Techniques for identifying mobile platform vulnerabilities and detecting policy-violating applications
Mobile systems are generally composed of three layers of software: application layer where third-party applications are installed, framework layer where Application Programming Interfaces (APIs) are exposed, and kernel layer where low-level system operations are executed. In this dissertation, we fo...
Saved in:
| Main Author: | |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2016
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/etd_coll_all/3 https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=1004&context=etd_coll_all |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.etd_coll_all-1004 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.etd_coll_all-10042019-07-11T07:22:41Z Techniques for identifying mobile platform vulnerabilities and detecting policy-violating applications SU, Mon Kywe Mobile systems are generally composed of three layers of software: application layer where third-party applications are installed, framework layer where Application Programming Interfaces (APIs) are exposed, and kernel layer where low-level system operations are executed. In this dissertation, we focus on security and vulnerability analysis of framework and application layers. Security mechanisms, such as Android’s sandbox and permission systems, exist in framework layer, while malware scanners protects application layer. However, there are rooms for improvement in both mechanisms. For instance, Android’s permission system is known to be implemented in ad-hoc manner and not well-tested for vulnerabilities. Application layer also focuses mainly on malware application detection, while different types of harmful applications exist on application markets. This dissertation aims to close these security gaps by performing vulnerability analysis on mobile frameworks and detecting policy-violating applications. As a result of our analysis, we find various framework-level vulnerabilities and we are able to launch serious proof-of-concept attacks on both iOS and Android platforms. We also propose mechanisms for detecting policy-violating applications and camouflaged applications. Our techniques are shown to improve the security of mobile systems and have several impacts on mobile industry. 2016-10-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/etd_coll_all/3 https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=1004&context=etd_coll_all http://creativecommons.org/licenses/by-nc-nd/4.0/ Dissertations and Theses Collection eng Institutional Knowledge at Singapore Management University mobile security framework vulnerability OS and Networks Programming Languages and Compilers Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
mobile security framework vulnerability OS and Networks Programming Languages and Compilers Software Engineering |
| spellingShingle |
mobile security framework vulnerability OS and Networks Programming Languages and Compilers Software Engineering SU, Mon Kywe Techniques for identifying mobile platform vulnerabilities and detecting policy-violating applications |
| description |
Mobile systems are generally composed of three layers of software: application layer where third-party applications are installed, framework layer where Application Programming Interfaces (APIs) are exposed, and kernel layer where low-level system operations are executed. In this dissertation, we focus on security and vulnerability analysis of framework and application layers. Security mechanisms, such as Android’s sandbox and permission systems, exist in framework layer, while malware scanners protects application layer. However, there are rooms for improvement in both mechanisms. For instance, Android’s permission system is known to be implemented in ad-hoc manner and not well-tested for vulnerabilities. Application layer also focuses mainly on malware application detection, while different types of harmful applications exist on application markets. This dissertation aims to close these security gaps by performing vulnerability analysis on mobile frameworks and detecting policy-violating applications. As a result of our analysis, we find various framework-level vulnerabilities and we are able to launch serious proof-of-concept attacks on both iOS and Android platforms. We also propose mechanisms for detecting policy-violating applications and camouflaged applications. Our techniques are shown to improve the security of mobile systems and have several impacts on mobile industry. |
| format |
text |
| author |
SU, Mon Kywe |
| author_facet |
SU, Mon Kywe |
| author_sort |
SU, Mon Kywe |
| title |
Techniques for identifying mobile platform vulnerabilities and detecting policy-violating applications |
| title_short |
Techniques for identifying mobile platform vulnerabilities and detecting policy-violating applications |
| title_full |
Techniques for identifying mobile platform vulnerabilities and detecting policy-violating applications |
| title_fullStr |
Techniques for identifying mobile platform vulnerabilities and detecting policy-violating applications |
| title_full_unstemmed |
Techniques for identifying mobile platform vulnerabilities and detecting policy-violating applications |
| title_sort |
techniques for identifying mobile platform vulnerabilities and detecting policy-violating applications |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2016 |
| url |
https://ink.library.smu.edu.sg/etd_coll_all/3 https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=1004&context=etd_coll_all |
| _version_ |
1712300781828308992 |