Models for Risk assessment of Mobile applications

Ikwuegbu, Chigozie Charles

January 2020

Mobile applications are software that extend the functionality of our smartphones by connecting us with friends and a wide range of other services. Android, which is an operating system based on the Linux kernel, leads the market with over 2.6 million applications recorded on their official store. Application developers, due to the ever-growing innovation in smartphones, are compelled to release new ideas on limited budget and time, resulting in the deployment of malicious applications. Although there exists a security mechanism on the Google Play Store to remove these applications, studies have shown that most of the applications on the app store compromise privacy or pose security-related risks. It is therefore essential to investigate the security risk of installing any of these applications on a device. The objectives are to identify methods and techniques for assessing mobile application security, investigate how attributes indicate the harmfulness of applications, and evaluate the performance of K Nearest Neighbors(K-NN) and Random forest machine learning models in assessing the security risk of installing mobile applications based on information available on the application distribution platform. A literature analysis was done to gather information on the different methods and techniques for assessing security in mobile applications and investigations on how different attributes on the application distribution platform indicate the harmfulness of an application. An experiment was also conducted to examine how various machine learning models perform in evaluating the security risk associated with installing applications, based on information on the application distribution platform. Literature analysis presents the various methods and techniques for mobile application security assessment and identifies how mobile application attributes indicate the harmfulness of mobile applications. The experimental results demonstrate the performance of the aforementioned machine learning models in evaluating the security risk of installing mobile applications. In conclusion, Static, dynamic, and grey-box analysis are the methods used to evaluate mobile application security, and machine learning models including K-NN and Random forest are suitable techniques for evaluating mobile application security risk. Attributes such as the permissions, number of installations, and ratings reveal the likelihood and impact of an underlying security threat. The K-NN and Random forest models when compared to evaluate the security risk of installing mobile applications based on information on the application distribution platform showed high performance with little differences.

Risk Assessment

Security and Privacy

Machine Learning

Mobile application security

Mo-bile application metadata

Computer Sciences

Datavetenskap (datalogi)

Symmetric Key Management for Mobile Financial Applications : A Key Hierarchy Approach

Azam, Junaid

January 2013

In recent times the usage of smart phones has significantly increased. Businesses are transforming to make more out of smart phones. As a consequence, there is an increasing demand to have more and more mobile applications. Among other areas, mobile applications are also being used to make financial transactions. Applications used for financial transactions need to be more reliable and have end-to-end security. To implement security we heavily depend on cryptography and the heart of cryptography is the keys which are used in cryptographic processes (encryption/decryption). Therefore, it is essential not only to protect, but also to properly manage these keys, so that a robust and secure system can be achieved. This research work provides a complete implementation of symmetric key management for mobile phone applications with a focus on financial data using a key hierarchy approach. We have developed a key management system which allows smart phones to download the cryptographic key hierarchy. This key hierarchy is used to encrypt and decrypt financial data, such as PIN and other transaction information. Using this application (key management system), we can achieve an end-to-end security between client (mobile phones) and payment server (banking server). This research work presents implementation of key management system for Android OS only.

Symmetric Key Management

Key Hierarchy

Key Security

Financial Transaction

Mobile Phone

Mobile Application Security

mCommerce.

Computer and Information Sciences

Data- och informationsvetenskap

Revamping Binary Analysis with Sampling and Probabilistic Inference

Zhuo Zhang (16398420)

19 June 2023

<p>Binary analysis, a cornerstone technique in cybersecurity, enables the examination of binary executables, irrespective of source code availability.</p> <p>It plays a critical role in understanding program behaviors, detecting software bugs, and mitigating potential vulnerabilities, specially in situations where the source code remains out of reach.</p> <p>However, aligning the efficacy of binary analysis with that of source-level analysis remains a significant challenge, primarily due to the uncertainty caused by the loss of semantic information during the compilation process.</p> <p><br></p> <p>This dissertation presents an innovative probabilistic approach, termed as <em>probabilistic binary analysis</em>, designed to combat the intrinsic uncertainty in binary analysis.</p> <p>It builds on the fundamental principles of program sampling and probabilistic inference, enhanced further by an iterative refinement architecture.</p> <p>The dissertation suggests that a thorough and practical method of sampling program behaviors can yield a substantial quantity of hints which could be instrumental in recovering lost information, despite the potential inclusion of some inaccuracies.</p> <p>Consequently, a probabilistic inference technique is applied to systematically incorporate and process the collected hints, suppressing the incorrect ones, thereby enabling the interpretation of high-level semantics.</p> <p>Furthermore, an iterative refinement mechanism is deployed to augment the efficiency of the probabilistic analysis in subsequent applications, facilitating the progressive enhancement of analysis outcomes through an automated or human-guided feedback loop.</p> <p><br></p> <p>This work offers an in-depth understanding of the challenges and solutions related to assessing low-level program representations and systematically handling the inherent uncertainty in binary analysis. </p> <p>It aims to contribute to the field by advancing the development of precise, reliable, and interpretable binary analysis solutions, thereby setting the groundwork for future exploration in this domain.</p>

Software and application security

Automated software engineering

Binary Analysis

Reverse Engineering

Probabilistic Analysis

Fuzzing

SUNNYMILKFUZZER - AN OPTIMIZED FUZZER FOR JVM-BASED LANGUAGE

Junyang Shao (16649343)

27 July 2023

<p>This thesis presents an in-depth investigation into the opportunities of optimizing the performance (throughput) of fuzzing on Java Virtual Machine (JVM)-based languages. The study identifies five main areas for potential optimization, each of which contributes to the performance bottlenecks in the existing state-of-the-art Java fuzzer, Jazzer.</p> <p><br></p> <p>Firstly, the use of coverage probes is recognized as costly due to the native method call, including call frame generation and destruction, while it only performs a simple byte increment. Secondly, the probes may become exhausted, which subsequently cease to generate signals for new interesting inputs, while the associated costs persist. Thirdly, the scanning of the coverage map is expensive, particularly for targets with a large loaded bytecode. Given that test inputs can only execute a portion of these, the probes for most bytecodes are scanned repeatedly without generating any signals, indicating a need for a more structured coverage map design to skip the code probes effectively. Lastly, exception handling in JVM is costly as it automatically fills in the stack trace whenever an exception object is created, even when most targets don't utilize this information. </p> <p><br></p> <p>The study then designs and implements optimization techniques for these opportunities. We believe we provide the optimal solution for the first opportunity, while better optimizations could be proposed for the second, third, and fourth. The collective improvement brought about by these implementations is on average 138% and up to 441% in throughput. This work, thus, offers valuable insights into enhancing the efficiency of fuzz testing in JVM languages and paves the way for further research in optimizing other areas of JVM-based-language fuzzing performance.</p>

Software and application security

Performance evaluation

Java and Virtual Machine Semantics

Java Fuzzing

Fuzzing

JVM

JIT

Jazzer

DEFEATING CYBER AND PHYSICAL ATTACKS IN ROBOTIC VEHICLES

Hyungsub Kim (17540454)

05 December 2023

<p dir="ltr">The world is increasingly dependent on cyber-physical systems (CPSs), e.g., robotic vehicles (RVs) and industrial control systems (ICSs). CPSs operate autonomously by processing data coming from both “cyberspace”—such as user commands—and “physical space”—such as sensors that measure the physical environment in which they operate. However, even after decades of research, CPSs remain susceptible to threats from attackers, primarily due to the increased complexity created by interaction with cyber and physical space (e.g., the cascading effects that changes in one space can impact on the other). In particular, the complexity causes two primary threats that increase the risk of causing physical damage to RVs: (1) logic bugs causing undesired physical behavior from the developers expectations; and (2) physical sensor attacks—such as GPS or acoustic noise spoofing—that disturb an RV’s sensor readings. Dealing with these threats requires addressing the interplay between cyber and physical space. In this dissertation, we systematically analyze the interplay between cyber and physical space, thereby tackling security problems created by such complexity. We present novel algorithms to detect logic bugs (PGFuzz in Chapter 2), help developers fix them (PGPatch in Chapter 3), and test the correctness of the patches attempting to address them (PatchVerif in Chapter 4). Further, we explain algorithms to discover the root causes and formulate countermeasures against physical sensor attacks that target RVs in Chapter 5.</p>

Hardware security

Software and application security

System and network security

Cybersecurity

Robotic vehicle

Cyber–physical system

Logic bug

Physical sensor attack

REHOSTING EMBEDDED APPLICATIONS AS LINUX APPLICATIONS FOR DYNAMIC ANALYSIS

Jayashree Srinivasan (17683698)

20 December 2023

<p dir="ltr">Dynamic analysis of embedded firmware is a necessary capability for many security tasks, e.g., vulnerability detection. Rehosting is a technique that enables dynamic analysis by facilitating the execution of firmware in a host environment decoupled from the actual hardware. Current rehosting techniques focus on high-fidelity execution of the entire firmware. Consequently, these techniques try to execute firmware in an emulated environment, with precise models of hardware (i.e., peripheral) interactions. However, these techniques are hard to scale and have various drawbacks. </p><p dir="ltr">Therefore, a novel take on rehosting is proposed by focusing on the application components and their interactions with the firmware without the need to model hardware dependencies. This is achieved by rehosting the embedded application as a Linux application. In addition to avoiding precise peripheral modeling, such a rehosting technique enables the use of existing dynamic analysis techniques on these embedded applications. The feasibility of this approach is demonstrated first by manually performing the rehosting on real-world embedded applications. The challenges in each of the phases – retargeting to x86-64, peripheral handling, and fuzzing the rehosted applications are elaborated. Furthermore, automated steps for retargeting to the x86-64 and peripheral handling are developed. The peripheral handling achieves 89% accuracy if reserved regions are also considered. The testing of these rehosted applications found 2 previously unknown defects in driver components.</p>

Software and application security

System and network security

Cybersecurity

Firmware

Rehosting

Real-Time Systems

RTOS

Dynamic Analysis

Embedded Systems

Embedded Systems Security

Web-Based Intrusion Detection System

Ademi, Muhamet

January 2013

Web applications are growing rapidly and as the amount of web sites globallyincreases so do security threats. Complex applications often interact with thirdparty services and databases to fetch information and often interactions requireuser input. Intruders are targeting web applications specifically and they are ahuge security threat to organizations and a way to combat this is to haveintrusion detection systems. Most common web attack methods are wellresearched and documented however due to time constraints developers oftenwrite applications fast and may not implement the best security practices. Thisreport describes one way to implement a intrusion detection system thatspecifically detects web based attacks.

intrusion detection system

ids

web application security

web application

network security

web security

Engineering and Technology

Teknik och teknologier

Forensic Analysis of WhatsApp on Android Smartphones

Thakur, Neha S

06 August 2013

Android forensics has evolved over time offering significant opportunities and exciting challenges. On one hand, being an open source platform Android is giving developers the freedom to contribute to the rapid growth of the Android market whereas on the other hand Android users may not be aware of the security and privacy implications of installing these applications on their phones. Users may assume that a password-locked device protects their personal information, but applications may retain private information on devices, in ways that users might not anticipate. In this thesis we will be concentrating on one such application called 'WhatsApp', a popular social networking application. We will be forming an outline on how forensic investigators can extract useful information from WhatsApp and from similar applications installed on an Android platform. Our area of focus is extraction and analysis of application user data from non-volatile external storage and the volatile memory (RAM) of an Android device.

Information Assurance

Security

Computer Science

Android

Application Security

Volatile Memory Forensics

Computer Engineering

Computer Sciences

Databases and Information Systems

Other Computer Engineering

Other Computer Sciences

Software Engineering

Anomaly Detection From Personal Usage Patterns In Web Applications

Vural, Gurkan

01 December 2006

The anomaly detection task is to recognize the presence of an unusual (and potentially hazardous) state within the behaviors or activities of a computer user, system, or network with respect to some model of normal behavior which may be either hard-coded or learned from observation. An anomaly detection agent faces many learning problems including learning from streams of temporal data, learning from instances of a single class, and adaptation to a dynamically changing concept. The domain is complicated by considerations of the trusted insider problem (recognizing the difference between innocuous and malicious behavior changes on the part of a trusted user). This study introduces the anomaly detection in web applications and formulates it as a machine learning task on temporal sequence data. In this study the goal is to develop a model or profile of normal working state of web application user and to detect anomalous conditions as deviations from the expected behavior patterns. We focus, here, on learning models of normality at the user behavioral level, as observed through a web application. In this study we introduce some sensors intended to function as a focus of attention unit at the lowest level of a classification hierarchy using Finite State Markov Chains and Hidden Markov Models and discuss the success of these sensors.

Μέθοδοι προστασίας ιστοσελίδων στο διαδίκτυο

Μπαλαφούτης, Χρήστος

19 October 2012

Στην παρούσα διπλωματική εργασία παρουσιάζονται βασικές έννοιες και μέθοδοι για την ασφάλεια ιστοσελίδων και ιδιαίτερα των site με web application προσανατολισμό, χωρίς αυτό να σημαίνει ότι αρκετές τεχνικές προστασίας και σφάλματα που θα εντοπίσουμε δεν μπορούν να συναντηθούν και σε άλλου σκοπού ιστοσελίδες. Αρχικά, γίνεται αναφορά στο τι είναι μια εφαρμογή ιστού (web app) και ποια είναι τα στοιχεία που την αποτελούν. Στη συνέχεια, χρησιμοποιώντας έρευνες, παρουσιάζονται κάποιες από τις πιο “δημοφιλείς” επιθέσεις που γίνονται σε ιστοσελίδες και περιγράφεται πιο διεξοδικά ποια αδύνατα σημεία της δομής των ιστοσελίδων εκμεταλλεύονται. Παράλληλα, γίνεται αναφορά στο πως και με ποια εργαλεία μπορούμε να εντοπίσουμε και να κλείσουμε τα κενά ασφαλείας που τυχόν έχει μία εφαρμογή ιστού. Τέλος, παρουσιάζεται η εφαρμογή που αναπτύχθηκε στα πλαίσια της εργασίας με σκοπό να γίνει επίδειξη συγκεκριμένων επιθέσεων και σφαλμάτων που παρατηρούνται στο διαδίκτυο. / In the following pages basic principals and methods are presented in order to secure websites and web applications. I begin by mentioning what is a web application. Moreover, by using statistics and recent researches from various sources i mention the most common web app attack methods and which vulnerabilities can be found in a web app and how to prevent exploiting, something we can accomplish by using various penetration testing tools. Finally, by using a basic web app some web attacks are shown so that it will become more clear how these attacks work.

Ασφάλεια ιστοσελίδων

Εφαρμογές ιστού

Διαδίκτυο

005.8

Web application security

Site attacks

Web applications

Penetration testing

Cross-site scripting (XSS)

Cross-site request forgeries (CSRF)

SQL injection