Open Access. Powered by Scholars. Published by Universities.®
- Institution
- Keyword
-
- Android (2)
- Security (2)
- Ad blocking (1)
- Ad-blockers (1)
- Apps (1)
-
- Automated Mobile Application Testing (1)
- Automated program repair (1)
- Binary analysis (1)
- Blocking malvertising (1)
- Branching logic (1)
- Clock Drift (1)
- Clock Rate (1)
- Code obfuscation (1)
- Cryptographic misuse (1)
- Cyberattacks (1)
- Global Clock (1)
- Hierarchical structure (1)
- Indoor Localization (1)
- Local Clock (1)
- Malvertising (1)
- Malware (1)
- Mobile Privacy (1)
- Mobile privacy (1)
- Multi-Modal Data (1)
- Neural network (1)
- Obfuscation (1)
- Online advertising (1)
- Proxy signature (1)
- Revocation (1)
- Security Protocol (1)
Articles 1 - 11 of 11
Full-Text Articles in Information Security
Teaching Android Security Through Examples: A Publicly Available Database Of Vulnerable Apps, Daniel E. Krutz, Samuel A. Malachowsky
Teaching Android Security Through Examples: A Publicly Available Database Of Vulnerable Apps, Daniel E. Krutz, Samuel A. Malachowsky
Articles
Security is hard, and teaching security can be even harder. Here we describe a public educational activity to assist in the instruction of both students and developers in creating secure Android apps. Our set of activities includes example vulnerable applications, information about each vulnerability, steps on how to repair the vulnerabilities, and information about how to confirm that the vulnerability has been properly repaired. Our primary goal is to make these activities available to other instructors for use in their classrooms ranging from the K-12 to university settings. A secondary goal of this project is to foster interest in security …
Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu
Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu
Department of Computer Science and Engineering: Dissertations, Theses, and Student Research
Software repackaging is a common approach for creating malware. In this approach, malware authors inject malicious payloads into legitimate applications; then, to ren- der security analysis more difficult, they obfuscate most or all of the code. This forces analysts to spend a large amount of effort filtering out benign obfuscated methods in order to locate potentially malicious methods for further analysis. If an effective mechanism for filtering out benign obfuscated methods were available, the number of methods that must be analyzed could be reduced, allowing analysts to be more productive. In this thesis, we introduce SEMEO, a highly effective and …
Automated Verification Of Timed Security Protocols With Clock Drift, Li Li, Jun Sun
Automated Verification Of Timed Security Protocols With Clock Drift, Li Li, Jun Sun
Research Collection School Of Computing and Information Systems
Time is frequently used in security protocols to provide better security. For instance, critical credentials often have limited lifetime which improves the security against brute-force attacks. However, it is challenging to correctly use time in protocol design, due to the existence of clock drift in practice. In this work, we develop a systematic method to formally specify as well as automatically verify timed security protocols with clock drift. We first extend the previously proposed timed applied ππ -calculus as a formal specification language for timed protocols with clock drift. Then, we define its formal semantics based on timed logic rules, …
Integrated Software Fingerprinting Via Neural-Network-Based Control Flow Obfuscation, Haoyu Ma, Ruiqi Li, Xiaoxu Yu, Chunfu Jia, Debin Gao
Integrated Software Fingerprinting Via Neural-Network-Based Control Flow Obfuscation, Haoyu Ma, Ruiqi Li, Xiaoxu Yu, Chunfu Jia, Debin Gao
Research Collection School Of Computing and Information Systems
Dynamic software fingerprinting has been an important tool in fighting against software theft and pirating by embedding unique fingerprints into software copies. However, existing work uses methods from dynamic software watermarking as direct solutions in which secret marks are inside rather independent code modules attached to the software. This results in an intrinsic weakness against targeted collusive attacks since differences among software copies correspond directly to the fingerprint-related components. In this paper, we suggest a novel mode of dynamic fingerprinting called integrated fingerprinting, of which the goal is to ensure all fingerprinted software copies possess identical behaviors at semantic level. …
Mabic: Mobile Application Builder For Interactive Communication, Huy Manh Nguyen
Mabic: Mobile Application Builder For Interactive Communication, Huy Manh Nguyen
Masters Theses & Specialist Projects
Nowadays, the web services and mobile technology advance to a whole new level. These technologies make the modern communication faster and more convenient than the traditional way. People can also easily share data, picture, image and video instantly. It also saves time and money. For example: sending an email or text message is cheaper and faster than a letter. Interactive communication allows the instant exchange of feedback and enables two-way communication between people and people, or people and computer. It increases the engagement of sender and receiver in communication.
Although many systems such as REDCap and Taverna are built for …
Indoor Localization Via Multi-Modal Sensing On Smartphones, Han Xu, Zheng Yang, Zimu Zhou, Longfei Shangguan, Ke Yi, Yunhao Liu
Indoor Localization Via Multi-Modal Sensing On Smartphones, Han Xu, Zheng Yang, Zimu Zhou, Longfei Shangguan, Ke Yi, Yunhao Liu
Research Collection School Of Computing and Information Systems
Indoor localization is of great importance to a wide range ofapplications in shopping malls, office buildings and publicplaces. The maturity of computer vision (CV) techniques andthe ubiquity of smartphone cameras hold promise for offering sub-meter accuracy localization services. However, pureCV-based solutions usually involve hundreds of photos andpre-calibration to construct image database, a labor-intensiveoverhead for practical deployment. We present ClickLoc, anaccurate, easy-to-deploy, sensor-enriched, image-based indoor localization system. With core techniques rooted insemantic information extraction and optimization-based sensor data fusion, ClickLoc is able to bootstrap with few images. Leveraging sensor-enriched photos, ClickLoc also enables user localization with a single photo of the …
Proxy Signature With Revocation, Shengmin Xu, Guomin Yang, Yi Mu, Shu Ma
Proxy Signature With Revocation, Shengmin Xu, Guomin Yang, Yi Mu, Shu Ma
Research Collection School Of Computing and Information Systems
Proxy signature is a useful cryptographic primitive that allows signing right delegation. In a proxy signature scheme, an original signer can delegate his/her signing right to a proxy signer (or a group of proxy signers) who can then sign documents on behalf of the original signer. In this paper, we investigate the problem of proxy signature with revocation. The revocation of delegated signing right is necessary for a proxy signature scheme when the proxy signer’s key is compromised and/or any misuse of the delegated right is noticed. Although a proxy signature scheme usually specifies a delegation time period, it may …
Cdrep: Automatic Repair Of Cryptographic-Misuses In Android Applications, Siqi Ma, David Lo, Teng Li, Robert H. Deng
Cdrep: Automatic Repair Of Cryptographic-Misuses In Android Applications, Siqi Ma, David Lo, Teng Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
Cryptography is increasingly being used in mobile applications to provide various security services; from user authentication, data privacy, to secure communications. However, there are plenty of mistakes that developers could accidentally make when using cryptography in their mobile apps and such mistakes can lead to a false sense of security. Recent research efforts indeed show that a significant portion of mobile apps in both Android and iOS platforms misused cryptographic APIs. In this paper, we present CDRep, a tool for automatically repairing cryptographic misuse defects in Android apps. We classify such defects into seven types and manually assemble the corresponding …
Leveraging Automated Privacy Checking For Design Of Mobile Privacy Protection Mechanisms, Joseph Joo Keng Chan, Lingxiao Jiang, Kiat Wee Tan, Rajesh Balan
Leveraging Automated Privacy Checking For Design Of Mobile Privacy Protection Mechanisms, Joseph Joo Keng Chan, Lingxiao Jiang, Kiat Wee Tan, Rajesh Balan
Research Collection School Of Computing and Information Systems
While mobile platforms rely on developers to follow good practices in privacy design, developers might not always adhere. In addition, it is often difficult for users to understand the privacy behaviour of their applications without some prolonged usage. To aid in these issues, we describe on-going research to improve privacy protection by utilizing techniques that mine privacy information from application binaries as a grey-box (Automated Privacy Checking). The outputs can then be utilized to improve the users' ability to exercise privacy-motivated discretion. We conducted a user study to observe the effects of presenting information on leak-causing triggers within applications in …
Graph-Aided Directed Testing Of Android Applications For Checking Runtime Privacy Behaviours, Joseph Joo Keng Chan, Lingxiao Jiang, Kiat Wee Tan, Rajesh Krishna Balan
Graph-Aided Directed Testing Of Android Applications For Checking Runtime Privacy Behaviours, Joseph Joo Keng Chan, Lingxiao Jiang, Kiat Wee Tan, Rajesh Krishna Balan
Research Collection School Of Computing and Information Systems
While automated testing of mobile applications is very useful for checking run-time behaviours and specifications, its capability in discovering issues in apps is often limited in practice due to long testing time. A common practice is to randomly and exhaustively explore the whole app test space, which takes a lot of time and resource to achieve good coverage and reach targeted parts of the apps. In this paper, we present MAMBA, a directed testing system for checking privacy in Android apps. MAMBA performs path searches of user events in control-flow graphs of callbacks generated from static analysis of app bytecode. …
Gone In 200 Milliseconds: The Challenge Of Blocking Malvertising, Catherine Dwyer, Ameet Kanguri
Gone In 200 Milliseconds: The Challenge Of Blocking Malvertising, Catherine Dwyer, Ameet Kanguri
Student and Faculty Research Days
Online advertising is a multi-billion dollar global industry that lets advertisers serve ads to specific customers of interest as they browse the web. Using real time bidding (RTB), as web visitors land on a site, advertising networks are alerted of space available and whatever profile information can be gleaned about the visitor. Ad networks then auction this combination of space and profile through ad exchanges, and the winning bid's ad content is served to the web visitor. The entire process, from a visitor landing on a publisher's page to ads being auctioned, takes 200 milliseconds--the time needed to snap your …