Pub Date : 2020-10-01DOI: 10.1109/ICSSA51305.2020.00017
William Aiken, J. Ryoo, S. Rizvi
IoT is becoming a common term. More consumers are purchasing and installing household IoT devices such as thermostats, security cameras, and lighting solutions. These so-called smart home appliances supposedly make our lives easier, safer, and more sustainable. However, the benefits come with risks, especially in cybersecurity and privacy. As more IoT hosts connect to a home network, the possibility of potential security breaches also increases. The more hosts in a network, the more opportunities for attackers, which is why users should pay attention to security vulnerabilities and address them as much as possible. In this context, self-assessment of how well a household is doing with IoT security is of great use. This paper proposes an easy-to-use and intuitive assessment tool to realize this idea.
{"title":"An Internet of Things (IoT) Security Assessment for Households","authors":"William Aiken, J. Ryoo, S. Rizvi","doi":"10.1109/ICSSA51305.2020.00017","DOIUrl":"https://doi.org/10.1109/ICSSA51305.2020.00017","url":null,"abstract":"IoT is becoming a common term. More consumers are purchasing and installing household IoT devices such as thermostats, security cameras, and lighting solutions. These so-called smart home appliances supposedly make our lives easier, safer, and more sustainable. However, the benefits come with risks, especially in cybersecurity and privacy. As more IoT hosts connect to a home network, the possibility of potential security breaches also increases. The more hosts in a network, the more opportunities for attackers, which is why users should pay attention to security vulnerabilities and address them as much as possible. In this context, self-assessment of how well a household is doing with IoT security is of great use. This paper proposes an easy-to-use and intuitive assessment tool to realize this idea.","PeriodicalId":346706,"journal":{"name":"2020 International Conference on Software Security and Assurance (ICSSA)","volume":"177 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115222463","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-01DOI: 10.1109/ICSSA51305.2020.00021
Bo-Min Kim, J. Ahn, Hyung-Jong Kim
Smartphones are equipped with various sensors for apps with mobility services. However, the operating systems of smartphones do not provide proper authorization scheme for accessing the sensors data. In this work, we propose new scheme for limiting the access to the sensors of Android smartphones. Especially, we made use of the user preference and experience for supporting the decision of the new user of apps which are making use of the built-in sensors in Android smartphone.
{"title":"A Study on Reflecting User Experience for Sensor-based Android IoT Services","authors":"Bo-Min Kim, J. Ahn, Hyung-Jong Kim","doi":"10.1109/ICSSA51305.2020.00021","DOIUrl":"https://doi.org/10.1109/ICSSA51305.2020.00021","url":null,"abstract":"Smartphones are equipped with various sensors for apps with mobility services. However, the operating systems of smartphones do not provide proper authorization scheme for accessing the sensors data. In this work, we propose new scheme for limiting the access to the sensors of Android smartphones. Especially, we made use of the user preference and experience for supporting the decision of the new user of apps which are making use of the built-in sensors in Android smartphone.","PeriodicalId":346706,"journal":{"name":"2020 International Conference on Software Security and Assurance (ICSSA)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125504120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-01DOI: 10.1109/ICSSA51305.2020.00014
Anthony Avella, Syed Rizvi, Andrew Gibson, Marcus Ryan, Ryan P. Strimple, Ian Menovich
This paper looks at the different ways in which Android phones can be attacked by android malware, and the different developments in malware protection and detection. The fight against mobile malware is an important one as most people today own cell phones and store valuable personal information on their phones. There are many ways in which a phone can be attacked by malware, and therefore there are many different methods to detect and defend against these attacks. Some experts suggest a decentralized data approach, while others suggest anti-malware hardware is the solution. There are many different Anti-malware hardware devices that all work in different ways and detect malware at different levels. However, there are no full-proof malware detection schemes. It is alarming that there is no common solution to protecting against malware and no way to completely detect malware every time. In this research, we focus on Android malware, specifically malware found on apps from the Google Play Store. One of the ways one would solve this problem is by using virtual machines and compiling malware detection programs on them. To support our VM based malware detection scheme, we develop an algorithm to provide implementation-level details. The practicality of our proposed scheme is shown using multiple case studies.
{"title":"VM based Malware Security Protection on Android Platform","authors":"Anthony Avella, Syed Rizvi, Andrew Gibson, Marcus Ryan, Ryan P. Strimple, Ian Menovich","doi":"10.1109/ICSSA51305.2020.00014","DOIUrl":"https://doi.org/10.1109/ICSSA51305.2020.00014","url":null,"abstract":"This paper looks at the different ways in which Android phones can be attacked by android malware, and the different developments in malware protection and detection. The fight against mobile malware is an important one as most people today own cell phones and store valuable personal information on their phones. There are many ways in which a phone can be attacked by malware, and therefore there are many different methods to detect and defend against these attacks. Some experts suggest a decentralized data approach, while others suggest anti-malware hardware is the solution. There are many different Anti-malware hardware devices that all work in different ways and detect malware at different levels. However, there are no full-proof malware detection schemes. It is alarming that there is no common solution to protecting against malware and no way to completely detect malware every time. In this research, we focus on Android malware, specifically malware found on apps from the Google Play Store. One of the ways one would solve this problem is by using virtual machines and compiling malware detection programs on them. To support our VM based malware detection scheme, we develop an algorithm to provide implementation-level details. The practicality of our proposed scheme is shown using multiple case studies.","PeriodicalId":346706,"journal":{"name":"2020 International Conference on Software Security and Assurance (ICSSA)","volume":"118 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134379444","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-01DOI: 10.1109/ICSSA51305.2020.00016
TaeYoung Kim, Hyung-Jong Kim
This study presents a performance evaluation system that helps Blockchain-based service planners make decisions. This system is offered as Docker and Kubernetes for portability and flexibility.
{"title":"Blockchain-based Service Performance Evaluation Method Using Native Cloud Environment","authors":"TaeYoung Kim, Hyung-Jong Kim","doi":"10.1109/ICSSA51305.2020.00016","DOIUrl":"https://doi.org/10.1109/ICSSA51305.2020.00016","url":null,"abstract":"This study presents a performance evaluation system that helps Blockchain-based service planners make decisions. This system is offered as Docker and Kubernetes for portability and flexibility.","PeriodicalId":346706,"journal":{"name":"2020 International Conference on Software Security and Assurance (ICSSA)","volume":"130 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123219463","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-01DOI: 10.1109/ICSSA51305.2020.00013
Daniel Judt, Patrick Kochberger, Peter Kieseberg, S. Schrittwieser
Malware obfuscation can make both automatic and manual analysis of its binary code and the contained functionality significantly more time consuming. For malware research it would therefore be useful to be able to study the effects of different obfuscation methods on the resulting binary code. While some obfuscations are applied through rewriting of the binary, others have to be applied at source code level or during compile time. However, the source code of in-the-wild malware is often not available. For this paper, we collected the source code of eleven open source malware samples from the past 12 years and analyzed if they still compile on current systems. Furthermore, basic static analysis was performed to evaluate the usefulness of the resulting binaries for further malware obfuscation research. Our results indicate, that it is possible to compile available samples with moderate effort and the resulting binaries are very well suited for research purposes.
{"title":"Compiling and Analyzing Open Source Malware for Research Purposes","authors":"Daniel Judt, Patrick Kochberger, Peter Kieseberg, S. Schrittwieser","doi":"10.1109/ICSSA51305.2020.00013","DOIUrl":"https://doi.org/10.1109/ICSSA51305.2020.00013","url":null,"abstract":"Malware obfuscation can make both automatic and manual analysis of its binary code and the contained functionality significantly more time consuming. For malware research it would therefore be useful to be able to study the effects of different obfuscation methods on the resulting binary code. While some obfuscations are applied through rewriting of the binary, others have to be applied at source code level or during compile time. However, the source code of in-the-wild malware is often not available. For this paper, we collected the source code of eleven open source malware samples from the past 12 years and analyzed if they still compile on current systems. Furthermore, basic static analysis was performed to evaluate the usefulness of the resulting binaries for further malware obfuscation research. Our results indicate, that it is possible to compile available samples with moderate effort and the resulting binaries are very well suited for research purposes.","PeriodicalId":346706,"journal":{"name":"2020 International Conference on Software Security and Assurance (ICSSA)","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126342101","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: