The solutions presented in this dissertation describe a new paradigm in which we shepherd these network security protocols through atmosphere transitions, offering new ways to analyze and monitor the state of the protocol. The approach involves identifying a protocols transitional weaknesses through adaption of formal models, measuring the weakness as it exists in the wild by statically analyzing applications, and show how to use network traffic analysis to monitor protocol implementations going into the future. Throughout the effort, we follow the popular Open Authorization protocol in its attempts to apply its web-based roots to a mobile atmosphere. To pinpoint protocol deficiencies, we first adapt a well regarded formal analysis and show it insufficient in the characterization of mobile applications, tying its transitional weaknesses to implementation issues and delivering a reanalysis of the proof. We then measure the prevalence of this weakness by statically analyzing over 11,000 Android applications. While looking through source code, we develop new methods to find sensitive protocol information, overcome hurdles like obfuscation, and provide interfaces for later modeling, all while achieving a false positive rate of below 10 percent. We then use network analysis to detect and verify application implementations. By collecting network traffic from Android applications that use OAuth, we produce a set of metrics that when fed into machine learning classifiers, can identify if the OAuth implementation is correct. The challenges include encrypted network communication, heterogeneous device types, and the labeling of training data.
Identifer | oai:union.ndltd.org:unt.edu/info:ark/67531/metadc1609134 |
Date | 12 1900 |
Creators | Talkington, Gregory Joshua |
Contributors | Dantu, Ram, Morozov, Kirill, Thompson, Mark, Blanco, Eduardo, Vexler, Manuel |
Publisher | University of North Texas |
Source Sets | University of North Texas |
Language | English |
Detected Language | English |
Type | Thesis or Dissertation |
Format | viii, 111 pages, Text |
Rights | Public, Talkington, Gregory Joshua, Copyright, Copyright is held by the author, unless otherwise noted. All rights Reserved. |
Page generated in 0.0021 seconds