sema a design methodology for building secure android apps
play

SeMA: A Design Methodology for Building Secure Android Apps Joydeep - PowerPoint PPT Presentation

Dec 17, 2022 •376 likes •572 views

SeMA: A Design Methodology for Building Secure Android Apps Joydeep Mitra Venkatesh-Prasad Ranganath Department of Computer Science Kansas State University, USA Internatjonal Workshop on Advances in Mobile App Analysis (A-Mobile 2019) San

  1. SeMA: A Design Methodology for Building Secure Android Apps Joydeep Mitra Venkatesh-Prasad Ranganath Department of Computer Science Kansas State University, USA Internatjonal Workshop on Advances in Mobile App Analysis (A-Mobile 2019) San Diego, USA November 11, 2019

  2. Context • Storyboards are used to capture the UI+UX of an app • Security is crucial to the UX of a mobile app • Current UX design process of an app is limited in terms of security reasoning • Can reasoning about security be baked into the design process of an app?

  3. What is mobile app storyboarding? A storyboard is a sequence of images that serves as a specifjcatjon of the user observed behavior in terms of screens and transitjons between screens

  4. Limitatjons of Current Mobile App Storyboarding Approaches/Tools • Inability to specify of non-UI behavior • Inability to enable collaboratjon between app designers and app developers • Inability to reason about non functjonal propertjes such as security We propose a methodology (SeMA) based on storyboarding to enable the specifjcatjon and verifjcatjon of security propertjes of Android apps at design tjme.

  5. Proposed Methodology • App designer specifjes the app’s storyboard • App designer and developer collaborate to iteratjvely refjne the storyboard by adding non-UI related behavior (e.g., constraints on when transitjons will be triggered) • Afuer every iteratjon verify if the storyboard satjsfjes pre-defjned security propertjes • Finally, generate property preserving code • Developer extends generated code with business logic

  6. Illustratjve Example: Initjal Storyboard

  7. Illustratjve Example: Storyboard with UI Constraints

  8. Illustratjve Example: Storyboard with Non- UI Constraints

  9. Illustratjve Example: Security Analysis of the Storyboard

  10. Realizing SeMA for Android [PoC/Ongoing] • Extend existjng Storyboard tools (e.g. Navigatjon graphs) to enable the specifjcatjon of non-UI behavior • Defjne security propertjes based on known vulnerabilitjes • Build the analysis framework to verify pre-defjned security propertjes on the storyboard • Build the code generatjon algorithm to translate storyboards to Java/Kotlin • Enable the methodology in Android Studio

  11. Realizing SeMA for Android Platgorm Use JetPack’s Navigatjon Graph for storyboarding

  12. Realizing SeMA for Android Platgorm

  13. Realizing SeMA for Android Platgorm Extend navigatjon graph with UI constraints

  14. Realizing SeMA for Android Platgorm Extending navigatjon graph with non-UI constraints

  15. Realizing SeMA for Android Platgorm Extend navigatjon graph with Security Analysis

  16. Realizing SeMA for Android Platgorm Extend navigatjon graph with Security Analysis

  17. Challenges • Enabling storyboards to capture non-UI behavioral constraints in a non- intrusive way [PoC/Ongoing] • Making the analysis context-aware [Future Work] • Checking richer security propertjes (e.g. temporality) [Future Work] • Ensuring preservatjon of security propertjes [Future Work]

  18. Takeaways A design methodology to enable automated reasoning and verifjcatjon of security propertjes of Android apps • Builds on storyboarding • Tackles difgerent classes of security propertjes • Can be realized with existjng Android app development tools • Facilitates automated reasoning and verifjcatjon

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure Communication in Client-Server Android Apps With a bias towards mobile banking

Secure Communication in Client-Server Android Apps With a bias towards mobile banking

Secure Communication in Client-Server Android Apps With a bias towards mobile banking applications. AFRICA HACKON CONFERENCE, 2016. Convergent Security. whoami Masters Candidate Ethical Hacker Web Developer Jazz fan

599 views • 20 slides
Building Beautiful Apps Ahmed Abu Eldahab GDE Flutuer & Daru @dahabdev Tell me about you?

Building Beautiful Apps Ahmed Abu Eldahab GDE Flutuer & Daru @dahabdev Tell me about you?

Building Beautiful Apps Ahmed Abu Eldahab GDE Flutuer & Daru @dahabdev Tell me about you? Developers , Designers , Mac , Linux , Windows , Web , Mobile , Android , ios ? @dahabdev Agenda Context about Apps Native apps

693 views • 53 slides
(Android) https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

(Android) https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

(Android) https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 (iPhone) https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8 (Android)

365 views • 13 slides
Android Customization: From the Kernel to the Apps Hi, I am Cdric, I work for Genymobile as a

Android Customization: From the Kernel to the Apps Hi, I am Cdric, I work for Genymobile as a

Android Customization: From the Kernel to the Apps Hi, I am Cdric, I work for Genymobile as a System Engineer Genymobile is a company specialized in Android. We are based in France (Paris and Lyon) and SF. We develop and customize android

514 views • 40 slides
in Android apps Shin Hwei Zhen Xiang Abhik Tan Dong Gao Roychoudhury 2 Prevalence of

in Android apps Shin Hwei Zhen Xiang Abhik Tan Dong Gao Roychoudhury 2 Prevalence of

Repairing crashes in Android apps Shin Hwei Zhen Xiang Abhik Tan Dong Gao Roychoudhury 2 Prevalence of Mobile Apps App Store Google Play Launched with 500 apps. 3.5 millions apps By July 17, 10 millions available for download apps

518 views • 22 slides
CS 525M Mobile and Ubiquitous Computing Lecture 3: Intro to Android Programming Emmanuel Agu

CS 525M Mobile and Ubiquitous Computing Lecture 3: Intro to Android Programming Emmanuel Agu

CS 525M Mobile and Ubiquitous Computing Lecture 3: Intro to Android Programming Emmanuel Agu Android App Most apps written in Java Android SDK tools compile code, data and resource files into Android PacKage (filename.apk) . Apps

415 views • 17 slides
Android App Anatomy Eric Burke Square @burke_eric Topics Android lifecycle Fragments

Android App Anatomy Eric Burke Square @burke_eric Topics Android lifecycle Fragments

Android App Anatomy Eric Burke Square @burke_eric Topics Android lifecycle Fragments Open source Tape Otto Dagger ActionBarSherlock Android Design on every device. Lifecycle Install Apps Run Forever Uninstall

844 views • 82 slides
Computing Lecture 2a: Introduction to Android Programming Emmanuel Agu Editting in Android

Computing Lecture 2a: Introduction to Android Programming Emmanuel Agu Editting in Android

CS 528 Mobile and Ubiquitous Computing Lecture 2a: Introduction to Android Programming Emmanuel Agu Editting in Android Studio Recall: Editting Android Can edit apps in: Text View: edit XML directly Design View: or drag and drop

701 views • 51 slides
JavaScript on TV Building full screen apps with Vue.js Welcome to multiplatform hell. Theres

JavaScript on TV Building full screen apps with Vue.js Welcome to multiplatform hell. Theres

JavaScript on TV Building full screen apps with Vue.js Welcome to multiplatform hell. Theres so many of them! LG Netcast LG WebOS Samsung Tizen Android TV Firefox OS (srsly.) Roku TV Fire TV tvOS and the

307 views • 18 slides
Polished Droids: Bringing Android Apps to Chromebooks Maksim Lin Freelance Android Developer

Polished Droids: Bringing Android Apps to Chromebooks Maksim Lin Freelance Android Developer

Polished Droids: Bringing Android Apps to Chromebooks Maksim Lin Freelance Android Developer www.manichord.com Chromebooks ? Background Freelance Android and AOSP dev ~ 5 yrs Use and Chromebooks ~ 4yrs Wrote Git client Chrome

339 views • 31 slides
Computing Lecture 3: Android UI Design in XML + Examples Emmanuel Agu Android UI Design in XML

Computing Lecture 3: Android UI Design in XML + Examples Emmanuel Agu Android UI Design in XML

CS 4518 Mobile and Ubiquitous Computing Lecture 3: Android UI Design in XML + Examples Emmanuel Agu Android UI Design in XML Recall: Files Hello World Android Project XML file used to design Android UI 3 Files: Activity_main.xml: XML file

701 views • 58 slides
Bypassing Android Password Manager Apps Without Root Stephan Huber, Siegfried Rasthofer, Steven

Bypassing Android Password Manager Apps Without Root Stephan Huber, Siegfried Rasthofer, Steven

Bypassing Android Password Manager Apps Without Root Stephan Huber, Siegfried Rasthofer, Steven Arzt Fraunhofer SIT 2 Stephan Siegfried Mobile Security Researcher at Head of Department Secure Fraunhofer SIT Software Engineering

948 views • 58 slides
Bringing Android Apps to Tizen Kevin Menice, OpenMobile World Wide, Inc. SVP & GM, Embedded

Bringing Android Apps to Tizen Kevin Menice, OpenMobile World Wide, Inc. SVP & GM, Embedded

Bringing Android Apps to Tizen Kevin Menice, OpenMobile World Wide, Inc. SVP & GM, Embedded and Core Technologies November 11, 2013 Session Abstract Enable your Android apps on the Tizen platform with OpenMobile Application

331 views • 29 slides
CS 403X Mobile and Ubiquitous Computing Lecture 2: Android UI Design, First Android Program

CS 403X Mobile and Ubiquitous Computing Lecture 2: Android UI Design, First Android Program

CS 403X Mobile and Ubiquitous Computing Lecture 2: Android UI Design, First Android Program Emmanuel Agu Android UI Design in XML Recall: Files Hello World Android Project XML file used to design Android UI 3 Files: Activity_main.xml: XML

1.18k views • 92 slides
Bringing Android Apps to Tizen Mike Paquette OpenMobile World Wide May 24, 2013 Session

Bringing Android Apps to Tizen Mike Paquette OpenMobile World Wide May 24, 2013 Session

Bringing Android Apps to Tizen Mike Paquette OpenMobile World Wide May 24, 2013 Session Abstract Enable your Android Apps on the Tizen platform with OpenMobiles Application Compatibility Layer (ACL). With our ACL technology,

325 views • 30 slides
AR 101 Introduction to Design Instructors Tongu Ak / Zeynep Aktre / In Can / Sema

AR 101 Introduction to Design Instructors Tongu Ak / Zeynep Aktre / In Can / Sema

IZTECH Faculty of Architecture Fall 2018 AR 101 Introduction to Design Instructors Tongu Ak / Zeynep Aktre / In Can / Sema Doan / Yank Gktepe / Nilfer Talu Hatice Aktrk Ablan / Yelin Demir / Nil Nadire Gelikan / lker

431 views • 25 slides
Digital Game Playing as Storyboard Interpretation (The Slides) Data September 2013 CITATIONS

Digital Game Playing as Storyboard Interpretation (The Slides) Data September 2013 CITATIONS

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/256980056 Digital Game Playing as Storyboard Interpretation (The Slides) Data September 2013 CITATIONS READS 0 93 3 authors: Jun

493 views • 25 slides
Mediensystemen mit iOS WS 2011 Prof. Dr. Michael Rohs michael.rohs@ifi.lmu.de MHCI Lab, LMU

Mediensystemen mit iOS WS 2011 Prof. Dr. Michael Rohs michael.rohs@ifi.lmu.de MHCI Lab, LMU

Praktikum Entwicklung von Mediensystemen mit iOS WS 2011 Prof. Dr. Michael Rohs michael.rohs@ifi.lmu.de MHCI Lab, LMU Mnchen Today Storyboards Automatic Reference Counting Animations Exercise 3 Michael Rohs, LMU Praktikum

931 views • 56 slides
Cthulus Clutches Lovecraftian Horror Theme Storyboard Implementation Theme Storyboard

Cthulus Clutches Lovecraftian Horror Theme Storyboard Implementation Theme Storyboard

Cthulus Clutches Lovecraftian Horror Theme Storyboard Implementation Theme Storyboard Implementation Theme Storyboard Implementation Theme Storyboard Implementation Theme Storyboard Implementation Theme Storyboard Implementation

510 views • 21 slides
Slide 1 Hello and welcome to Amy K. Millers Storyboard: Life As A Spartan. Below my title

Slide 1 Hello and welcome to Amy K. Millers Storyboard: Life As A Spartan. Below my title

Slide 1 Hello and welcome to Amy K. Millers Storyboard: Life As A Spartan. Below my title page is an inspirational quote AMY K MILLERS STORY BOARD: by Bernice Johnson Reagon that reads: LIFE AS A SPARTAN Lifes challenges are not

891 views • 7 slides
The Workpad Project Lecturer: Andrea MARRELLA Lecturer Andrea Marrella Dipartimento di

The Workpad Project Lecturer: Andrea MARRELLA Lecturer Andrea Marrella Dipartimento di

Course on Human-Computer Interaction (HCI-16) HCI 2015-2016 The Workpad Project Lecturer: Andrea MARRELLA Lecturer Andrea Marrella Dipartimento di Ingegneria Informatica, Automatica e Gestionale A.Ruberti Sapienza - Universit di

1.34k views • 120 slides
Human-Computer Interaction CSG 170 Round 5 Homework I3: Update Now due next week (final!)

Human-Computer Interaction CSG 170 Round 5 Homework I3: Update Now due next week (final!)

2/11/2012 Human-Computer Interaction CSG 170 Round 5 Homework I3: Update Now due next week (final!) Cambridge Senior Center plan No more than two people at once Use the calendar Team Project Ideas Getting closer, but some

501 views • 21 slides
Good Morning! BMS1301/MCS1450 Introduction to Broadcasting Ulrich Werner The Production Process

Good Morning! BMS1301/MCS1450 Introduction to Broadcasting Ulrich Werner The Production Process

Good Morning! BMS1301/MCS1450 Introduction to Broadcasting Ulrich Werner The Production Process Much the same as for radio, film, or video, but more flexible and faster. The Production Process The production process refers to the stages

780 views • 12 slides
He Help Y Your S Students ts Succ ucceed i in their Online C Course St Stephen M Murgat

He Help Y Your S Students ts Succ ucceed i in their Online C Course St Stephen M Murgat

He Help Y Your S Students ts Succ ucceed i in their Online C Course St Stephen M Murgat atroyd, P , PhD FBPsS F S FRSA SA Chief Innovation Officer Contact North | Contact Nord www.contactnord.ca Wh Who A Am I I Teaching

603 views • 31 slides

More recommend