ecosystem final progress report
play

ecosystem: Final progress report Alexios Mylonas Athens University - PowerPoint PPT Presentation

Sep 07, 2022 •119 likes •653 views

Security and privacy in the smartphone ecosystem: Final progress report Alexios Mylonas Athens University of Economics & Business Overview 2 Research Motivation Related work Objective Approach Methodology Threat

  1. Security and privacy in the smartphone ecosystem: Final progress report Alexios Mylonas Athens University of Economics & Business

  2. Overview 2  Research Motivation  Related work  Objective  Approach  Methodology  Threat model  Smartphone definition & data  Contribution  Browser controls  User practices  Malware mitigation  Smartphone forensics  Future work

  3. Research Motivation 3  Smartphone ecosystem facts:  Increase  Popularity of devices  Installations of third-party apps  web browsing  Great source of personal and business data  Smartphones appealing target for attackers

  4. Related work 4  Android-centered & focused on malware mitigation  Permission system  Policies, all-or-nothing  Static analysis  e.g. static analysis on manifest  Dynamic analysis  e.g. Taint analysis

  5. Related work 4  Android-centered & focused on malware mitigation  Permission system  Policies, all-or-nothing Problem:  Static analysis 1. Require advanced technical skills!  manifest  Dynamic analysis  Taint analysis  Instrumentation

  6. Related work 4  Android-centered & focused on malware mitigation  Permission system  Policies, all-or-nothing Problem:  Static analysis 1. Require advanced technical skills!  manifest  Dynamic analysis  Taint analysis  Instrumentation

  7. Related work 4  Android-centered & focused on malware mitigation  Permission system  Policies, all-or-nothing Problem:  Static analysis 1. Require advanced technical skills!  manifest  Dynamic analysis  Taint analysis  Instrumentation

  8. Objectives 5  Study user practices  adoption of security controls  User-centric protection  Include user input in our approach  Users value their data types differently  Case study: Smartphone forensics

  9. Methodology 6 Survey of controls Analysis Security Finding (user-centric) Survey of threats Recommendation/Mitigation

  10. Threat model 7 T1. Malicious web ( servers ) WEB

  11. Threat model 7 T2. Physical access

  12. Threat model 7 T3. Malicious apps 12 Users App App App App . Application . Repository . App

  13. A smartphone? 8 Cell\feature phone Smartphone  used to access mobile  a cell phone network carrier services  advanced hardware  contains a smartcard capabilities  an identifiable OS  supports 3 rd -party apps  apps from app repository C5. Theoharidou M, Mylonas A, Gritzalis D. A risk assessment method for smartphones. In: Proc. of the 27th IFIP Information Security and Privacy Conference. Springer; AICT-376; 2012. p. 443-456.

  14. Smartphone Data 8  Smartphones host heterogeneous data Application Sensor Device Smartphone Data SIM Card Messaging Usage History C4. Mylonas A, Meletiadis V, Tsoumas B, Mitrou L, Gritzalis D. Smartphone forensics: A proactive investiga- tion scheme for evidence acquisition. In: 27th IFIP International Information Security and Privacy Conferen- ce. Springer; AICT-376; 2012. p. 249 – 260.

  15. Browser controls 9  Manageability of browser security controls  PC, smartphones  Out-of-the box protection offered C7. Mylonas A, Tsalis N, Gritzalis D. Evaluating the manageability of web browsers controls. In: Proc. of the 9th International Workshop on Security and Trust Management (STM-2013), Springer; LNCS-8203; 2013; p 82-98.

  16. Browser Controls 9  Web threats Unavailability of controls Identification and Survey of controls Out-of-the-box protection manageability Usability issues Control enumeration Common controls (33) in browser UIs Usability Browser, Chrome, Firefox, Security-oriented Safari, IE, Opera, Opera Mini Default values configuration settings Configurability UI suggestions

  17. Browser controls 1 0  Availability of controls  PC vs. smartphone  Smartphones browsers offer less controls

  18. Browser controls 1 0  Availability of controls  PC vs. smartphone  Smartphones browsers offer less controls  Blame the sandbox ?  Counterexamples  Android and iOS (10)  e.g. block location data, block third-party cookies, enable DNT, certificate warning, private browsing, ... (c.f. C.7)  Android (5)  i.e. block referrer, disable plugin, malware protection, master password, search engine manager

  19. Mitigation of web threats 1 1  identified controls (32)  Web threats  enabled by-default  ICT web threats   editable   Smartphone threats b) control manageability/threat a) default protection/threat

  20. Default protection /threat 1 2 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  21. Default protection /threat 1 2 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  22. Default protection /threat 1 2 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  23. Manageability of controls /threat 1 3 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  24. Manageability of controls /threat 13 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  25. Manageability of controls /threat 13 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  26. Manageability of controls /threat 13 12.09.2013 - Evaluating the Manageability of Web Browsers Controls

  27. Recommendations 14 Vendor Settings & UI Proposed Settings & UI  Functionality-oriented  Security-oriented  all controls configurable &  Users can disable controls enabled without confirmation  discourage changes  Security settings mixed with  certificate warning, malware/ other settings phishing protection  confirmation for update settings  ask default value  block cookies, block location data, block 3 rd party cookies, enable DNT, and master password

  28. Recommendations 14  Proposed settings restrictive  Security vs. user experience  Local blacklist  Per-site configuration of controls  User awareness  Users trained to use control(s) correctly  Users aware of web threats

  29. User practices 15  Adoption of controls  Physical attacks  Malicious apps  Statistical analysis (n=458, Athens, Fall 2011) C6. Mylonas A, Gritzalis D, Tsoumas B, Apostolopoulos T. A qualitative metrics vector for the aware- ness of smartphone security users. In: 10th International Conference on Trust, Privacy & Security in Digital Business. 2013.p. 173 – 84. J1. Mylonas A, Kastania A, Gritzalis D. Delegate the smartphone user? Security awareness in smart- phone platforms. Computers & Security 2013;34(0):47 – 66.

  30. User practices against physical access 10  Physical threat User survey of Exposure to physical threat Survey of controls adoption (vulnerability) Control enumeration Common controls in handsets • Password protection • remote locator Risk Assessment • remote wipe Android, BlackBerry, iOS, method • encryption Symbian, Windows Phone Training Adoption of controls Statistical analysis

  31. User practices against physical access 16  Poor adoption of physical access controls 70 60 50 40 30 20 10 0 remote device remote data encryption device none password wipe locator % of adoption 64,4 22,7 15,1 23,1 27,9

  32. User practices against malware 10  Threat of malicious apps User survey of Exposure to malicious apps Survey of controls adoption (vulnerability) Control enumeration Security indicators by security models • security messages • reputation Risk Assessment • reviews Android, BlackBerry, iOS, method Symbian, Windows Phone Third-party security software Prediction model User practices Training Statistical analysis

  33. User practices against malware 17  User practises when installing apps from the app repository Finding 5: Users who occasionally inspect security messages or ignore them at all are more likely to disable encryption 70 Finding 6: Users who always inspect security messages are more likely 60 technically and security savvy users 50 Finding 7: Users who ignore security messages are more likely to also ignore 40 agreement messages 30 20 10 0 agreement pirated reputation reviews security msgs msgs apps % of adoption 10 8,7 10,5 38,6 60,7

  34. User practices against malware 17  Poor use of smartphone security software Finding 5: Poor adoption of physical security controls 100 Finding 5.1: Encryption (22.7%) 80 Finding 5.2: Remote data wipe (15.1%) 60 Finding 5.3: Remote device locator (23.1%) 40 Finding 5.4: No adoption of any physical security control (27.9%) 20 Finding 6: Users tend to have disabled smartphone secsoft along 0 searched free Unaware of smartphone secsoft with encryption, device password lock and remote device PC secsoft smartphone smartphone secsoft essential secsoft secssoft locator % of adoption 85,8 24,5 34,3 40 27

  35. User practices against malware 17  Users believe that installing apps from the repository is secure (~3/4 users)  These users are exposed to malware  Unaware users of smartphone malware more likely trust the app repository  Users who trust the repository tend to be unaware about smartphone secsoft  Users who trust app repository are less likely to scrutinize security msgs

Recommend

Progress Update Housing Needs Assessment Final Report: June Equitable Development

Progress Update Housing Needs Assessment Final Report: June Equitable Development

Progress Update Housing Needs Assessment Final Report: June Equitable Development Strategies, Proposed Development Support Policies, Proposed Zoning Revisions, Proposed Housing Fund Recommendations, Proposed Public Property

215 views • 8 slides
MWRA Annual CSO Progress Report 2014 This is the 19 th annual report. Report includes:

MWRA Annual CSO Progress Report 2014 This is the 19 th annual report. Report includes:

MWRA Annual CSO Progress Report 2014 This is the 19 th annual report. Report includes: Progress in 2014 and Q1 2015 CSO control achievements and benefits to-date Remaining activities and court/regulatory requirements Spending,

268 views • 16 slides
Virtual Telescope and Stars Guide service for mobile devices (Progress report) (Progress report)

Virtual Telescope and Stars Guide service for mobile devices (Progress report) (Progress report)

Virtual Telescope and Stars Guide service for mobile devices (Progress report) (Progress report) Alexandra Reyss, Petrozavodsk State University Sergey Balandin, Nokia Research Center 1/14 Outline 1. Motivation 2. Use-case scenarios 3.

585 views • 13 slides
Welcome Agenda Welcome and Introductions Plan Schedule and Progress Report Discuss

Welcome Agenda Welcome and Introductions Plan Schedule and Progress Report Discuss

Greater Charlotte Regional Freight Mobility Plan Coordinating Committee Meeting #8 October 27, 2016 Welcome Agenda Welcome and Introductions Plan Schedule and Progress Report Discuss FINAL CCOG Strategic Freight Network Overview

372 views • 33 slides
NDR Design: Preliminary Progress Report Timeline for NDR Task Due Month NDR Specifications

NDR Design: Preliminary Progress Report Timeline for NDR Task Due Month NDR Specifications

NDR Design: Preliminary Progress Report Timeline for NDR Task Due Month NDR Specifications 7 NDR Version 1 15 NDR Version 1.5 22 Report on NDR operational performance at the end of TOP1 23 NDR Version 2 (Final Version) 35 Report on

317 views • 10 slides
Growing Evaluation A Presentation of Final Report Findings October 2018 An independent

Growing Evaluation A Presentation of Final Report Findings October 2018 An independent

HGH ERDF Get Growing Evaluation A Presentation of Final Report Findings October 2018 An independent assessment of: Progress towards project objectives. The validity of original rationale & strategic fit. Quantitative impact of

529 views • 14 slides
JIG Final Report on Universal Acceptance of IDN TLDs Date: November 15, 2013 This is a Final Report

JIG Final Report on Universal Acceptance of IDN TLDs Date: November 15, 2013 This is a Final Report

JIG Final Report on Universal Acceptance of IDN TLDs Date: November 15, 2013 This is a Final Report from the Joint ccNSO GNSO IDN Group (JIG) on the recommendations for actions to be taken by ICANN and the ICANN community to address the issue of

371 views • 9 slides
BSC Panel 193 BSC Panel 193 12 January 2012 Report on Progress of Report on Progress of

BSC Panel 193 BSC Panel 193 12 January 2012 Report on Progress of Report on Progress of

BSC Panel 193 BSC Panel 193 12 January 2012 Report on Progress of Report on Progress of Modification Proposals Adam Richardson 12 January 2012 Modifications Overview New New P281 P281 Definition - P272 P274 P275 P276 P277 P272,

878 views • 71 slides
STM32 Ecosystem workshop T.O.M.A.S Team 2 There is right time for some theory We will

STM32 Ecosystem workshop T.O.M.A.S Team 2 There is right time for some theory We will

STM32 Ecosystem workshop T.O.M.A.S Team 2 There is right time for some theory We will demonstrate how to configure SW4STM32 in Release mode to have the final code ready to be programmed in the final application. You can follow this

270 views • 11 slides
Iowa Nutrient Reduction Strategy Annual Progress Report 2017-2018 Water Resources Coordinating

Iowa Nutrient Reduction Strategy Annual Progress Report 2017-2018 Water Resources Coordinating

Note: These slides display preliminary results. Please do not cite. Final results will be available in the 2018 NRS Annual Report at www.nutrientstrategy.iastate.edu/documents in late August 2018. Iowa Nutrient Reduction Strategy Annual Progress

376 views • 33 slides
Quincy Public Schools PreKindergarten Progress Report & Kindergarten Report Cards Teaching

Quincy Public Schools PreKindergarten Progress Report & Kindergarten Report Cards Teaching

Quincy Public Schools PreKindergarten Progress Report & Kindergarten Report Cards Teaching and Learning Presentation March 28 th , 2016 1 To design a new Standards Based Elementary Report Card in Kindergarten and an updated Progress

358 views • 15 slides
Tab Q, No. 4(a) https://www.st.nmfs.noaa.gov/ecosystems/ebfm/ebfm-myths Several Ecosystem Type

Tab Q, No. 4(a) https://www.st.nmfs.noaa.gov/ecosystems/ebfm/ebfm-myths Several Ecosystem Type

Tab Q, No. 4(a) https://www.st.nmfs.noaa.gov/ecosystems/ebfm/ebfm-myths Several Ecosystem Type Initiatives Ecosystem Status Report Ecosystem Regional Roadmap National Ecosystem Policy January 2018 S taff outlined other

310 views • 12 slides
10/7/2016 Progress table Who is is this young man? What t is he doing here? Ecosystem Focus

10/7/2016 Progress table Who is is this young man? What t is he doing here? Ecosystem Focus

10/7/2016 Progress table Who is is this young man? What t is he doing here? Ecosystem Focus us Group Time for answe wers B A U K E D E V R I E S 5 O C T O B E R 2 0 1 6 WHAT IS HE DOING HERE? WHO IS THIS YOUNG MAN? Name me: Bauk

318 views • 3 slides
Progress Report of Local Ensemble Kalman Progress Report of Local Ensemble Kalman Filter/fvGCM

Progress Report of Local Ensemble Kalman Progress Report of Local Ensemble Kalman Filter/fvGCM

Progress Report of Local Ensemble Kalman Progress Report of Local Ensemble Kalman Filter/fvGCM fvGCM on AIRS on AIRS Filter/ Elana Klein, Hong Li, Junjie Liu University of Maryland with Profs: Kalnay, Szunyogh, Kostelich, Hunt, Ott, Sauer,

676 views • 22 slides
Progress Report 1 Presentation Highlights 1. Review of Goals & Action Plan 2. Progress to

Progress Report 1 Presentation Highlights 1. Review of Goals & Action Plan 2. Progress to

Progress Report 1 Presentation Highlights 1. Review of Goals & Action Plan 2. Progress to Date 3. Q&A 2 Protecting our Waters is a Shared Priority in Pinellas County Public Health & Safety Water Environment Quality Climate

390 views • 37 slides
FINAL REPORT An empirical relationship between changes in headrope length and catch for the NPF

FINAL REPORT An empirical relationship between changes in headrope length and catch for the NPF

FINAL REPORT An empirical relationship between changes in headrope length and catch for the NPF fleet A report to AFMA for the NPF RAG Bill Venables and Matthew Browne CMIS Report Number 07/80 29 June 2007 Commercial-in-confidence

380 views • 25 slides
Sickness Absence Progress Report Version 2.3 September 2009 1 Key contacts in relation to this

Sickness Absence Progress Report Version 2.3 September 2009 1 Key contacts in relation to this

Sickness Absence Progress Report Version 2.3 September 2009 1 Key contacts in relation to this Progress Report are: Paul Jones Table of contents Executive Sponsor T: 01226 434405 E: pauljones1@nhs.net Section Page Scale of the Challenge

81 views • 6 slides
Reliability Assurance I nitiative (RAI ) Progress Report Jerry Hedrick, Director of Compliance

Reliability Assurance I nitiative (RAI ) Progress Report Jerry Hedrick, Director of Compliance

Reliability Assurance I nitiative (RAI ) Progress Report Jerry Hedrick, Director of Compliance Operations and Regional Entity Oversight February 26, 2014 2013 Year End Progress Report The first version of auditor handbook was completed.

304 views • 5 slides
Annual Progress Report to the Board Assessment Summary for District Objective 3.1 Annual Progress

Annual Progress Report to the Board Assessment Summary for District Objective 3.1 Annual Progress

Annual Progress Report to the Board Assessment Summary for District Objective 3.1 Annual Progress Report to the Board September 10, 2018 Localizing Statewide Initiatives State Initiatives Dual Enrollment District Goal #3: Current Snapshot

493 views • 11 slides
OIG FINAL REPORT July 23, 2018 OIG Report Key Points The recommendations in the report relate

OIG FINAL REPORT July 23, 2018 OIG Report Key Points The recommendations in the report relate

OIG FINAL REPORT July 23, 2018 OIG Report Key Points The recommendations in the report relate to the financial system in place during the start-up phase of the organization (2012 2014). The financial system has improved as our

351 views • 3 slides
STEPS in this SEA Process Report on Progress (1) National Workshop Regional Consultation Field

STEPS in this SEA Process Report on Progress (1) National Workshop Regional Consultation Field

STEPS in this SEA Process Report on Progress (1) National Workshop Regional Consultation Field trips Government Civil Society / NGO Development partners Private sector (Financers, Developers) 6 Report on Progress (2) Cooperation with

239 views • 10 slides
BBA Aviation 2018 Final Results BBA Aviation 2018 Final Results 2018 Strategic progress 1.

BBA Aviation 2018 Final Results BBA Aviation 2018 Final Results 2018 Strategic progress 1.

BBA Aviation www.bbaaviation.com BBA Aviation 2018 Final Results BBA Aviation 2018 Final Results 2018 Strategic progress 1. Outperforming today - Signature continues to outperform the US B&GA market + 210bps - Market share gains

614 views • 34 slides
Progress Report June 27, 2013 FOR TONIGHT Status report to public and T.C. 11

Progress Report June 27, 2013 FOR TONIGHT Status report to public and T.C. 11

Progress Report June 27, 2013 FOR TONIGHT Status report to public and T.C. 11 alternatives reviewed 3 finalists selected We want Input on finalists Questions Please hold until the end See our full report at

759 views • 26 slides
Jastarnia and WBBK harbour porpoise plan progress report 1 Implementation and progress of the JP

Jastarnia and WBBK harbour porpoise plan progress report 1 Implementation and progress of the JP

Jastarnia and WBBK harbour porpoise plan progress report 1 Implementation and progress of the JP and WBBKP Summary Finnish bycatch released alive! HP not assessed in Finnish redlist CMS appendix I listing of the Baltic

141 views • 10 slides

More recommend