Checking More Alerting Less PRESENTED BY: AMIN ROIS SINUNG NUGROHO.

Slides:

Advertisements

Similar presentations

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.

Advertisements

By: Lucas Clarkson.  “could potentially launch a ‘root exploit’ attack to take control of your phone” - Dr. Xuxian Jiang  Ads use GPS, call logs, phone.

SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Centers for IBM e-Business Innovation :: Chicago © 2005 IBM Corporation IBM Project October 2005.

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

LS403 Evaluation of Information Services Problem Statements.

The Project AH Computing. Functional Requirements  What the product must do!  Examples attractive welcome screen all options available as clickable.

Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)

Project Proposal: Academic Job Market and Application Tracker Website Project designed by: Cengiz Gunay Client: Cengiz Gunay Audience: PhD candidates and.

Sophos Mobile Security

Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.

PrivacyShield: Real-time Monitoring and Detection of Android Privacy Leakage Review and Discussion Yan Chen Lab of Internet and Security Technology Northwestern.

Chapter 12: Finale! Publishing Your Android App. Objectives In this chapter, you learn to: Understand Google Play Target various device configurations.

1 Shawlands Academy Higher Computing Software Development Unit.

Wave Relay System and General Project Details. Wave Relay System Provides seamless multi-hop connectivity Operates at layer 2 of networking stack Seamless.

Characteristic Studies of User- Perceived Information in Security Analysis Wei Yang Univ. of Illinois.

Michael Margel Dec CSC 2524 SURFBRD. What is SURFBRD? SURFace-Based Remote Desktop Pronounced “Surfboard” A desktop environment that allows users.

SUPOR : Precise and Scalable Sensitive User Input Detection for Android Apps Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang,

Forensic Aspect of Remote Wiping in Android Presented by: Ming Di Leom Supervisor: Dr. Kim-Kwang Raymond Choo.

From Use Cases to Test Cases 1. A Tester’s Perspective  Without use cases testers will approach the system to be tested as a “black box”. “What, exactly,

1 The Software Development Process  Systems analysis  Systems design  Implementation  Testing  Documentation  Evaluation  Maintenance.

Software and Hardware Interaction

GEOREMINDERS ANDROID APPLICATION BY: ADRIENNE KECK.

University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,

Lecture 7: Requirements Engineering

The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.

Instructions for Administrators Choose the Enrollment slide decks that match your environment, either for SaaS or On Premise. Edit the red text to match.

Course grading Project: 75% Broken into several incremental deliverables Paper appraisal/evaluation/project tool evaluation in earlier May: 25%

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

Quality of System requirements 1 Performance The performance of a Web service and therefore Solution 2 involves the speed that a request can be processed.

The Software Development Process

Semantic Clipboard User Interface is integrated in the Browser Architecture of the Semantic Clipboard Illustration of a license incompliant content reuse.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

You’re Leaving Footprints TROPE: Teachers’ Resources for Online Privacy Education 1.

How Your Customers Will Pay Online & by Phone

Bloom Cookies: Web Search Personalization without User Tracking Authors: Nitesh Mor, Oriana Riva, Suman Nath, and John Kubiatowicz Presented by Ben Summers.

Facebook Messenger Presentation

Power Guru: Implementing Smart Power Management on the Android Platform Written by Raef Mchaymech.

Internet 2 and DoDHE: Research Issues From The iSchool Perspective Mike Eisenberg Dean and Professor The Information School University of Washington, Oct.

Enhancing Mobile Apps to Use Sensor Hubs without Programmer Effort Haichen Shen, Aruna Balasubramanian, Anthony LaMarca, David Wetherall 1.

AppAudit Effective Real-time Android Application Auditing Andrew Jeong

“What the is That? Deception and Countermeasures in the Android User Interface” Presented by Luke Moors.

Preparing Your Apps for Publication Test your app thoroughly on a variety of devices. The app might work perfectly using the emulator on your.

Android forensics: Automated data collection and reporting from a mobile device Justin Grover Digital Investigation Volume 10, Supplement, August 2013,

Advanced Higher Computing Science

ETS Inside Product Launch

Information Security, Theory and Practice.

Apple Privacy Policy As of: 12 September 2016

TriggerScope: Towards Detecting Logic Bombs in Android Applications

Tools for identifying duplicate files and known software files

Usage scenarios, User Interface & tools

By: Nada Alnoaimi Yara Almadi

An assessment framework for Intrusion Prevention System (IPS)

Verification and Validation

SURFBRD Michael Margel Dec CSC 2524.

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.

Author(s): Rahul Sami, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution Noncommercial.

TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.

Quantifying the Fingerprintability of Browser Extensions

Author(s): Rahul Sami, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution Noncommercial.

FICEER 2017 Docker as a Solution for Data Confidentiality Issues in Learning Management System.

Author(s): Rahul Sami, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution Noncommercial.

Epidemic Alerts EECS E6898: TOPICS – INFORMATION PROCESSING: From Data to Solutions Alexander Loh May 5, 2016.

Ethical questions on the use of big data in official statistics

All You Ever Wanted to Know About Dynamic Taint Analysis & Forward Symbolic Execution (but might have been afraid to ask) Edward J. Schwartz, Thanassis.

Towards Obfuscation Resilient Software Plagiarism Detection

Web-based Imaging Management System Working Group - WIMS

Search for Article Citation

Presentation transcript:

Checking More Alerting Less PRESENTED BY: AMIN ROIS SINUNG NUGROHO

Authors.

Pronounced as Apple.

Improvements of AAPL over previous works

Purifying Peer Apps  Noisy Apps: Most popular apps, frequently installed along. Filter with same category policy.  Accessories Apps: Compare similarity in apps description (English only) using natural language processing technique called semantic similarity.  Polluting Apps: Apps from the same developer with similar functionality. Filter by developer account.

Uncovering Privacy Disclosures  Conditional Flow Identification (sensitivities can’t be surely determined) a. Opportunistic Constant Evaluation (dependent on parameter value), e.g., uri=content://contacts//…” will be considered as sensitive data source. b. Object Origin Interface (dependent on object type), infer derived type of interested object, e.g., HttpsURLConnection.getOutputStream(), will be considered as sensitive sink.  Joint Flow Tracking joint flow tracking records all potential sources/sinks even they point to non-sensitive resources/channels, and finds all sub-flows containing potential sources or potential sinks by conservatively matching all potential sinks with all potential sources.

CHEX

IBM Wala

AAPL Usage Cases  Market Providers (e.g. Google Play) An efficient detection and screening system to detect apps with potential privacy leakages.  Users Identify apps with suspicious privacy disclosures. (should be developed further to recommend alternative apps with less or none privacy disclosures)  Developers Check whether their apps have suspicious privacy disclosures. If caused by third party library, choose an alternative library.

Already cited by 3 papers in less than a year.

Weaknesses  Peer apps selection has not been bound formally by an algorithm. Such algorithm will make it more scalable.  The authors skipped non English description from the peer apps filtering. It should not be hard to use digital translator such as Google translate to provide better peer apps filtering.  Peer voting mechanism will not work if majority of peer apps show similar behavior. Suspicious primary apps will be detected as legitimate in this scenario.  Because of Android fragmentation, this method might not work well in all Android version (software) or devices (hardware).

Further Improvement  Recommend an alternative apps from peer apps in a situation where the primary apps display suspicious privacy disclosures.

Thank you.