Evaluation of Multi Criteria Decision Making Methods for Potential Use in Application Security

Gade, Praveen Kumar, Osuri, Manjit

January 2014

With an upsurge in number of available smart phones, tablet PCs etc. most users find it easy to access Internet services using mobile applications. It has been a challenging task for mobile application developers to choose suitable security types (types of authentication, authorization, security protocols, cryptographic algorithms etc.) for mobile applications. Choosing an inappropriate security type for a mobile application may lead to performance degradation and vulnerable issues in applications. The choice of the security type can be done by decision making. Decision making is a challenging task for humans. When choosing a single alternative among a set of alternatives with multiple criteria, it is hard to know which one is the better decision. Mobile application developers need to incorporate Multi-Criteria Decision Making (MCDM) Models to choose a suitable security type for mobile application. A decision model for application security enhances decision making for mobile application developers to decide and set the required security types for the application. In this thesis, we discuss different types of MCDM models that have been applied in an IT security area and scope of applying MCDM models in application security area. Literature review and evaluation of the selected decision models gives a detailed overview on how to use them to provide application security. / The first chapter introduces the thesis work. The second chapter presents the background of decision making models, their process, and the classification of decision making models. The third chapter presents the research methodology we have used in different phases which aims to answer the research questions. The fourth chapter gives a detailed literature study of how decision models can be used in application security. The fifth chapter evaluates selected decision models. The sixth chapter concludes the thesis and presents future work.

Multi-Criteria Decision Making

Mobile Application Security

Mathematical Analysis

Matematisk analys

Telecommunications

Telekommunikation

Software Engineering

Programvaruteknik

Differences in security between native applications and web based applications in the field of health care

Dahl, Andreas, Nylander, Kristofer

January 2015

Developing native applications for different platforms with different resolutions and screen sizes is both time consuming and costly. If developers were able to develop one web based application which can be used on multiple platforms, yet retain the same level of security as a native application, they would be able to reduce both development time and costs. In this thesis we will investigate the possibilities of achieving a level of security in a web-based application that can equal that of a native application, as well as how to develop an application that uses the Mina Vårdkontakter (My Healthcare Contacts) framework.

Mobile application security

Native and web applications

Healthcare IT security

Mina Vårdkontakter

My Healthcare Contacts

Computer Sciences

Datavetenskap (datalogi)

Models for Risk assessment of Mobile applications

Ikwuegbu, Chigozie Charles

January 2020

Mobile applications are software that extend the functionality of our smartphones by connecting us with friends and a wide range of other services. Android, which is an operating system based on the Linux kernel, leads the market with over 2.6 million applications recorded on their official store. Application developers, due to the ever-growing innovation in smartphones, are compelled to release new ideas on limited budget and time, resulting in the deployment of malicious applications. Although there exists a security mechanism on the Google Play Store to remove these applications, studies have shown that most of the applications on the app store compromise privacy or pose security-related risks. It is therefore essential to investigate the security risk of installing any of these applications on a device. The objectives are to identify methods and techniques for assessing mobile application security, investigate how attributes indicate the harmfulness of applications, and evaluate the performance of K Nearest Neighbors(K-NN) and Random forest machine learning models in assessing the security risk of installing mobile applications based on information available on the application distribution platform. A literature analysis was done to gather information on the different methods and techniques for assessing security in mobile applications and investigations on how different attributes on the application distribution platform indicate the harmfulness of an application. An experiment was also conducted to examine how various machine learning models perform in evaluating the security risk associated with installing applications, based on information on the application distribution platform. Literature analysis presents the various methods and techniques for mobile application security assessment and identifies how mobile application attributes indicate the harmfulness of mobile applications. The experimental results demonstrate the performance of the aforementioned machine learning models in evaluating the security risk of installing mobile applications. In conclusion, Static, dynamic, and grey-box analysis are the methods used to evaluate mobile application security, and machine learning models including K-NN and Random forest are suitable techniques for evaluating mobile application security risk. Attributes such as the permissions, number of installations, and ratings reveal the likelihood and impact of an underlying security threat. The K-NN and Random forest models when compared to evaluate the security risk of installing mobile applications based on information on the application distribution platform showed high performance with little differences.

Risk Assessment

Security and Privacy

Machine Learning

Mobile application security

Mo-bile application metadata

Computer Sciences

Datavetenskap (datalogi)

Symmetric Key Management for Mobile Financial Applications : A Key Hierarchy Approach

Azam, Junaid

January 2013

In recent times the usage of smart phones has significantly increased. Businesses are transforming to make more out of smart phones. As a consequence, there is an increasing demand to have more and more mobile applications. Among other areas, mobile applications are also being used to make financial transactions. Applications used for financial transactions need to be more reliable and have end-to-end security. To implement security we heavily depend on cryptography and the heart of cryptography is the keys which are used in cryptographic processes (encryption/decryption). Therefore, it is essential not only to protect, but also to properly manage these keys, so that a robust and secure system can be achieved. This research work provides a complete implementation of symmetric key management for mobile phone applications with a focus on financial data using a key hierarchy approach. We have developed a key management system which allows smart phones to download the cryptographic key hierarchy. This key hierarchy is used to encrypt and decrypt financial data, such as PIN and other transaction information. Using this application (key management system), we can achieve an end-to-end security between client (mobile phones) and payment server (banking server). This research work presents implementation of key management system for Android OS only.

Symmetric Key Management

Key Hierarchy

Key Security

Financial Transaction

Mobile Phone

Mobile Application Security

mCommerce.

Computer and Information Sciences

Data- och informationsvetenskap