SlideShare a Scribd company logo

IJET-V3I1P9

IJET - International Journal of Engineering and Techniques
IJET - International Journal of Engineering and Techniques

To protect sensitive resources from unauthorized use, modern mobile systems, such a Android and iOS, design a permission-based access control model. However, current model could not enforce fine-grained control over the dynamic permission use contexts, causing two severe security problems. First, any code package in an application could use the granted permissions, inducing attackers to embed malicious payloads into benign apps. Second, the permissions granted to a benign application may be utilized by an attacker through vulnerable application interactions. Although ad hoc solutions have been proposed, none could systematically solve these two issues within a unified framework. The first such framework to provide context-sensitive permission enforcement that regular’s permission use policies according to system-wide application contexts, which cover both intra-application context and inter-application context. We build a prototype system on Android , named FineDroid, to track such context during the applicaton execution. To flexibly regulate the context-sensitive permission rules, FineDroid features a policy framework that could express generic application contexts. We demonstrate the benefits of FineDroid by instantiating several security extensions based on the policy framework, for three potential users: end users, administrators and developers. Furthermore, FineDroid is showed to introduce a minor overhead

Engineering
1 of 5
Download to read offline
International Journal of Engineering and Techniques - Volume 3 Issue 1, Jan – Feb 2017 ISSN: 2395-1303 http://www.ijetjournal.org Page 33 Rethinking Permission Enforcement Mechanism on Mobile System Ms.CHITRA.S1 , Ms.ARUNADEVI.R2 1,2 ( Department of CS & IT, Dhanalakshmi Srinivasan College of Arts & Science for Women, Perambalur-621 212.) I. INTRODUCTION A mobile phone is a small, resource-restricted and highly security-sensitive device whose fundamental goal is to enable secure services for its users. These devices have been deployed in a large number of heterogeneous industries and used by a large user base. Rethinking permission granting in modern operating systems. Android become very popular because of its various advantages and capacities. There are many ways to get information or data of the use from a service on their mobile phone. The modern mobile systems such as Android, iOS design a permission-based access control model to protect sensitive resources from unauthorized use. In this model, the accesses to protected resources without the accesses to protected resources without permission enforcement system. Since Android has been expanding its market share rapidly as the most popular mobile platform. Ideally, the Android permission model should prevent malicious applications from abusing sensitive resources. However, the current permission model could not enforce a fine-grained control over permission use contexts (in this paper, when we say context we mean the application execution context). As a result, malicious entities could easily abuse permissions, leading to the explosion of Android malware these years and the numerous reported application vulnerabilities. Since Android has been expanding its market share rapidly as the most popular mobile platform this paper mainly focuses on the permission model of Android. Currently, the coarse-grained permission enforcement mechanism is limited in the following two aspects. Abstract: To protect sensitive resources from unauthorized use, modern mobile systems, such a Android and iOS, design a permission-based access control model. However, current model could not enforce fine-grained control over the dynamic permission use contexts, causing two severe security problems. First, any code package in an application could use the granted permissions, inducing attackers to embed malicious payloads into benign apps. Second, the permissions granted to a benign application may be utilized by an attacker through vulnerable application interactions. Although ad hoc solutions have been proposed, none could systematically solve these two issues within a unified framework. The first such framework to provide context-sensitive permission enforcement that regular’s permission use policies according to system-wide application contexts, which cover both intra-application context and inter-application context. We build a prototype system on Android , named FineDroid, to track such context during the applicaton execution. To flexibly regulate the context-sensitive permission rules, FineDroid features a policy framework that could express generic application contexts. We demonstrate the benefits of FineDroid by instantiating several security extensions based on the policy framework, for three potential users: end users, administrators and developers. Furthermore, FineDroid is showed to introduce a minor overhead Keywords: Sensitive resources, permission, framework, intra-application context, inter-application context, FineDroid. RESEARCH ARTICLE OPEN ACCESS
International Journal of Engineering and Techniques - Volume 3 Issue 1, Jan – Feb 2017 ISSN: 2395-1303 http://www.ijetjournal.org Page 34  Intra-application Context Insensitive: Current permission model treats each application as a separate principal and permissions are granted at the granularity of application, thus all the code packages in the application could access the protected resources with the same granted permissions. In fact, not all the code packages in a single application come from a same origin.  Inter-application Context Insensitive: Application interaction is a common characteristic of mobile applications. However, this new characteristic is transparent to the current coarse-grained permission enforcement mechanism, exposing a new attack surface, i.e., the permissions granted to a vulnerable application may be abused by an attacker application via inter-application communication. Given these problems, plenty of extensions have been proposed to refine the Android permission model. Context-aware permission models are proposed to support different permission policies according to external contexts, such as location, time of the day. However, these works still could not address the two limitations described above. There are also some work dedicated to reduce the risk of inter- application communication or to isolate untrusted components inside an application. However, none could achieve unified and flexible control according to the system- wide application context. In this paper, we seek to fill the gap by bringing context-sensitive permission enforcement. We design a prototype, called FineDroid to provide fine-grained permission control over the application context. For example, if app’ A is allowed to use SEND_SMS permission in the context C, when app A requests SEND_SMS permission in another context C’, it would be treated as a different request of SEND_SMS permission. In FineDroid, we consider both the intra-application context which represents the internal execution context of an application, and the inter-application context which reflects the IPC context of interacted applications. It is non-trivial to track such context in Android. II. SYSTEM ARCHITECTURE FineDroid designs several techniques to automatically track such contexts along with the application execution. To ease the administration of permission control policies, FineDroid also features a policy framework which is general enough to express the rules for handling permission requests in a context-sensitive manner. To demonstrate the benefits of FineDroid, we create two security extensions for administrators and developers. First, since permission leak vulnerability is very common and dangerous, we show how administrators could benefit from our system in transparently fixing these vulnerabilities without modifying vulnerable applications. Second, we provide application developers with the ability of restricting untrusted third-party SDK by declaring fine-grained permission specifications in the manifest file. Fig.1 system architecture A. USER: A user is the client i.e. the person who gives the input data . B. ADMIN The admin is the person who manages all the user accounts as well as the information of the places is also updated by him. C. PERMISSION MANAGER: start End User Admin Permission manager Policy manager Permission manager request r e s p o n s e
International Journal of Engineering and Techniques - Volume 3 Issue 1, Jan – Feb 2017 ISSN: 2395-1303 http://www.ijetjournal.org Page 35 To handle a permission request, the Policy Manager module examines all the policies in the system. D. POLICY MANAGER: Permission Manager first queries Policy Manager to select a policy which best matches the current application context. E. PERMISSION RECORD: permission requests are handled by querying the Permission Record to grant all the permissions declared in the application manifest file. In this paper, we make the following contributions:  We propose context-sensitive permission enforcement to deal with severe security problems of mobile systems. Considering the characteristics of mobile applications, it is important and necessary to take the application context into account when regulating permission requests.  We design a novel context tracking technique to track intra-application context and inter-application context during the application execution.  We design a new policy framework to flexibly and generally regulate permission requests with respect to the fine-grained application context.  We demonstrate two security extensions based on the context-sensitive permission enforcement system, by just writing policies and sometimes a small number of auxiliary code.  We evaluate the security benefits gained by the two security extensions and report the performance overhead. III. PROBLEM DESCRIPTION 3.1 EXISTING SYSTEM: In existing permission model, each application is treated as a separate principal, while the above analysis indicates that the application code may be contributed by multiple parties (app developers, SDK providers, repackaged payload, etc). Current permission enforcement mechanism is limited in simply applying a single security policy for the entire app. To identify the leaked permissions or capabilities, they have developed a tool called Woodpecker. Woodpecker is used to examine how the Android- essential permission-based security model is enforced on current leading Android-based smart phones. 3.1.1 DISADVANTAGE  Malicious entities could easily abuse permissions.  Leading to the explosion of Android malware.  A user may wish to grant the SEND_SMS permission only when she clicks the “send” button but in any other contexts of the application. 3.2 PROPOSED SYSTEM: We propose context-sensitive permission enforcement to deal with severe security problems of mobile systems. Considering the characteristics of mobile applications, it is important and necessary to take the application context into account when regulating permission requests. We design a novel context tracking technique to track intra-application context and inter-application context during the application execution. Design a novel context tracking technique to track intra application context and inter- application context during the application execution. Design a new policy framework to flexibly and generally regulate permission requests with respect to the fine-grained application context. Context-sensitive permission enforcement to deal with severe security problems of mobile systems. 3.2.1 ADVANTAGES:  We design a new policy framework to flexibly and generally regulate permission requests with respect to the fine-grained application context.  We demonstrate three security extensions based on the context-sensitive permission enforcement system, by just writing policies and sometimes a small number of auxiliary Code.  Minor overhead  Seamless context tracking  Security benefits IV. METHODOLOGY 1. Inter-application context insensitive 2. Permission manager 3. Policy manager 4. Permission record MODULE DESCRIPTION:
International Journal of Engineering and Techniques - Volume 3 Issue 1, Jan – Feb 2017 ISSN: 2395-1303 http://www.ijetjournal.org Page 36 4.1 INTER-APPLICATION CONTEXT INSENSITIVE: Although application interaction is a common characteristic of mobile applications, it is transparent to the current coarse-grained permission enforcement mechanism, exposing a new attack surface, i.e., the permissions granted to a vulnerable application may be abused by an attacker application via inter-application communication. 4.2 PERMISSION MANAGER: To handle a permission request, the Policy Manager module examines all the policies in the system, and then Permission Manager could make a permission decision according to the action (e.g. allow or deny) specified in the match policy. Besides, our policy language is extensible for introducing new permission handling actions. 4.3 POLICY MANAGER: Permission Manager first queries Policy Manager to select a policy which best matches the current application context. If no policy matches, Permission Manager would fall back to the original permission enforcement mode. To test whether a policy could match a permission request, Policy Manager first checks the requested permission and the requestor application. When both attributes match, Policy Manager further compares the application context. The application context matching is relatively slow, so we use a cache to remember the context matching results. If multiple policies are found to match, Policy Manager would select the one that express the most fine-grained application context. Policy Manager also supports adding and removing policies to/from the system, as well as registering new action types to extend the policy language. The next sect ion will show how these policies can be used to refine current permission model. 4.4 PERMISSION RECORD: In the original mode, permission requests are handled by querying the Permission Record to grant all the permissions declared in the application manifest file. When a matched policy is selected for the current permission request, Permission Manager just needs to follow the action (e.g. allow or deny) specified in the policy. V. CONCLUSION This paper presents FineDroid, which brings context-sensitive permission enforcement to Android. By associating each permission quest with its application context, FineDroid provides a fine-grained permission control. The a pplication context in Fine-Droid covers not only intra- application context , but also inter-application context. To automatically track such application context, FineDroid designs a new seamless context tracking technique. FineDroid also features a policy frame work to flexibly regulate context- sensitive permission rules. This paper further demonstrates the effectiveness of FineDroid by creating two security extensions upon FineDroid for administrators and application developers. The performance evaluation shows that the overhead introduced by FineDroid is minor. ACKNOWLEDGMENT The author deeply indebted to honorable Shri A.SRINIVASAN(Founder Chairman), SHRI P.NEELRAJ(Secretary) Dhanalakshmi Srinivasan Group of Institutions, Perambalur for giving me opportunity to work and avail the facilities of the College Campus. The author heartfelt and sincere thanks to Principal Dr.ARUNA DINAKARAN, Vice Principal Prof.S.H.AFROZE, HoD Mrs.V.VANEESWARI, (Dept. of CS & IT) Project Guide Ms.R.ARUNADEVI, (Dept. of CS & IT) of Dhanalakshmi Srinivasan College of Arts & Science for Women,Perambalur. The author also thanks to parents, Family Members, Friends, Relatives for their support, freedom and motivation. REFERENCES 1. Android Remains the Leader in the Smartphone Operating System Market, Jun. 2015, [online] Available: http://www.idc.com/getdoc.jsp?containerId=prUS24108913. 2. Security Threat Report 2013, Jun. 2015, [online] Available: http://www.sophos.com/en-us/security-news-trends/reports/security- threat-report/android-malware.aspx. 3. Smalley, R. Craig, "Security enhanced (SE) Android: Bringing flexible MAC to Android", Proc. NDSS, pp. 20-38, 2013. 4. S. Bugiel, S. Heuser, A.-R. Sadeghi, "Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies", Proc. USENIX Secur., pp. 131-146, 2013. 5. W. Enck, M. Ongtang, P. McDaniel, "Understanding Android security", IEEE Security Privacy, vol. 7, no. 1, pp. 50-57, Jan./Feb. 2009. 6. A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, E. Chin, "Permission re-delegation: Attacks and defenses", Proc. USENIX Secur., pp. 22, 2011. 7. “Sophos security threat report 2013,” http://www.sophos.com/en-us/se curity-news-trends/reports/security-threat-report/android- malware.aspx. 8. M. Grace, Y. Zhou, Z. Wang, and X. Jiang, “Systematic detection of capability leaks in stock android smartphones,” in Proc. of NDSS ’12.
International Journal of Engineering and Techniques - Volume 3 Issue 1, Jan – Feb 2017 ISSN: 2395-1303 http://www.ijetjournal.org Page 37 9. Y. Fratantonio, A. Bianchi, W. Robertson, M. Egele, C.Kruegel, E. Kirda, and G. Vigna, “On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users,” in Proc. of DIMVA ’15. 10. M. Conti, V. T. N. Nguyen, B. Crispo, "CRePE: Context-related policy enforcement for Android", Proc. ISC, pp. 331-345, 2010. BIOGRAPHICAL NOTES Ms.CHITRA.S is presently pursuing Computer Science M.Sc., Final year the Department of Computer Science From Dhanalakshmi Srinivasan College of Arts and Science for Women, Perambalur, Tamil Nadu ,India. Ms.ARUNADEVI.R - Received M.S.c., M.Phil Degree in Computer Science. She is currently working as Assistant Professor in Department of Computer Science in Dhanalakshmi Srinivasan College of Arts and Science for Women, Perambalur Tamil Nadu, India. She has Published papers in various journals like Mobile Communication in 4G Technology, DNS Support for Load Balancing, Securing Wireless Sensor Networks with Public Key Techniques.

Recommended

Attribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesAttribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesIJCSIS Research Publications
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devicesIOSR Journals
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportVinoth Kanna
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
I018145157
I018145157I018145157
I018145157IOSR Journals
 
Android security
Android securityAndroid security
Android securityDr Amira Bibo
 
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...IJNSA Journal
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8shriram suryanarayanan
 

Recommended

Attribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesAttribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesIJCSIS Research Publications
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devicesIOSR Journals
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportVinoth Kanna
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
I018145157
I018145157I018145157
I018145157IOSR Journals
 
Android security
Android securityAndroid security
Android securityDr Amira Bibo
 
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...IJNSA Journal
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8shriram suryanarayanan
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
Systematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesSystematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesMichael Scovetta
 
Detection and prevention method of rooting attack on the android phones
Detection and prevention method of rooting attack on the android phonesDetection and prevention method of rooting attack on the android phones
Detection and prevention method of rooting attack on the android phonesIAEME Publication
 
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROLAPPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROLInternational Journal of Technical Research & Application
 
Mediating Applications on the Android System
Mediating Applications on the Android SystemMediating Applications on the Android System
Mediating Applications on the Android SystemNizar Maan
 
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET Journal
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 
Android Based Total Security for System Authentication
Android Based Total Security for System AuthenticationAndroid Based Total Security for System Authentication
Android Based Total Security for System AuthenticationIJERA Editor
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesIOSR Journals
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Intrusion Detection in Industrial Automation by Joint Admin Authorization
Intrusion Detection in Industrial Automation by Joint Admin AuthorizationIntrusion Detection in Industrial Automation by Joint Admin Authorization
Intrusion Detection in Industrial Automation by Joint Admin AuthorizationIJMTST Journal
 
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...CSCJournals
 
Detection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacksDetection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacksAmina WADDIZ
 
Tech mahindra whitepaper modified mobile app store architecture with pro acti...
Tech mahindra whitepaper modified mobile app store architecture with pro acti...Tech mahindra whitepaper modified mobile app store architecture with pro acti...
Tech mahindra whitepaper modified mobile app store architecture with pro acti...anuragsinghal1981
 
Security framework for connected devices
Security framework for connected devicesSecurity framework for connected devices
Security framework for connected devicesHCL Technologies
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252IJMER
 
Context based access control systems for mobile devices
Context based access control systems for mobile devicesContext based access control systems for mobile devices
Context based access control systems for mobile devicesLeMeniz Infotech
 
Internal security on an ids based on agents
Internal security on an ids based on agentsInternal security on an ids based on agents
Internal security on an ids based on agentscsandit
 
Android_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdfAndroid_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdfTalha Naqash
 
Android security
Android securityAndroid security
Android securityDr Amira Bibo
 
IRJET- Root Security Firewall
IRJET- Root Security FirewallIRJET- Root Security Firewall
IRJET- Root Security FirewallIRJET Journal
 

More Related Content

What's hot

Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
Systematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesSystematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesMichael Scovetta
 
Detection and prevention method of rooting attack on the android phones
Detection and prevention method of rooting attack on the android phonesDetection and prevention method of rooting attack on the android phones
Detection and prevention method of rooting attack on the android phonesIAEME Publication
 
Mediating Applications on the Android System
Mediating Applications on the Android SystemMediating Applications on the Android System
Mediating Applications on the Android SystemNizar Maan
 
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET Journal
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 
Android Based Total Security for System Authentication
Android Based Total Security for System AuthenticationAndroid Based Total Security for System Authentication
Android Based Total Security for System AuthenticationIJERA Editor
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesIOSR Journals
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Intrusion Detection in Industrial Automation by Joint Admin Authorization
Intrusion Detection in Industrial Automation by Joint Admin AuthorizationIntrusion Detection in Industrial Automation by Joint Admin Authorization
Intrusion Detection in Industrial Automation by Joint Admin AuthorizationIJMTST Journal
 
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...CSCJournals
 
Detection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacksDetection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacksAmina WADDIZ
 
Tech mahindra whitepaper modified mobile app store architecture with pro acti...
Tech mahindra whitepaper modified mobile app store architecture with pro acti...Tech mahindra whitepaper modified mobile app store architecture with pro acti...
Tech mahindra whitepaper modified mobile app store architecture with pro acti...anuragsinghal1981
 
Security framework for connected devices
Security framework for connected devicesSecurity framework for connected devices
Security framework for connected devicesHCL Technologies
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252IJMER
 
Context based access control systems for mobile devices
Context based access control systems for mobile devicesContext based access control systems for mobile devices
Context based access control systems for mobile devicesLeMeniz Infotech
 
Internal security on an ids based on agents
Internal security on an ids based on agentsInternal security on an ids based on agents
Internal security on an ids based on agentscsandit
 

What's hot (19)

Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphones
 
Systematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesSystematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android Smartphones
 
Detection and prevention method of rooting attack on the android phones
Detection and prevention method of rooting attack on the android phonesDetection and prevention method of rooting attack on the android phones
Detection and prevention method of rooting attack on the android phones
 
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROLAPPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
 
Mediating Applications on the Android System
Mediating Applications on the Android SystemMediating Applications on the Android System
Mediating Applications on the Android System
 
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
 
Android Based Total Security for System Authentication
Android Based Total Security for System AuthenticationAndroid Based Total Security for System Authentication
Android Based Total Security for System Authentication
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Intrusion Detection in Industrial Automation by Joint Admin Authorization
Intrusion Detection in Industrial Automation by Joint Admin AuthorizationIntrusion Detection in Industrial Automation by Joint Admin Authorization
Intrusion Detection in Industrial Automation by Joint Admin Authorization
 
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
 
Detection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacksDetection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacks
 
Tech mahindra whitepaper modified mobile app store architecture with pro acti...
Tech mahindra whitepaper modified mobile app store architecture with pro acti...Tech mahindra whitepaper modified mobile app store architecture with pro acti...
Tech mahindra whitepaper modified mobile app store architecture with pro acti...
 
Security framework for connected devices
Security framework for connected devicesSecurity framework for connected devices
Security framework for connected devices
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252
 
Context based access control systems for mobile devices
Context based access control systems for mobile devicesContext based access control systems for mobile devices
Context based access control systems for mobile devices
 
Internal security on an ids based on agents
Internal security on an ids based on agentsInternal security on an ids based on agents
Internal security on an ids based on agents
 

Similar to IJET-V3I1P9

Android_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdfAndroid_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdfTalha Naqash
 
IRJET- Root Security Firewall
IRJET- Root Security FirewallIRJET- Root Security Firewall
IRJET- Root Security FirewallIRJET Journal
 
IRJET- Root Security Firewall
IRJET- Root Security FirewallIRJET- Root Security Firewall
IRJET- Root Security FirewallIRJET Journal
 
Permission based malware detection by using k means algorithm in Android OS
Permission based malware detection by using k means algorithm in Android OSPermission based malware detection by using k means algorithm in Android OS
Permission based malware detection by using k means algorithm in Android OSBRNSSPublicationHubI
 
Technology overview of_mobil_247134-1
Technology overview of_mobil_247134-1Technology overview of_mobil_247134-1
Technology overview of_mobil_247134-1lverb
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 
I03402059063
I03402059063I03402059063
I03402059063theijes
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniquesijdpsjournal
 
Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Satheesh Kumar V
 
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...MOBIQUANT TECHNOLOGIES
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET Journal
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityMohammad Khreesha
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET Journal
 
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMIJNSA Journal
 
Garbage Management using Android Smartphone
Garbage Management using Android SmartphoneGarbage Management using Android Smartphone
Garbage Management using Android Smartphoneijsrd.com
 

Similar to IJET-V3I1P9 (20)

Android_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdfAndroid_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdf
 
Android security
Android securityAndroid security
Android security
 
IRJET- Root Security Firewall
IRJET- Root Security FirewallIRJET- Root Security Firewall
IRJET- Root Security Firewall
 
IRJET- Root Security Firewall
IRJET- Root Security FirewallIRJET- Root Security Firewall
IRJET- Root Security Firewall
 
A017360104
A017360104A017360104
A017360104
 
Permission based malware detection by using k means algorithm in Android OS
Permission based malware detection by using k means algorithm in Android OSPermission based malware detection by using k means algorithm in Android OS
Permission based malware detection by using k means algorithm in Android OS
 
Ndss12 woodpecker
Ndss12 woodpeckerNdss12 woodpecker
Ndss12 woodpecker
 
Android Security
Android SecurityAndroid Security
Android Security
 
Technology overview of_mobil_247134-1
Technology overview of_mobil_247134-1Technology overview of_mobil_247134-1
Technology overview of_mobil_247134-1
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
 
I03402059063
I03402059063I03402059063
I03402059063
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniques
 
Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017
 
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection System
 
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
 
Garbage Management using Android Smartphone
Garbage Management using Android SmartphoneGarbage Management using Android Smartphone
Garbage Management using Android Smartphone
 

More from IJET - International Journal of Engineering and Techniques

More from IJET - International Journal of Engineering and Techniques (20)

healthcare supervising system to monitor heart rate to diagonize and alert he...
healthcare supervising system to monitor heart rate to diagonize and alert he...healthcare supervising system to monitor heart rate to diagonize and alert he...
healthcare supervising system to monitor heart rate to diagonize and alert he...
 
verifiable and multi-keyword searchable attribute-based encryption scheme for...
verifiable and multi-keyword searchable attribute-based encryption scheme for...verifiable and multi-keyword searchable attribute-based encryption scheme for...
verifiable and multi-keyword searchable attribute-based encryption scheme for...
 
Ijet v5 i6p18
Ijet v5 i6p18Ijet v5 i6p18
Ijet v5 i6p18
 
Ijet v5 i6p17
Ijet v5 i6p17Ijet v5 i6p17
Ijet v5 i6p17
 
Ijet v5 i6p16
Ijet v5 i6p16Ijet v5 i6p16
Ijet v5 i6p16
 
Ijet v5 i6p15
Ijet v5 i6p15Ijet v5 i6p15
Ijet v5 i6p15
 
Ijet v5 i6p14
Ijet v5 i6p14Ijet v5 i6p14
Ijet v5 i6p14
 
Ijet v5 i6p13
Ijet v5 i6p13Ijet v5 i6p13
Ijet v5 i6p13
 
Ijet v5 i6p12
Ijet v5 i6p12Ijet v5 i6p12
Ijet v5 i6p12
 
Ijet v5 i6p11
Ijet v5 i6p11Ijet v5 i6p11
Ijet v5 i6p11
 
Ijet v5 i6p10
Ijet v5 i6p10Ijet v5 i6p10
Ijet v5 i6p10
 
Ijet v5 i6p2
Ijet v5 i6p2Ijet v5 i6p2
Ijet v5 i6p2
 
IJET-V3I2P24
IJET-V3I2P24IJET-V3I2P24
IJET-V3I2P24
 
IJET-V3I2P23
IJET-V3I2P23IJET-V3I2P23
IJET-V3I2P23
 
IJET-V3I2P22
IJET-V3I2P22IJET-V3I2P22
IJET-V3I2P22
 
IJET-V3I2P21
IJET-V3I2P21IJET-V3I2P21
IJET-V3I2P21
 
IJET-V3I2P20
IJET-V3I2P20IJET-V3I2P20
IJET-V3I2P20
 
IJET-V3I2P19
IJET-V3I2P19IJET-V3I2P19
IJET-V3I2P19
 
IJET-V3I2P18
IJET-V3I2P18IJET-V3I2P18
IJET-V3I2P18
 
IJET-V3I2P17
IJET-V3I2P17IJET-V3I2P17
IJET-V3I2P17
 

Recently uploaded

APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 

Recently uploaded (20)

★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 

IJET-V3I1P9

  • 1. International Journal of Engineering and Techniques - Volume 3 Issue 1, Jan – Feb 2017 ISSN: 2395-1303 http://www.ijetjournal.org Page 33 Rethinking Permission Enforcement Mechanism on Mobile System Ms.CHITRA.S1 , Ms.ARUNADEVI.R2 1,2 ( Department of CS & IT, Dhanalakshmi Srinivasan College of Arts & Science for Women, Perambalur-621 212.) I. INTRODUCTION A mobile phone is a small, resource-restricted and highly security-sensitive device whose fundamental goal is to enable secure services for its users. These devices have been deployed in a large number of heterogeneous industries and used by a large user base. Rethinking permission granting in modern operating systems. Android become very popular because of its various advantages and capacities. There are many ways to get information or data of the use from a service on their mobile phone. The modern mobile systems such as Android, iOS design a permission-based access control model to protect sensitive resources from unauthorized use. In this model, the accesses to protected resources without the accesses to protected resources without permission enforcement system. Since Android has been expanding its market share rapidly as the most popular mobile platform. Ideally, the Android permission model should prevent malicious applications from abusing sensitive resources. However, the current permission model could not enforce a fine-grained control over permission use contexts (in this paper, when we say context we mean the application execution context). As a result, malicious entities could easily abuse permissions, leading to the explosion of Android malware these years and the numerous reported application vulnerabilities. Since Android has been expanding its market share rapidly as the most popular mobile platform this paper mainly focuses on the permission model of Android. Currently, the coarse-grained permission enforcement mechanism is limited in the following two aspects. Abstract: To protect sensitive resources from unauthorized use, modern mobile systems, such a Android and iOS, design a permission-based access control model. However, current model could not enforce fine-grained control over the dynamic permission use contexts, causing two severe security problems. First, any code package in an application could use the granted permissions, inducing attackers to embed malicious payloads into benign apps. Second, the permissions granted to a benign application may be utilized by an attacker through vulnerable application interactions. Although ad hoc solutions have been proposed, none could systematically solve these two issues within a unified framework. The first such framework to provide context-sensitive permission enforcement that regular’s permission use policies according to system-wide application contexts, which cover both intra-application context and inter-application context. We build a prototype system on Android , named FineDroid, to track such context during the applicaton execution. To flexibly regulate the context-sensitive permission rules, FineDroid features a policy framework that could express generic application contexts. We demonstrate the benefits of FineDroid by instantiating several security extensions based on the policy framework, for three potential users: end users, administrators and developers. Furthermore, FineDroid is showed to introduce a minor overhead Keywords: Sensitive resources, permission, framework, intra-application context, inter-application context, FineDroid. RESEARCH ARTICLE OPEN ACCESS
  • 2. International Journal of Engineering and Techniques - Volume 3 Issue 1, Jan – Feb 2017 ISSN: 2395-1303 http://www.ijetjournal.org Page 34  Intra-application Context Insensitive: Current permission model treats each application as a separate principal and permissions are granted at the granularity of application, thus all the code packages in the application could access the protected resources with the same granted permissions. In fact, not all the code packages in a single application come from a same origin.  Inter-application Context Insensitive: Application interaction is a common characteristic of mobile applications. However, this new characteristic is transparent to the current coarse-grained permission enforcement mechanism, exposing a new attack surface, i.e., the permissions granted to a vulnerable application may be abused by an attacker application via inter-application communication. Given these problems, plenty of extensions have been proposed to refine the Android permission model. Context-aware permission models are proposed to support different permission policies according to external contexts, such as location, time of the day. However, these works still could not address the two limitations described above. There are also some work dedicated to reduce the risk of inter- application communication or to isolate untrusted components inside an application. However, none could achieve unified and flexible control according to the system- wide application context. In this paper, we seek to fill the gap by bringing context-sensitive permission enforcement. We design a prototype, called FineDroid to provide fine-grained permission control over the application context. For example, if app’ A is allowed to use SEND_SMS permission in the context C, when app A requests SEND_SMS permission in another context C’, it would be treated as a different request of SEND_SMS permission. In FineDroid, we consider both the intra-application context which represents the internal execution context of an application, and the inter-application context which reflects the IPC context of interacted applications. It is non-trivial to track such context in Android. II. SYSTEM ARCHITECTURE FineDroid designs several techniques to automatically track such contexts along with the application execution. To ease the administration of permission control policies, FineDroid also features a policy framework which is general enough to express the rules for handling permission requests in a context-sensitive manner. To demonstrate the benefits of FineDroid, we create two security extensions for administrators and developers. First, since permission leak vulnerability is very common and dangerous, we show how administrators could benefit from our system in transparently fixing these vulnerabilities without modifying vulnerable applications. Second, we provide application developers with the ability of restricting untrusted third-party SDK by declaring fine-grained permission specifications in the manifest file. Fig.1 system architecture A. USER: A user is the client i.e. the person who gives the input data . B. ADMIN The admin is the person who manages all the user accounts as well as the information of the places is also updated by him. C. PERMISSION MANAGER: start End User Admin Permission manager Policy manager Permission manager request r e s p o n s e
  • 3. International Journal of Engineering and Techniques - Volume 3 Issue 1, Jan – Feb 2017 ISSN: 2395-1303 http://www.ijetjournal.org Page 35 To handle a permission request, the Policy Manager module examines all the policies in the system. D. POLICY MANAGER: Permission Manager first queries Policy Manager to select a policy which best matches the current application context. E. PERMISSION RECORD: permission requests are handled by querying the Permission Record to grant all the permissions declared in the application manifest file. In this paper, we make the following contributions:  We propose context-sensitive permission enforcement to deal with severe security problems of mobile systems. Considering the characteristics of mobile applications, it is important and necessary to take the application context into account when regulating permission requests.  We design a novel context tracking technique to track intra-application context and inter-application context during the application execution.  We design a new policy framework to flexibly and generally regulate permission requests with respect to the fine-grained application context.  We demonstrate two security extensions based on the context-sensitive permission enforcement system, by just writing policies and sometimes a small number of auxiliary code.  We evaluate the security benefits gained by the two security extensions and report the performance overhead. III. PROBLEM DESCRIPTION 3.1 EXISTING SYSTEM: In existing permission model, each application is treated as a separate principal, while the above analysis indicates that the application code may be contributed by multiple parties (app developers, SDK providers, repackaged payload, etc). Current permission enforcement mechanism is limited in simply applying a single security policy for the entire app. To identify the leaked permissions or capabilities, they have developed a tool called Woodpecker. Woodpecker is used to examine how the Android- essential permission-based security model is enforced on current leading Android-based smart phones. 3.1.1 DISADVANTAGE  Malicious entities could easily abuse permissions.  Leading to the explosion of Android malware.  A user may wish to grant the SEND_SMS permission only when she clicks the “send” button but in any other contexts of the application. 3.2 PROPOSED SYSTEM: We propose context-sensitive permission enforcement to deal with severe security problems of mobile systems. Considering the characteristics of mobile applications, it is important and necessary to take the application context into account when regulating permission requests. We design a novel context tracking technique to track intra-application context and inter-application context during the application execution. Design a novel context tracking technique to track intra application context and inter- application context during the application execution. Design a new policy framework to flexibly and generally regulate permission requests with respect to the fine-grained application context. Context-sensitive permission enforcement to deal with severe security problems of mobile systems. 3.2.1 ADVANTAGES:  We design a new policy framework to flexibly and generally regulate permission requests with respect to the fine-grained application context.  We demonstrate three security extensions based on the context-sensitive permission enforcement system, by just writing policies and sometimes a small number of auxiliary Code.  Minor overhead  Seamless context tracking  Security benefits IV. METHODOLOGY 1. Inter-application context insensitive 2. Permission manager 3. Policy manager 4. Permission record MODULE DESCRIPTION:
  • 4. International Journal of Engineering and Techniques - Volume 3 Issue 1, Jan – Feb 2017 ISSN: 2395-1303 http://www.ijetjournal.org Page 36 4.1 INTER-APPLICATION CONTEXT INSENSITIVE: Although application interaction is a common characteristic of mobile applications, it is transparent to the current coarse-grained permission enforcement mechanism, exposing a new attack surface, i.e., the permissions granted to a vulnerable application may be abused by an attacker application via inter-application communication. 4.2 PERMISSION MANAGER: To handle a permission request, the Policy Manager module examines all the policies in the system, and then Permission Manager could make a permission decision according to the action (e.g. allow or deny) specified in the match policy. Besides, our policy language is extensible for introducing new permission handling actions. 4.3 POLICY MANAGER: Permission Manager first queries Policy Manager to select a policy which best matches the current application context. If no policy matches, Permission Manager would fall back to the original permission enforcement mode. To test whether a policy could match a permission request, Policy Manager first checks the requested permission and the requestor application. When both attributes match, Policy Manager further compares the application context. The application context matching is relatively slow, so we use a cache to remember the context matching results. If multiple policies are found to match, Policy Manager would select the one that express the most fine-grained application context. Policy Manager also supports adding and removing policies to/from the system, as well as registering new action types to extend the policy language. The next sect ion will show how these policies can be used to refine current permission model. 4.4 PERMISSION RECORD: In the original mode, permission requests are handled by querying the Permission Record to grant all the permissions declared in the application manifest file. When a matched policy is selected for the current permission request, Permission Manager just needs to follow the action (e.g. allow or deny) specified in the policy. V. CONCLUSION This paper presents FineDroid, which brings context-sensitive permission enforcement to Android. By associating each permission quest with its application context, FineDroid provides a fine-grained permission control. The a pplication context in Fine-Droid covers not only intra- application context , but also inter-application context. To automatically track such application context, FineDroid designs a new seamless context tracking technique. FineDroid also features a policy frame work to flexibly regulate context- sensitive permission rules. This paper further demonstrates the effectiveness of FineDroid by creating two security extensions upon FineDroid for administrators and application developers. The performance evaluation shows that the overhead introduced by FineDroid is minor. ACKNOWLEDGMENT The author deeply indebted to honorable Shri A.SRINIVASAN(Founder Chairman), SHRI P.NEELRAJ(Secretary) Dhanalakshmi Srinivasan Group of Institutions, Perambalur for giving me opportunity to work and avail the facilities of the College Campus. The author heartfelt and sincere thanks to Principal Dr.ARUNA DINAKARAN, Vice Principal Prof.S.H.AFROZE, HoD Mrs.V.VANEESWARI, (Dept. of CS & IT) Project Guide Ms.R.ARUNADEVI, (Dept. of CS & IT) of Dhanalakshmi Srinivasan College of Arts & Science for Women,Perambalur. The author also thanks to parents, Family Members, Friends, Relatives for their support, freedom and motivation. REFERENCES 1. Android Remains the Leader in the Smartphone Operating System Market, Jun. 2015, [online] Available: http://www.idc.com/getdoc.jsp?containerId=prUS24108913. 2. Security Threat Report 2013, Jun. 2015, [online] Available: http://www.sophos.com/en-us/security-news-trends/reports/security- threat-report/android-malware.aspx. 3. Smalley, R. Craig, "Security enhanced (SE) Android: Bringing flexible MAC to Android", Proc. NDSS, pp. 20-38, 2013. 4. S. Bugiel, S. Heuser, A.-R. Sadeghi, "Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies", Proc. USENIX Secur., pp. 131-146, 2013. 5. W. Enck, M. Ongtang, P. McDaniel, "Understanding Android security", IEEE Security Privacy, vol. 7, no. 1, pp. 50-57, Jan./Feb. 2009. 6. A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, E. Chin, "Permission re-delegation: Attacks and defenses", Proc. USENIX Secur., pp. 22, 2011. 7. “Sophos security threat report 2013,” http://www.sophos.com/en-us/se curity-news-trends/reports/security-threat-report/android- malware.aspx. 8. M. Grace, Y. Zhou, Z. Wang, and X. Jiang, “Systematic detection of capability leaks in stock android smartphones,” in Proc. of NDSS ’12.
  • 5. International Journal of Engineering and Techniques - Volume 3 Issue 1, Jan – Feb 2017 ISSN: 2395-1303 http://www.ijetjournal.org Page 37 9. Y. Fratantonio, A. Bianchi, W. Robertson, M. Egele, C.Kruegel, E. Kirda, and G. Vigna, “On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users,” in Proc. of DIMVA ’15. 10. M. Conti, V. T. N. Nguyen, B. Crispo, "CRePE: Context-related policy enforcement for Android", Proc. ISC, pp. 331-345, 2010. BIOGRAPHICAL NOTES Ms.CHITRA.S is presently pursuing Computer Science M.Sc., Final year the Department of Computer Science From Dhanalakshmi Srinivasan College of Arts and Science for Women, Perambalur, Tamil Nadu ,India. Ms.ARUNADEVI.R - Received M.S.c., M.Phil Degree in Computer Science. She is currently working as Assistant Professor in Department of Computer Science in Dhanalakshmi Srinivasan College of Arts and Science for Women, Perambalur Tamil Nadu, India. She has Published papers in various journals like Mobile Communication in 4G Technology, DNS Support for Load Balancing, Securing Wireless Sensor Networks with Public Key Techniques.