• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 9
  • 3
  • 3
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 23
  • 9
  • 8
  • 7
  • 6
  • 5
  • 5
  • 4
  • 4
  • 4
  • 3
  • 3
  • 3
  • 3
  • 3
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

PScout: Analyzing the Android Permission Specification

Au, Kathy Wain Yee 18 March 2013 (has links)
Modern smartphone operating systems (OSs) have been developed with a greater emphasis on security and protecting privacy. One of the security mechanisms these systems use is permission system. We perform an analysis of the Android permission system in an attempt to begin answering some of the questions that have arisen about its design and implementation. We developed PScout, a tool that extracts the permission specification from the Android OS source code using static analysis and analyzed 5 versions of Android spanning version 2.2 up to the recently released Android 4.1. Our main findings are that while there is little redundancy in the permission specification, if applications could be constrained to only use documented APIs, then about 18-26% of the non-system permissions can be hidden. Finally, we find that a trade-off exists between enabling least-privilege security with fine-grained permissions and maintaining stability of the permission specification as the Android OS evolves.
2

PScout: Analyzing the Android Permission Specification

Au, Kathy Wain Yee 18 March 2013 (has links)
Modern smartphone operating systems (OSs) have been developed with a greater emphasis on security and protecting privacy. One of the security mechanisms these systems use is permission system. We perform an analysis of the Android permission system in an attempt to begin answering some of the questions that have arisen about its design and implementation. We developed PScout, a tool that extracts the permission specification from the Android OS source code using static analysis and analyzed 5 versions of Android spanning version 2.2 up to the recently released Android 4.1. Our main findings are that while there is little redundancy in the permission specification, if applications could be constrained to only use documented APIs, then about 18-26% of the non-system permissions can be hidden. Finally, we find that a trade-off exists between enabling least-privilege security with fine-grained permissions and maintaining stability of the permission specification as the Android OS evolves.
3

Graphical Representations of Security Settings in Android

January 2015 (has links)
abstract: On Android, existing security procedures require apps to request permissions for access to sensitive resources. Only when the user approves the requested permissions will the app be installed. However, permissions are an incomplete security mechanism. In addition to a user's limited understanding of permissions, the mechanism does not account for the possibility that different permissions used together have the ability to be more dangerous than any single permission alone. Even if users did understand the nature of an app's requested permissions, this mechanism is still not enough to guarantee that a user's information is protected. Applications can potentially send or receive sensitive information from other applications without the required permissions by using intents. In other words, applications can potentially collaborate in ways unforeseen by the user, even if the user understands the permissions of each app independently. In this thesis, we present several graph-based approaches to address these issues. We determine the permissions of an app and generate scores based on our assigned value of certain resources. We analyze these scores overall, as well as in the context of the app's category as determined by Google Play. We show that these scores can be used to identify overzealous apps, as well as apps that do not properly fit within their category. We analyze potential interactions between different applications using intents, and identify several promiscuous apps with low permission scores, showing that permissions alone are not sufficient to evaluate the security risks of an app. Our analyses can form the basis of a system to assist users in identifying apps that can potentially compromise user privacy. / Dissertation/Thesis / Permission Scores and List of Apps considered for each category. / Masters Thesis Computer Science 2015
4

Dynamic User Defined Permissions for Android Devices

Stelly, Christopher D 20 December 2013 (has links)
Mobile computing devices have become an essential part of everyday life and are becoming the primary means for collecting and storing sensitive personal and corporate data. Android is, by far, the dominant mobile platform, which makes its permissions model responsible for securing the vast majority of this sensitive data. The current model falls well short of actual user needs, as permission assignments are made statically at installation time. Therefore, it is impossible to implement dynamic security policies that could be applied selectively depending on context. Users are forced to unconditionally trust installed apps without means to isolate them from sensitive data. We describe a new approach, app sanitization, which automatically instruments apps at installation time, such that users can dynamically grant and revoke individual permissions. The main advantage of our technique is that it runs in userspace and utilizes standard aspect-oriented methods to incorporate custom security controls into the app.
5

Privacy Preserving Controls for Android Applications

January 2014 (has links)
abstract: Android is currently the most widely used mobile operating system. The permission model in Android governs the resource access privileges of applications. The permission model however is amenable to various attacks, including re-delegation attacks, background snooping attacks and disclosure of private information. This thesis is aimed at understanding, analyzing and performing forensics on application behavior. This research sheds light on several security aspects, including the use of inter-process communications (IPC) to perform permission re-delegation attacks. Android permission system is more of app-driven rather than user controlled, which means it is the applications that specify their permission requirement and the only thing which the user can do is choose not to install a particular application based on the requirements. Given the all or nothing choice, users succumb to pressures and needs to accept permissions requested. This thesis proposes a couple of ways for providing the users finer grained control of application privileges. The same methods can be used to evade the Permission Re-delegation attack. This thesis also proposes and implements a novel methodology in Android that can be used to control the access privileges of an Android application, taking into consideration the context of the running application. This application-context based permission usage is further used to analyze a set of sample applications. We found the evidence of applications spoofing or divulging user sensitive information such as location information, contact information, phone id and numbers, in the background. Such activities can be used to track users for a variety of privacy-intrusive purposes. We have developed implementations that minimize several forms of privacy leaks that are routinely done by stock applications. / Dissertation/Thesis / Masters Thesis Computer Science 2014
6

Soothsharp: překladač C# do jazyka Viper / Soothsharp: A C#-to-Viper translator

Hudeček, Petr January 2017 (has links)
Viper is a verification infrastructure developed at ETH Zurich. Using this infrastructure, programs written in the Viper language may be analyzed for correctness with respect to assertions and contracts. In this thesis, we develop a contracts library and a translator program that compiles C# code into the Viper language and thus allows it to be verified. A user may annotate their C# program with these contracts and then use the translator to determine its functional correctness. The translator supports most C# features, including types and arrays. It also integrates with Visual Studio, showing translation and verification errors to the user on-the-fly.
7

A PRIVACY-AWARE WEARABLE FRAMEWORK

Mohzary, Muhammad A. 05 December 2018 (has links)
No description available.
8

Implementation and Evaluation of an Algorithm for User Identity and Permissions for Situational Awareness Analysis

Tolley, Joseph D. 04 1900 (has links)
The thesis analyzes the steps and actions necessary to develop an application using a user identity management system, user permissions system, message distribution system, and message response data collection and display system to deliver timely command and control of human assets and the input of intelligence in emergency response situations. The application, MinuteMan, uniquely manages messages sent between multiple users and their parent organizations. Specifically, messages are stored, managed, and displayed to managers based on the hierarch or organizational rank as well as situational allowances of the users sending and receiving messages and permissions. Using an algorithm for user identity and permissions for situational awareness analysis, messages and information is sent to multiple addressees in an organization. Responses are correlated to the rank of the responding recipients in the organization, to assist the users and the parent organizations to identify which responses to have been read. Receipt of the messages is acknowledged before the message can be fully read. Responses to the messages include a selection of a user status from a preset choice of statuses, and may include other response attributes required or offered by the sender of the message. The locations of responding and non-responding addresses can be mapped and tracked. The resulting solution provides improved situational awareness during emergency response situations. / M.S. / The thesis analyzes the steps and actions necessary to develop an application using a user identity management system, user permissions system, message distribution system, and message response data collection and display system to deliver timely command and control of human assets and the input of intelligence in emergency response situations. Using an algorithm for user identity and permissions for situational awareness analysis, messages and information are sent to multiple user addressees for individuals supporting an organization. Responses are correlated to the rank of the responding recipient in the organization, and to assist the senders of the messages to identify which responses to read by the targeted recipients. Receipt of the messages is acknowledged before the message can be fully read. Responses to the messages include a selection of a user status from a preset choice of statuses, and may include other response attributes required or offered by the sender of the message. The locations of responding and non-responding addresses can be mapped and tracked. The resulting solution provides improved situational awareness during emergency response situations.
9

Vérification de programmes avec pointeurs à l'aide de régions et de permissions / Verification of Pointer Programs Using Regions and Permissions

Bardou, Romain 14 October 2011 (has links)
La vérification déductive de programmes consiste à annoter des programmes par une spécification, c'est-à-dire un ensemble de formules logiques décrivant le comportement du programme, et à prouver que les programmes vérifient bien leur spécification. Des outils tels que la plate-forme Why prennent en entrée un programme et sa spécification et calculent des formules logiques telles que, si elles sont prouvées, le programme vérifie sa spécification. Ces formules logiques peuvent être prouvées automatiquement ou à l'aide d'assistants de preuve.Lorsqu'un programme est écrit dans un langage supportant les alias de pointeurs, c'est-à-dire si plusieurs variables peuvent désigner la même case mémoire, alors le raisonnement sur le programme devient particulièrement ardu. Il est nécessaire de spécifier quels pointeurs peuvent être égaux ou non. Les invariants des structures de données, en particulier, sont plus difficiles à vérifier.Cette thèse propose un système de type permettant de structurer la mémoire de façon modulaire afin de contrôler les alias de pointeurs et les invariants de données. Il est basé sur les notions de région et de permission. Les programmes sont ensuite interprétés vers Why de telle façon que les pointeurs soient séparés au mieux, facilitant ainsi le raisonnement. Cette thèse propose aussi un mécanisme d'inférence permettant d'alléger le travail d'annotation des opérations de régions introduites par le langage. Un modèle est introduit pour décrire la sémantique du langage et prouver sa sûreté. En particulier, il est prouvé que si le type d'un pointeur affirme que celui-ci vérifie son invariant, alors cet invariant est effectivement vérifié dans le modèle. Cette thèse a fait l'objet d'une implémentation sous la forme d'un outil nommé Capucine. Plusieurs exemples ont été écrits pour illustrer le langage, et ont été vérifié à l'aide de Capucine. / Deductive verification consists in annotating programs by a specification, i.e. logic formulas which describe the behavior of the program, and prove that programs verify their specification. Tools such as the Why platform take a program and its specification as input and compute logic formulas such that, if they are valid, the program verifies its specification. These logic formulas can be proven automatically or using proof assistants.When a program is written in a language supporting pointer aliasing, i.e. if several variables may denote the same memory cell, then reasoning about the program becomes particularly tricky. It is necessary to specify which pointers may or may not be equal. Invariants of data structures, in particular, are harder to maintain.This thesis proposes a type system which allows to structure the heap in a modular fashion in order to control pointer aliases and data invariants. It is based on the notions of region and permission. Programs are then translated to Why such that pointers are separated as best as possible, to facilitate reasoning. This thesis also proposes an inference mechanism to alleviate the need to write region operations introduced by the language. A model is introduced to describe the semantics of the language and prove its safety. In particular, it is proven that if the type of a pointer tells that its invariant holds, then this invariant indeed holds in the model. This work has been implemented as a tool named Capucine. Several examples have been written to illustrate the language, and where verified using Capucine.
10

La sécurisation des autorisations d’urbanisme / Securing urban planning permits

Martin, Pierre-Antoine 20 December 2013 (has links)
Le régime des autorisations d’urbanisme était l’objet de nombreuses critiques en raison de sa complexité, de l’incertitude du délai d’instruction et de l’imprévisibilité de la décision administrative. Cette situation résultait de l’accumulation des modifications sans vision d’ensemble. Les acteurs du droit de l’urbanisme n’étaient pas en mesure de prévoir aisément un résultat et de compter sur celui-ci.L’ordonnance du 8 décembre 2005 et la loi du 13 juillet 2006 réforment ce régime afin d’améliorer la sécurité juridique des acteurs du droit de l’urbanisme. Pendant de la loi du 13 décembre 2000 pour les documents d’urbanisme, cette réforme réécrit le Livre IV du Code de l’urbanisme.La réforme a intégré la sécurité juridique dans le droit de l’utilisation et de l’occupation des sols. La réforme a pour objectifs de clarifier le champ d’application des autorisations d’urbanisme en regroupant les travaux, de simplifier la procédure d’instruction, de garantir la prévisibilité de la décision administrative. Ces objectifs correspondent aux prescriptions techniques de la sécurité juridique, à savoir : la stabilité et la prévisibilité du droit.Entrée en vigueur depuis le 1er octobre 2007, le bilan de la réforme peut désormais être établi. Présentée comme un renforcement de la sécurité juridique du constructeur ou de l’aménageur, la réforme améliore l’efficacité de l’action administrative. La sécurité juridique de l’opérateur s’en trouve renforcée par ricochet.Le processus décisionnel a été aménagé pour sécuriser la délivrance des autorisations d’urbanisme. La réforme du contentieux de l’urbanisme vise aujourd’hui à renforcer la sécurisation des autorisations et la réalisation des constructions et des opérations d’aménagement. / The system of planning permissions was the subject of a number of criticisms because of its complexity, uncertainty regarding the length of the process and the unpredictability of administrative decisions. This situation was the result of piecemeal amendments being made without being considered as a whole. Those using the planning law were not able to easily foresee the outcome or be able to rely on it.The Ordonnance of 8 December 2005 and the Law of 13 July 2006 reformed this system in order to improve the legal certainty of those using the planning law. Part of the Law of 13 December 2000 relating to planning documents, this reform rewrote Book IV of the Planning Code.The reform integrated legal certainty in the law relating to the use and occupation of land. The aim of the reform is to clarify the circumstances in which planning permission is required by regrouping works, simplifying the application procedure and improving the foreseeability of administrative decisions. These objectives correspond with the technical guidance of legal certainty, namely: stability and predictability of the law.Being in force since 1 October 2007, the impact of the reform can now be assessed. Presented as strengthening the legal certainty of builders and developers, the reform improved efficiency of the administrative process. As a result the legal certainty of users has been strengthened.The decision making process has been set up to bring certainty to the granting of planning provisions. The reform of planning disputes is currently aiming to ease the granting of permissions and carrying out building and development projects.

Page generated in 0.0863 seconds