Open Access. Powered by Scholars. Published by Universities.®
- Institution
- Keyword
-
- Security (3)
- Android (2)
- Static Analysis (2)
- Ad blocking (1)
- Ad-blockers (1)
-
- Android Security (1)
- App Mining (1)
- Apps (1)
- Automated Mobile Application Testing (1)
- Automated program repair (1)
- Binary analysis (1)
- Blocking malvertising (1)
- Branching logic (1)
- Clock Drift (1)
- Clock Rate (1)
- Code obfuscation (1)
- Computer Science (1)
- Cryptographic misuse (1)
- Cyber Security (1)
- Cyberattacks (1)
- Description Logics (1)
- Global Clock (1)
- Head-mounted display (HMD) (1)
- Hierarchical structure (1)
- Indoor Localization (1)
- Information Retrieval (1)
- Information Security (1)
- Interactive media (1)
- Local Clock (1)
- Malvertising (1)
- Publication
- Publication Type
Articles 1 - 17 of 17
Full-Text Articles in Information Security
Context-Sensitive Auto-Sanitization For Php, Jared M. Smith, Richard J. Connor, David P. Cunningham, Kyle G. Bashour, Walter T. Work
Context-Sensitive Auto-Sanitization For Php, Jared M. Smith, Richard J. Connor, David P. Cunningham, Kyle G. Bashour, Walter T. Work
Chancellor’s Honors Program Projects
No abstract provided.
Teaching Android Security Through Examples: A Publicly Available Database Of Vulnerable Apps, Daniel E. Krutz, Samuel A. Malachowsky
Teaching Android Security Through Examples: A Publicly Available Database Of Vulnerable Apps, Daniel E. Krutz, Samuel A. Malachowsky
Articles
Security is hard, and teaching security can be even harder. Here we describe a public educational activity to assist in the instruction of both students and developers in creating secure Android apps. Our set of activities includes example vulnerable applications, information about each vulnerability, steps on how to repair the vulnerabilities, and information about how to confirm that the vulnerability has been properly repaired. Our primary goal is to make these activities available to other instructors for use in their classrooms ranging from the K-12 to university settings. A secondary goal of this project is to foster interest in security …
Security Testing With Misuse Case Modeling, Samer Yousef Khamaiseh
Security Testing With Misuse Case Modeling, Samer Yousef Khamaiseh
Boise State University Theses and Dissertations
Having a comprehensive model of security requirements is a crucial step towards developing a reliable software system. An effective model of security requirements which describes the possible scenarios that may affect the security aspects of the system under development can be an effective approach for subsequent use in generating security test cases.
Misuse case was first proposed by Sinder and Opdahl as an approach to extract the security requirements of the system under development [1]. A misuse case is a use case representing scenarios that might be followed by a system adversary in order to compromise the system; that is …
Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu
Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu
Department of Computer Science and Engineering: Dissertations, Theses, and Student Research
Software repackaging is a common approach for creating malware. In this approach, malware authors inject malicious payloads into legitimate applications; then, to ren- der security analysis more difficult, they obfuscate most or all of the code. This forces analysts to spend a large amount of effort filtering out benign obfuscated methods in order to locate potentially malicious methods for further analysis. If an effective mechanism for filtering out benign obfuscated methods were available, the number of methods that must be analyzed could be reduced, allowing analysts to be more productive. In this thesis, we introduce SEMEO, a highly effective and …
Automated Verification Of Timed Security Protocols With Clock Drift, Li Li, Jun Sun
Automated Verification Of Timed Security Protocols With Clock Drift, Li Li, Jun Sun
Research Collection School Of Computing and Information Systems
Time is frequently used in security protocols to provide better security. For instance, critical credentials often have limited lifetime which improves the security against brute-force attacks. However, it is challenging to correctly use time in protocol design, due to the existence of clock drift in practice. In this work, we develop a systematic method to formally specify as well as automatically verify timed security protocols with clock drift. We first extend the previously proposed timed applied ππ -calculus as a formal specification language for timed protocols with clock drift. Then, we define its formal semantics based on timed logic rules, …
Code Metrics For Predicting Risk Levels Of Android Applications, Akond A. Rahman
Code Metrics For Predicting Risk Levels Of Android Applications, Akond A. Rahman
KSU Proceedings on Cybersecurity Education, Research and Practice
Android applications pose security and privacy risks for end-users. Early prediction of risk levels that are associated with Android applications can help Android developers is releasing less risky applications to end-users. Researchers have showed how code metrics can be used as early predictors of failure prone software components. Whether or not code metrics can be used to predict risk levels of Android applications requires systematic exploration. The goal of this paper is to aid Android application developers in assessing the risk associated with developed Android applications by identifying code metrics that can be used as predictors to predict two levels …
Mabic: Mobile Application Builder For Interactive Communication, Huy Manh Nguyen
Mabic: Mobile Application Builder For Interactive Communication, Huy Manh Nguyen
Masters Theses & Specialist Projects
Nowadays, the web services and mobile technology advance to a whole new level. These technologies make the modern communication faster and more convenient than the traditional way. People can also easily share data, picture, image and video instantly. It also saves time and money. For example: sending an email or text message is cheaper and faster than a letter. Interactive communication allows the instant exchange of feedback and enables two-way communication between people and people, or people and computer. It increases the engagement of sender and receiver in communication.
Although many systems such as REDCap and Taverna are built for …
Integrated Software Fingerprinting Via Neural-Network-Based Control Flow Obfuscation, Haoyu Ma, Ruiqi Li, Xiaoxu Yu, Chunfu Jia, Debin Gao
Integrated Software Fingerprinting Via Neural-Network-Based Control Flow Obfuscation, Haoyu Ma, Ruiqi Li, Xiaoxu Yu, Chunfu Jia, Debin Gao
Research Collection School Of Computing and Information Systems
Dynamic software fingerprinting has been an important tool in fighting against software theft and pirating by embedding unique fingerprints into software copies. However, existing work uses methods from dynamic software watermarking as direct solutions in which secret marks are inside rather independent code modules attached to the software. This results in an intrinsic weakness against targeted collusive attacks since differences among software copies correspond directly to the fingerprint-related components. In this paper, we suggest a novel mode of dynamic fingerprinting called integrated fingerprinting, of which the goal is to ensure all fingerprinted software copies possess identical behaviors at semantic level. …
Indoor Localization Via Multi-Modal Sensing On Smartphones, Han Xu, Zheng Yang, Zimu Zhou, Longfei Shangguan, Ke Yi, Yunhao Liu
Indoor Localization Via Multi-Modal Sensing On Smartphones, Han Xu, Zheng Yang, Zimu Zhou, Longfei Shangguan, Ke Yi, Yunhao Liu
Research Collection School Of Computing and Information Systems
Indoor localization is of great importance to a wide range ofapplications in shopping malls, office buildings and publicplaces. The maturity of computer vision (CV) techniques andthe ubiquity of smartphone cameras hold promise for offering sub-meter accuracy localization services. However, pureCV-based solutions usually involve hundreds of photos andpre-calibration to construct image database, a labor-intensiveoverhead for practical deployment. We present ClickLoc, anaccurate, easy-to-deploy, sensor-enriched, image-based indoor localization system. With core techniques rooted insemantic information extraction and optimization-based sensor data fusion, ClickLoc is able to bootstrap with few images. Leveraging sensor-enriched photos, ClickLoc also enables user localization with a single photo of the …
Pdroid, Joe Larry Allen
Pdroid, Joe Larry Allen
Masters Theses
When an end user attempts to download an app on the Google Play Store they receive two related items that can be used to assess the potential threats of an application, the list of permissions used by the application and the textual description of the application. However, this raises several concerns. First, applications tend to use more permissions than they need and end users are not tech-savvy enough to fully understand the security risks. Therefore, it is challenging to assess the threats of an application fully by only seeing the permissions. On the other hand, most textual descriptions do not …
Proxy Signature With Revocation, Shengmin Xu, Guomin Yang, Yi Mu, Shu Ma
Proxy Signature With Revocation, Shengmin Xu, Guomin Yang, Yi Mu, Shu Ma
Research Collection School Of Computing and Information Systems
Proxy signature is a useful cryptographic primitive that allows signing right delegation. In a proxy signature scheme, an original signer can delegate his/her signing right to a proxy signer (or a group of proxy signers) who can then sign documents on behalf of the original signer. In this paper, we investigate the problem of proxy signature with revocation. The revocation of delegated signing right is necessary for a proxy signature scheme when the proxy signer’s key is compromised and/or any misuse of the delegated right is noticed. Although a proxy signature scheme usually specifies a delegation time period, it may …
Cdrep: Automatic Repair Of Cryptographic-Misuses In Android Applications, Siqi Ma, David Lo, Teng Li, Robert H. Deng
Cdrep: Automatic Repair Of Cryptographic-Misuses In Android Applications, Siqi Ma, David Lo, Teng Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
Cryptography is increasingly being used in mobile applications to provide various security services; from user authentication, data privacy, to secure communications. However, there are plenty of mistakes that developers could accidentally make when using cryptography in their mobile apps and such mistakes can lead to a false sense of security. Recent research efforts indeed show that a significant portion of mobile apps in both Android and iOS platforms misused cryptographic APIs. In this paper, we present CDRep, a tool for automatically repairing cryptographic misuse defects in Android apps. We classify such defects into seven types and manually assemble the corresponding …
Graph-Aided Directed Testing Of Android Applications For Checking Runtime Privacy Behaviours, Joseph Joo Keng Chan, Lingxiao Jiang, Kiat Wee Tan, Rajesh Krishna Balan
Graph-Aided Directed Testing Of Android Applications For Checking Runtime Privacy Behaviours, Joseph Joo Keng Chan, Lingxiao Jiang, Kiat Wee Tan, Rajesh Krishna Balan
Research Collection School Of Computing and Information Systems
While automated testing of mobile applications is very useful for checking run-time behaviours and specifications, its capability in discovering issues in apps is often limited in practice due to long testing time. A common practice is to randomly and exhaustively explore the whole app test space, which takes a lot of time and resource to achieve good coverage and reach targeted parts of the apps. In this paper, we present MAMBA, a directed testing system for checking privacy in Android apps. MAMBA performs path searches of user events in control-flow graphs of callbacks generated from static analysis of app bytecode. …
Leveraging Automated Privacy Checking For Design Of Mobile Privacy Protection Mechanisms, Joseph Joo Keng Chan, Lingxiao Jiang, Kiat Wee Tan, Rajesh Balan
Leveraging Automated Privacy Checking For Design Of Mobile Privacy Protection Mechanisms, Joseph Joo Keng Chan, Lingxiao Jiang, Kiat Wee Tan, Rajesh Balan
Research Collection School Of Computing and Information Systems
While mobile platforms rely on developers to follow good practices in privacy design, developers might not always adhere. In addition, it is often difficult for users to understand the privacy behaviour of their applications without some prolonged usage. To aid in these issues, we describe on-going research to improve privacy protection by utilizing techniques that mine privacy information from application binaries as a grey-box (Automated Privacy Checking). The outputs can then be utilized to improve the users' ability to exercise privacy-motivated discretion. We conducted a user study to observe the effects of presenting information on leak-causing triggers within applications in …
User Interface Design, Moritz Stefaner, Sebastien Ferre, Saverio Perugini, Jonathan Koren, Yi Zhang
User Interface Design, Moritz Stefaner, Sebastien Ferre, Saverio Perugini, Jonathan Koren, Yi Zhang
Saverio Perugini
As detailed in Chap. 1, system implementations for dynamic taxonomies and faceted search allow a wide range of query possibilities on the data. Only when these are made accessible by appropriate user interfaces, the resulting applications can support a variety of search, browsing and analysis tasks. User interface design in this area is confronted with specific challenges. This chapter presents an overview of both established and novel principles and solutions.
An Immersive Telepresence System Using Rgb-D Sensors And Head-Mounted Display, Xinzhong Lu, Ju Shen, Saverio Perugini, Jianjun Yang
An Immersive Telepresence System Using Rgb-D Sensors And Head-Mounted Display, Xinzhong Lu, Ju Shen, Saverio Perugini, Jianjun Yang
Saverio Perugini
We present a tele-immersive system that enables people to interact with each other in a virtual world using body gestures in addition to verbal communication. Beyond the obvious applications, including general online conversations and gaming, we hypothesize that our proposed system would be particularly beneficial to education by offering rich visual contents and interactivity. One distinct feature is the integration of egocentric pose recognition that allows participants to use their gestures to demonstrate and manipulate virtual objects simultaneously. This functionality enables the instructor to effectively and efficiently explain and illustrate complex concepts or sophisticated problems in an intuitive manner. The …
Gone In 200 Milliseconds: The Challenge Of Blocking Malvertising, Catherine Dwyer, Ameet Kanguri
Gone In 200 Milliseconds: The Challenge Of Blocking Malvertising, Catherine Dwyer, Ameet Kanguri
Student and Faculty Research Days
Online advertising is a multi-billion dollar global industry that lets advertisers serve ads to specific customers of interest as they browse the web. Using real time bidding (RTB), as web visitors land on a site, advertising networks are alerted of space available and whatever profile information can be gleaned about the visitor. Ad networks then auction this combination of space and profile through ad exchanges, and the winning bid's ad content is served to the web visitor. The entire process, from a visitor landing on a publisher's page to ads being auctioned, takes 200 milliseconds--the time needed to snap your …