ecosystem final progress report
play

ecosystem: Final progress report Alexios Mylonas Athens University - PowerPoint PPT Presentation

Sep 07, 2022 •119 likes •653 views

Security and privacy in the smartphone ecosystem: Final progress report Alexios Mylonas Athens University of Economics & Business Overview 2 Research Motivation Related work Objective Approach Methodology Threat

  1. Security and privacy in the smartphone ecosystem: Final progress report Alexios Mylonas Athens University of Economics & Business

  2. Overview 2  Research Motivation  Related work  Objective  Approach  Methodology  Threat model  Smartphone definition & data  Contribution  Browser controls  User practices  Malware mitigation  Smartphone forensics  Future work

  3. Research Motivation 3  Smartphone ecosystem facts:  Increase  Popularity of devices  Installations of third-party apps  web browsing  Great source of personal and business data  Smartphones appealing target for attackers

  4. Related work 4  Android-centered & focused on malware mitigation  Permission system  Policies, all-or-nothing  Static analysis  e.g. static analysis on manifest  Dynamic analysis  e.g. Taint analysis

  5. Related work 4  Android-centered & focused on malware mitigation  Permission system  Policies, all-or-nothing Problem:  Static analysis 1. Require advanced technical skills!  manifest  Dynamic analysis  Taint analysis  Instrumentation

  6. Related work 4  Android-centered & focused on malware mitigation  Permission system  Policies, all-or-nothing Problem:  Static analysis 1. Require advanced technical skills!  manifest  Dynamic analysis  Taint analysis  Instrumentation

  7. Related work 4  Android-centered & focused on malware mitigation  Permission system  Policies, all-or-nothing Problem:  Static analysis 1. Require advanced technical skills!  manifest  Dynamic analysis  Taint analysis  Instrumentation

  8. Objectives 5  Study user practices  adoption of security controls  User-centric protection  Include user input in our approach  Users value their data types differently  Case study: Smartphone forensics

  9. Methodology 6 Survey of controls Analysis Security Finding (user-centric) Survey of threats Recommendation/Mitigation

  10. Threat model 7 T1. Malicious web ( servers ) WEB

  11. Threat model 7 T2. Physical access

  12. Threat model 7 T3. Malicious apps 12 Users App App App App . Application . Repository . App

  13. A smartphone? 8 Cell\feature phone Smartphone  used to access mobile  a cell phone network carrier services  advanced hardware  contains a smartcard capabilities  an identifiable OS  supports 3 rd -party apps  apps from app repository C5. Theoharidou M, Mylonas A, Gritzalis D. A risk assessment method for smartphones. In: Proc. of the 27th IFIP Information Security and Privacy Conference. Springer; AICT-376; 2012. p. 443-456.

  14. Smartphone Data 8  Smartphones host heterogeneous data Application Sensor Device Smartphone Data SIM Card Messaging Usage History C4. Mylonas A, Meletiadis V, Tsoumas B, Mitrou L, Gritzalis D. Smartphone forensics: A proactive investiga- tion scheme for evidence acquisition. In: 27th IFIP International Information Security and Privacy Conferen- ce. Springer; AICT-376; 2012. p. 249 – 260.

  15. Browser controls 9  Manageability of browser security controls  PC, smartphones  Out-of-the box protection offered C7. Mylonas A, Tsalis N, Gritzalis D. Evaluating the manageability of web browsers controls. In: Proc. of the 9th International Workshop on Security and Trust Management (STM-2013), Springer; LNCS-8203; 2013; p 82-98.

  16. Browser Controls 9  Web threats Unavailability of controls Identification and Survey of controls Out-of-the-box protection manageability Usability issues Control enumeration Common controls (33) in browser UIs Usability Browser, Chrome, Firefox, Security-oriented Safari, IE, Opera, Opera Mini Default values configuration settings Configurability UI suggestions

  17. Browser controls 1 0  Availability of controls  PC vs. smartphone  Smartphones browsers offer less controls

  18. Browser controls 1 0  Availability of controls  PC vs. smartphone  Smartphones browsers offer less controls  Blame the sandbox ?  Counterexamples  Android and iOS (10)  e.g. block location data, block third-party cookies, enable DNT, certificate warning, private browsing, ... (c.f. C.7)  Android (5)  i.e. block referrer, disable plugin, malware protection, master password, search engine manager

  19. Mitigation of web threats 1 1  identified controls (32)  Web threats  enabled by-default  ICT web threats   editable   Smartphone threats b) control manageability/threat a) default protection/threat

  20. Default protection /threat 1 2 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  21. Default protection /threat 1 2 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  22. Default protection /threat 1 2 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  23. Manageability of controls /threat 1 3 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  24. Manageability of controls /threat 13 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  25. Manageability of controls /threat 13 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  26. Manageability of controls /threat 13 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  27. Recommendations 14 Vendor Settings & UI Proposed Settings & UI  Functionality-oriented  Security-oriented  all controls configurable &  Users can disable controls enabled without confirmation  discourage changes  Security settings mixed with  certificate warning, malware/ other settings phishing protection  confirmation for update settings  ask default value  block cookies, block location data, block 3 rd party cookies, enable DNT, and master password

  28. Recommendations 14  Proposed settings restrictive  Security vs. user experience  Local blacklist  Per-site configuration of controls  User awareness  Users trained to use control(s) correctly  Users aware of web threats

  29. User practices 15  Adoption of controls  Physical attacks  Malicious apps  Statistical analysis (n=458, Athens, Fall 2011) C6. Mylonas A, Gritzalis D, Tsoumas B, Apostolopoulos T. A qualitative metrics vector for the aware- ness of smartphone security users. In: 10th International Conference on Trust, Privacy & Security in Digital Business. 2013.p. 173 – 84. J1. Mylonas A, Kastania A, Gritzalis D. Delegate the smartphone user? Security awareness in smart- phone platforms. Computers & Security 2013;34(0):47 – 66.

  30. User practices against physical access 10  Physical threat User survey of Exposure to physical threat Survey of controls adoption (vulnerability) Control enumeration Common controls in handsets • Password protection • remote locator Risk Assessment • remote wipe Android, BlackBerry, iOS, method • encryption Symbian, Windows Phone Training Adoption of controls Statistical analysis

  31. User practices against physical access 16  Poor adoption of physical access controls 70 60 50 40 30 20 10 0 remote device remote data encryption device none password wipe locator % of adoption 64,4 22,7 15,1 23,1 27,9

  32. User practices against malware 10  Threat of malicious apps User survey of Exposure to malicious apps Survey of controls adoption (vulnerability) Control enumeration Security indicators by security models • security messages • reputation Risk Assessment • reviews Android, BlackBerry, iOS, method Symbian, Windows Phone Third-party security software Prediction model User practices Training Statistical analysis

  33. User practices against malware 17  User practises when installing apps from the app repository Finding 5: Users who occasionally inspect security messages or ignore them at all are more likely to disable encryption 70 Finding 6: Users who always inspect security messages are more likely 60 technically and security savvy users 50 Finding 7: Users who ignore security messages are more likely to also ignore 40 agreement messages 30 20 10 0 agreement pirated reputation reviews security msgs msgs apps % of adoption 10 8,7 10,5 38,6 60,7

  34. User practices against malware 17  Poor use of smartphone security software Finding 5: Poor adoption of physical security controls 100 Finding 5.1: Encryption (22.7%) 80 Finding 5.2: Remote data wipe (15.1%) 60 Finding 5.3: Remote device locator (23.1%) 40 Finding 5.4: No adoption of any physical security control (27.9%) 20 Finding 6: Users tend to have disabled smartphone secsoft along 0 searched free Unaware of smartphone secsoft with encryption, device password lock and remote device PC secsoft smartphone smartphone secsoft essential secsoft secssoft locator % of adoption 85,8 24,5 34,3 40 27

  35. User practices against malware 17  Users believe that installing apps from the repository is secure (~3/4 users)  These users are exposed to malware  Unaware users of smartphone malware more likely trust the app repository  Users who trust the repository tend to be unaware about smartphone secsoft  Users who trust app repository are less likely to scrutinize security msgs

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Progress Update Housing Needs Assessment Final Report: June Equitable Development

Progress Update Housing Needs Assessment Final Report: June Equitable Development

Progress Update Housing Needs Assessment Final Report: June Equitable Development Strategies, Proposed Development Support Policies, Proposed Zoning Revisions, Proposed Housing Fund Recommendations, Proposed Public Property

215 views • 8 slides
MWRA Annual CSO Progress Report 2014 This is the 19 th annual report. Report includes:

MWRA Annual CSO Progress Report 2014 This is the 19 th annual report. Report includes:

MWRA Annual CSO Progress Report 2014 This is the 19 th annual report. Report includes: Progress in 2014 and Q1 2015 CSO control achievements and benefits to-date Remaining activities and court/regulatory requirements Spending,

268 views • 16 slides
Virtual Telescope and Stars Guide service for mobile devices (Progress report) (Progress report)

Virtual Telescope and Stars Guide service for mobile devices (Progress report) (Progress report)

Virtual Telescope and Stars Guide service for mobile devices (Progress report) (Progress report) Alexandra Reyss, Petrozavodsk State University Sergey Balandin, Nokia Research Center 1/14 Outline 1. Motivation 2. Use-case scenarios 3.

585 views • 13 slides
Welcome Agenda Welcome and Introductions Plan Schedule and Progress Report Discuss

Welcome Agenda Welcome and Introductions Plan Schedule and Progress Report Discuss

Greater Charlotte Regional Freight Mobility Plan Coordinating Committee Meeting #8 October 27, 2016 Welcome Agenda Welcome and Introductions Plan Schedule and Progress Report Discuss FINAL CCOG Strategic Freight Network Overview

372 views • 33 slides
NDR Design: Preliminary Progress Report Timeline for NDR Task Due Month NDR Specifications

NDR Design: Preliminary Progress Report Timeline for NDR Task Due Month NDR Specifications

NDR Design: Preliminary Progress Report Timeline for NDR Task Due Month NDR Specifications 7 NDR Version 1 15 NDR Version 1.5 22 Report on NDR operational performance at the end of TOP1 23 NDR Version 2 (Final Version) 35 Report on

317 views • 10 slides
Growing Evaluation A Presentation of Final Report Findings October 2018 An independent

Growing Evaluation A Presentation of Final Report Findings October 2018 An independent

HGH ERDF Get Growing Evaluation A Presentation of Final Report Findings October 2018 An independent assessment of: Progress towards project objectives. The validity of original rationale & strategic fit. Quantitative impact of

529 views • 14 slides
JIG Final Report on Universal Acceptance of IDN TLDs Date: November 15, 2013 This is a Final Report

JIG Final Report on Universal Acceptance of IDN TLDs Date: November 15, 2013 This is a Final Report

JIG Final Report on Universal Acceptance of IDN TLDs Date: November 15, 2013 This is a Final Report from the Joint ccNSO GNSO IDN Group (JIG) on the recommendations for actions to be taken by ICANN and the ICANN community to address the issue of

371 views • 9 slides
BSC Panel 193 BSC Panel 193 12 January 2012 Report on Progress of Report on Progress of

BSC Panel 193 BSC Panel 193 12 January 2012 Report on Progress of Report on Progress of

BSC Panel 193 BSC Panel 193 12 January 2012 Report on Progress of Report on Progress of Modification Proposals Adam Richardson 12 January 2012 Modifications Overview New New P281 P281 Definition - P272 P274 P275 P276 P277 P272,

878 views • 71 slides
STM32 Ecosystem workshop T.O.M.A.S Team 2 There is right time for some theory We will

STM32 Ecosystem workshop T.O.M.A.S Team 2 There is right time for some theory We will

STM32 Ecosystem workshop T.O.M.A.S Team 2 There is right time for some theory We will demonstrate how to configure SW4STM32 in Release mode to have the final code ready to be programmed in the final application. You can follow this

270 views • 11 slides
Iowa Nutrient Reduction Strategy Annual Progress Report 2017-2018 Water Resources Coordinating

Iowa Nutrient Reduction Strategy Annual Progress Report 2017-2018 Water Resources Coordinating

Note: These slides display preliminary results. Please do not cite. Final results will be available in the 2018 NRS Annual Report at www.nutrientstrategy.iastate.edu/documents in late August 2018. Iowa Nutrient Reduction Strategy Annual Progress

376 views • 33 slides
Quincy Public Schools PreKindergarten Progress Report & Kindergarten Report Cards Teaching

Quincy Public Schools PreKindergarten Progress Report & Kindergarten Report Cards Teaching

Quincy Public Schools PreKindergarten Progress Report & Kindergarten Report Cards Teaching and Learning Presentation March 28 th , 2016 1 To design a new Standards Based Elementary Report Card in Kindergarten and an updated Progress

358 views • 15 slides
Tab Q, No. 4(a) https://www.st.nmfs.noaa.gov/ecosystems/ebfm/ebfm-myths Several Ecosystem Type

Tab Q, No. 4(a) https://www.st.nmfs.noaa.gov/ecosystems/ebfm/ebfm-myths Several Ecosystem Type

Tab Q, No. 4(a) https://www.st.nmfs.noaa.gov/ecosystems/ebfm/ebfm-myths Several Ecosystem Type Initiatives Ecosystem Status Report Ecosystem Regional Roadmap National Ecosystem Policy January 2018 S taff outlined other

310 views • 12 slides
10/7/2016 Progress table Who is is this young man? What t is he doing here? Ecosystem Focus

10/7/2016 Progress table Who is is this young man? What t is he doing here? Ecosystem Focus

10/7/2016 Progress table Who is is this young man? What t is he doing here? Ecosystem Focus us Group Time for answe wers B A U K E D E V R I E S 5 O C T O B E R 2 0 1 6 WHAT IS HE DOING HERE? WHO IS THIS YOUNG MAN? Name me: Bauk

318 views • 3 slides
Progress Report of Local Ensemble Kalman Progress Report of Local Ensemble Kalman Filter/fvGCM

Progress Report of Local Ensemble Kalman Progress Report of Local Ensemble Kalman Filter/fvGCM

Progress Report of Local Ensemble Kalman Progress Report of Local Ensemble Kalman Filter/fvGCM fvGCM on AIRS on AIRS Filter/ Elana Klein, Hong Li, Junjie Liu University of Maryland with Profs: Kalnay, Szunyogh, Kostelich, Hunt, Ott, Sauer,

676 views • 22 slides
Progress Report 1 Presentation Highlights 1. Review of Goals & Action Plan 2. Progress to

Progress Report 1 Presentation Highlights 1. Review of Goals & Action Plan 2. Progress to

Progress Report 1 Presentation Highlights 1. Review of Goals & Action Plan 2. Progress to Date 3. Q&A 2 Protecting our Waters is a Shared Priority in Pinellas County Public Health & Safety Water Environment Quality Climate

390 views • 37 slides
FINAL REPORT An empirical relationship between changes in headrope length and catch for the NPF

FINAL REPORT An empirical relationship between changes in headrope length and catch for the NPF

FINAL REPORT An empirical relationship between changes in headrope length and catch for the NPF fleet A report to AFMA for the NPF RAG Bill Venables and Matthew Browne CMIS Report Number 07/80 29 June 2007 Commercial-in-confidence

380 views • 25 slides
Supporting learners in the workplace new roles for libraries and librarians Presented by

Supporting learners in the workplace new roles for libraries and librarians Presented by

Supporting learners in the workplace new roles for libraries and librarians Presented by Shane Godbolt, NCGST and Dr Aileen Wood, London Deanery CHAIN and NHSU, Workplace based learning in the NHS. 8/9 December 2003 Dreaming the future

284 views • 12 slides
Performance-based Ontology Matching An Effectiveness-independent Approach for Performance-gain

Performance-based Ontology Matching An Effectiveness-independent Approach for Performance-gain

PhD. Dissertation Presentation Performance-based Ontology Matching An Effectiveness-independent Approach for Performance-gain M. Bilal Amin mbilalamin@oslab.khu.ac.kr Dept. of Computer Engineering Kyung Hee University Advisor : Prof.

964 views • 60 slides
TSYS School of Computer Science Teacher Workshop May 7, 2011 Challenge The number of

TSYS School of Computer Science Teacher Workshop May 7, 2011 Challenge The number of

TSYS School of Computer Science Teacher Workshop May 7, 2011 Challenge The number of Computer Science majors dropped 40-50% nationwide between 2001-2008 The percentage of women has dropped to about 10% From a high of about 40% in

317 views • 10 slides
Origins 2005 RSS Robotics Education Workshop 30+ participants from a wide range of

Origins 2005 RSS Robotics Education Workshop 30+ participants from a wide range of

Aaron M. Dollar 1 and Daniela Rus 2 Massachusetts Institute of Technology 1 Health Sciences and Technology and the Media Lab 2 Computer Science and Artificial Intelligence Lab Origins 2005 RSS Robotics Education Workshop 30+ participants

410 views • 11 slides
DAT147: SECURITY TOPIC MAGNUS ALMGREN TOPICS Security-relevant Important trends in

DAT147: SECURITY TOPIC MAGNUS ALMGREN TOPICS Security-relevant Important trends in

DAT147: SECURITY TOPIC MAGNUS ALMGREN TOPICS Security-relevant Important trends in society Published at good conferences by good research groups (looked at very recent conferences) Touches on the writing part and the ethical part

215 views • 5 slides
? ? ? A l essandro M azzei PhD , Researcher, U ni versi t degl i Studi di Tori no

? ? ? A l essandro M azzei PhD , Researcher, U ni versi t degl i Studi di Tori no

M A D i M A N M ul ti m edi a A ppl i cati on f or D i et M A N agem ent ? ? ? A l essandro M azzei PhD , Researcher, U ni versi t degl i Studi di Tori no D i parti m ento di I nf orm ati ca D roi dcon Tori

227 views • 10 slides
KBS Knowledge-Based Systems Group Japan-Austria Joint Workshop on ICT, Tokyo, Oct 18-19, 2010

KBS Knowledge-Based Systems Group Japan-Austria Joint Workshop on ICT, Tokyo, Oct 18-19, 2010

Declarative Problem Solving and Nonmonotonic Reasoning Thomas Eiter Institute of Information Systems Vienna University of Technology eiter@kr.tuwien.ac.at KBS Knowledge-Based Systems Group Japan-Austria Joint Workshop on ICT, Tokyo, Oct

553 views • 32 slides
Ubiquitous Resilience with Connected Infrastructure and Technology Dr. Mohamed Abdel-Aty, PE

Ubiquitous Resilience with Connected Infrastructure and Technology Dr. Mohamed Abdel-Aty, PE

FUTURe CITy Fostering Smart Urban Transformation and Ubiquitous Resilience with Connected Infrastructure and Technology Dr. Mohamed Abdel-Aty, PE Trustee Chair Pegasus Professor and Dept Chair Civil, Environmental and Construction Engineering

420 views • 25 slides

More recommend