ARCHITECTURE SECURITY PRINCIPLES OF THE ANDROID APPLICATIONS-BASED INFORMATION SYSTEM

R. Drahuntsov, D. Rabchun, Z. Brzhevska
{"title":"ARCHITECTURE SECURITY PRINCIPLES OF THE ANDROID APPLICATIONS-BASED INFORMATION SYSTEM","authors":"R. Drahuntsov, D. Rabchun, Z. Brzhevska","doi":"10.28925/2663-4023.2020.8.4960","DOIUrl":null,"url":null,"abstract":"In this article common attack vectors on the information systems, which are based on the Android client applications, are observed, analyzed and compared. The purpose of this analysis consists in creating the theoretical base for development the practical principles of securing the architecture level of such systems. To accomplish the aims set, there was conducted the categorization of attacks and vulnerabilities specific to the Android information infrastructure and environment. There were also conducted analysis of Android application functional components and typical underlying infrastructure which have possible impact on a system security. Available data about the widespread vulnerabilities of the described elements was analyzed in context of possible exploitation. Based on the Android application usage model there were figured out several adversary models and attack vectors related to the researched information system type. Developed adversary models were formed with a focus on technical possibilities and threat abstraction. Mentioned vectors can be used by an attacker to violate the confidentiality and integrity of critical information in the system. The carried out research was used to form the characteristic comparison of the mentioned vectors and adversary models to evaluate the attack surface on the different parts of information system represented as attack vectors. As a result, we have developed the theoretical principles for securing the architecture of Android applications-driven information systems. Achieved results can be used to form the threat and adversary model, create practical recommendations for the information risk reducing practices in Android-applications driven information systems and to develop the technical requirements for security testing and development.","PeriodicalId":198390,"journal":{"name":"Cybersecurity: Education, Science, Technique","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cybersecurity: Education, Science, Technique","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.28925/2663-4023.2020.8.4960","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

In this article common attack vectors on the information systems, which are based on the Android client applications, are observed, analyzed and compared. The purpose of this analysis consists in creating the theoretical base for development the practical principles of securing the architecture level of such systems. To accomplish the aims set, there was conducted the categorization of attacks and vulnerabilities specific to the Android information infrastructure and environment. There were also conducted analysis of Android application functional components and typical underlying infrastructure which have possible impact on a system security. Available data about the widespread vulnerabilities of the described elements was analyzed in context of possible exploitation. Based on the Android application usage model there were figured out several adversary models and attack vectors related to the researched information system type. Developed adversary models were formed with a focus on technical possibilities and threat abstraction. Mentioned vectors can be used by an attacker to violate the confidentiality and integrity of critical information in the system. The carried out research was used to form the characteristic comparison of the mentioned vectors and adversary models to evaluate the attack surface on the different parts of information system represented as attack vectors. As a result, we have developed the theoretical principles for securing the architecture of Android applications-driven information systems. Achieved results can be used to form the threat and adversary model, create practical recommendations for the information risk reducing practices in Android-applications driven information systems and to develop the technical requirements for security testing and development.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于android应用的信息系统的体系结构安全原理
本文对基于Android客户端应用程序的信息系统常见的攻击向量进行了观察、分析和比较。此分析的目的在于为开发创建理论基础,以及确保此类系统架构级别的实践原则。为了实现设定的目标,针对Android信息基础设施和环境对攻击和漏洞进行了分类。对Android应用程序的功能组件和可能对系统安全产生影响的典型底层基础设施进行了分析。在可能被利用的背景下,分析了有关所述元素的广泛漏洞的现有数据。基于Android应用的使用模型,针对所研究的信息系统类型,提出了几种攻击模型和攻击向量。已开发的对手模型以技术可能性和威胁抽象为重点。攻击者可以利用上述向量来破坏系统中关键信息的机密性和完整性。利用所进行的研究形成上述向量与对手模型的特征比较,以评估以攻击向量表示的信息系统不同部分的攻击面。因此,我们开发了保护Android应用程序驱动的信息系统体系结构的理论原则。获得的结果可用于形成威胁和对手模型,为在android应用程序驱动的信息系统中减少信息风险的实践创建实用建议,并为安全测试和开发开发技术需求。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
DESIGN OF BIOMETRIC PROTECTION AUTHENTIFICATION SYSTEM BASED ON K-AVERAGE METHOD CRYPTOVIROLOGY: SECURITY THREATS TO GUARANTEED INFORMATION SYSTEMS AND MEASURES TO COMBAT ENCRYPTION VIRUSES MODEL OF CURRENT RISK INDICATOR OF IMPLEMENTATION OF THREATS TO INFORMATION AND COMMUNICATION SYSTEMS SELECTION OF AGGREGATION OPERATORS FOR A MULTI-CRITERIA EVALUTION OF SUTABILITY OF TERRITORIES GETTING AND PROCESSING GEOPRODITIONAL DATA WITH MATLAB MAPPING TOOLBOX
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1