection School Of Computing and Information Systems
While mobile platforms rely on developers to follow good practices in privacy design, developers might not always adhere. In addition, it is often difficult for users to understand the privacy behaviour of their applications without some prolonged usage. To aid in these issues, we describe on-going research to improve privacy protection by utilizing techniques that mine privacy information from application binaries as a grey-box (Automated Privacy Checking). The outputs can then be utilized to improve the users' ability to exercise privacy-motivated discretion. We conducted a user study to observe the effects of presenting information on leak-causing triggers within applications in …