Download Free Automated Systems For Testing Android Applications To Detect Sensitive Information Leakage Book in PDF and EPUB Free Download. You can read online Automated Systems For Testing Android Applications To Detect Sensitive Information Leakage and write the review.

Smart phones have become an important daily companion and often used by users to store various private data such as contacts, photos, messages, various social network accounts etc. Users can furthermore extend the functionality of their phone by downloading applications (or apps) from various developers and online application stores. However, apps may misuse the data stored on the phone or obtained from the sensors and users do not have any direct means to track that. Hence, the need for improved mechanisms to better manage the privacy of user data is very important. There has been a lot of effort to detect and thwart unauthorized access to these private data. However, there is no consensus method which can ensure protection of user sensitive information from mobile devices and at the same time easily deployable at user side. This dissertation aims at developing methods to test Android applications for privacy leakage detection. For this, it presents a new technique: if an application is run twice and all program inputs and environment conditions are kept equal, then it should produce identical outputs. So, if a sensitive input is changed in two separate executions of the target application, and a variance is observed at output, then the output contains information from that sensitive input. Based on this idea we developed two systems namely DroidTest and MirrorDroid to detect leakage of privacy sensitive data. DroidTest instruments the Android framework APIs to insert security monitoring code. The instrumented APIs help to record user interactions and sensitive API values in record phase (first run of application) and restore the recorded information during replay execution (second run of the target application). Program inputs (except sensitive data) and environment conditions are kept equal in both runs and change in corresponding outputs corresponds to leakage of sensitive data. DroidTest does not require costly platform update and can be easily distributed as a modified Android SDK. On the other hand, MirrorDroid places the monitoring code within the Android Runtime (Dalvik Virtual Machine). It does not explicitly run an application twice like DroidTest. Rather, the instrumented Dalvik VM intercepts execution of each instruction and duplicates it before fetching next instructions, essentially running a separate execution (mirror execution) of the target program in parallel. Then the outgoing data in original and mirror execution is compared to find evidences of information leakage. We have evaluated the proposed systems on two data sets. The first data set is taken from the Android Malware Genome Project containing 225 samples from 20 malware families. Using DroidTest and MirrorDroid to monitor information leakage, we could successfully detect leakage already reported in literature. The second data set consists of 50 top free applications from the official Android Market Place (Google Play Store). We found 36 out of this 50 applications leak some kind of information, which is very alarming considering these are very popular and highly downloaded applications. Although, the proposed systems either instruments the application framework APIs or the Dalvik Virtual Machine, they produce low runtime overhead (DroidTest 22% and MirrorDroid 8.2%). The accuracy of the proposed detection mechanisms also proves the effectiveness of our methods. DroidTest produces 22% false positives. If we ignore false warnings generated by different ordering of thread executions in record and replay phase, the false positives rate stands at 10%. MirrorDroid does better than DroidTest and generates only 6% false positives for the applications in test data sets.
This book constitutes the refereed proceedings of the 7th International Conference on Smart City and Informatization, iSCI 2019, held in Guangzhou, China, in November 2019. The volume presents 52 full papers, which were carefully reviewed and selected from 139 submissions. The papers are organized in topical sections on Internet of Things (IoT) and smart sensing; urban computing and big data; smart society informatization technologies; cloud/edge/fog computing for smart city; applications for smart city informatization; assistive engineering and information technology; cyberspace security; blockchain and applications.
Mobile applications are increasing in a significant amount, each to address the requirements of many users. However, the quick developments and enhancements are resulting in many underlying defects. When user installs an app, it is expected that the data should be persistent at all states, which requires saving the instance data for all the activities. An app can be paused or sent to the background due to other interruptions or user intervention. It is difficult for the programmer to test this issue for all the activities. This results the issue of data loss, the information/details entered by user in the app are not saved when there is any interruption. This results in degrading the user experience because user should enter the information each time there is an interruption. There are several static analysis tools to test this issue. Thus, the automated testing to detect such data loss is important to improve the user experience. This research proposes a tool, DroidDLP, a Data Loss Preventor in Android, which will detect the information loss from a given android application. We have tested 395 applications and found 12 applications with the issue of data loss. This approach is proved highly accurate and reliable to find the apps with this defect, which can be used by android developers to avoid such errors.
Mobile devices, such as smart phones, have achieved computing and networking capabilities comparable to traditional personal computers. Their successful consumerization has also become a source of pain for adopting users and organizations. In particular, the widespread presence of information-stealing applications and other types of mobile malware raises substantial security and privacy concerns. Android Malware presents a systematic view on state-of-the-art mobile malware that targets the popular Android mobile platform. Covering key topics like the Android malware history, malware behavior and classification, as well as, possible defense techniques.
This SpringerBrief explains the emerging cyber threats that undermine Android application security. It further explores the opportunity to leverage the cutting-edge semantics and context–aware techniques to defend against such threats, including zero-day Android malware, deep software vulnerabilities, privacy breach and insufficient security warnings in app descriptions. The authors begin by introducing the background of the field, explaining the general operating system, programming features, and security mechanisms. The authors capture the semantic-level behavior of mobile applications and use it to reliably detect malware variants and zero-day malware. Next, they propose an automatic patch generation technique to detect and block dangerous information flow. A bytecode rewriting technique is used to confine privacy leakage. User-awareness, a key factor of security risks, is addressed by automatically translating security-related program semantics into natural language descriptions. Frequent behavior mining is used to discover and compress common semantics. As a result, the produced descriptions are security-sensitive, human-understandable and concise.By covering the background, current threats, and future work in this field, the brief is suitable for both professionals in industry and advanced-level students working in mobile security and applications. It is valuable for researchers, as well.
Your one stop guide to automating infrastructure security using DevOps and DevSecOps Key FeaturesSecure and automate techniques to protect web, mobile or cloud servicesAutomate secure code inspection in C++, Java, Python, and JavaScriptIntegrate security testing with automation frameworks like fuzz, BDD, Selenium and Robot FrameworkBook Description Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention. This book will teach you to adopt security automation techniques to continuously improve your entire software development and security testing. You will learn to use open source tools and techniques to integrate security testing tools directly into your CI/CD framework. With this book, you will see how to implement security inspection at every layer, such as secure code inspection, fuzz testing, Rest API, privacy, infrastructure security, and web UI testing. With the help of practical examples, this book will teach you to implement the combination of automation and Security in DevOps. You will learn about the integration of security testing results for an overall security status for projects. By the end of this book, you will be confident implementing automation security in all layers of your software development stages and will be able to build your own in-house security automation platform throughout your mobile and cloud releases. What you will learnAutomate secure code inspection with open source tools and effective secure code scanning suggestionsApply security testing tools and automation frameworks to identify security vulnerabilities in web, mobile and cloud servicesIntegrate security testing tools such as OWASP ZAP, NMAP, SSLyze, SQLMap, and OpenSCAPImplement automation testing techniques with Selenium, JMeter, Robot Framework, Gauntlt, BDD, DDT, and Python unittestExecute security testing of a Rest API Implement web application security with open source tools and script templates for CI/CD integrationIntegrate various types of security testing tool results from a single project into one dashboardWho this book is for The book is for software developers, architects, testers and QA engineers who are looking to leverage automated security testing techniques.
This book constitutes the refereed proceedings of the 32nd IFIP WG 6.1 International Conference on Testing Software and Systems, ICTSS 2020, which was supposed to be held in Naples, Italy, in December 2020, but was held virtually due to the COVID-19 pandemic. The 17 regular papers and 4 short papers presented were carefully reviewed and selected from 43 submissions. ICTSS is a series of international conferences addressing the conceptual, theoretic, and practical problems of testing software systems, including communication protocols, services, distributed platforms, middleware, embedded and cyber-physical systems, and security infrastructures. The papers are organized in the topical sections named: model-based testing; security testing; testing methods and applications; testing methods and automation; and short contributions.
The proliferation of powerful but cheap devices, together with the availability of a plethora of wireless technologies, has pushed for the spread of the Wireless Internet of Things (WIoT), which is typically much more heterogeneous, dynamic, and general-purpose if compared with the traditional IoT. The WIoT is characterized by the dynamic interaction of traditional infrastructure-side devices, e.g., sensors and actuators, provided by municipalities in Smart City infrastructures, and other portable and more opportunistic ones, such as mobile smartphones, opportunistically integrated to dynamically extend and enhance the WIoT environment. A key enabler of this vision is the advancement of software and middleware technologies in various mobile-related sectors, ranging from the effective synergic management of wireless communications to mobility/adaptivity support in operating systems and differentiated integration and management of devices with heterogeneous capabilities in middleware, from horizontal support to crowdsourcing in different application domains to dynamic offloading to cloud resources, only to mention a few. The book presents state-of-the-art contributions in the articulated WIoT area by providing novel insights about the development and adoption of middleware solutions to enable the WIoT vision in a wide spectrum of heterogeneous scenarios, ranging from industrial environments to educational devices. The presented solutions provide readers with differentiated point of views, by demonstrating how the WIoT vision can be applied to several aspects of our daily life in a pervasive manner.
The goal of this book is to crystallize the emerging mobile computing technologies and trends into positive efforts to focus on the most promising solutions in services computing. Many toys built today are increasingly using these technologies together and it is important to understand the various research and practical issues. The book will provide clear proof that mobile technologies are playing an ever increasing important and critical role in supporting toy computing, which is a new research discipline in computer science. It is also expected that the book will further research new best practices and directions in toy computing. The goal of this book is to bring together academics and practitioners to describe the use and synergy between the above-mentioned technologies. This book is mainly intended for researchers and students working in computer science and engineering, and for toy industry technology providers, having particular interests in mobile services. The wide range of authors of this book will help the various communities understand both specific and common problems. This book facilities software developers and researchers to become more aware of this challenging research opportunity. As well, the book is soliciting shall provide valuable strategic outlook on the emerging toy industry.
This book contains selected papers from the 8th International Conference on Information Science and Applications (ICISA 2017) and provides a snapshot of the latest issues encountered in technical convergence and convergences of security technology. It explores how information science is core to most current research, industrial and commercial activities and consists of contributions covering topics including Ubiquitous Computing, Networks and Information Systems, Multimedia and Visualization, Middleware and Operating Systems, Security and Privacy, Data Mining and Artificial Intelligence, Software Engineering, and Web Technology. The proceedings introduce the most recent information technology and ideas, applications and problems related to technology convergence, illustrated through case studies, and reviews converging existing security techniques. Through this volume, readers will gain an understanding of the current state-of-the-art information strategies and technologies of convergence security.The intended readerships are researchers in academia, industry and other research institutes focusing on information science and technology.