Presentation is loading. Please wait.

Presentation is loading. Please wait.

Checking More Alerting Less PRESENTED BY: AMIN ROIS SINUNG NUGROHO.

Published byIra Dickerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Checking More Alerting Less PRESENTED BY: AMIN ROIS SINUNG NUGROHO."— Presentation transcript:

1 Checking More Alerting Less PRESENTED BY: AMIN ROIS SINUNG NUGROHO

2 Authors.

3

4

5

6 Pronounced as Apple.

7 Improvements of AAPL over previous works

8

9

10 Purifying Peer Apps  Noisy Apps: Most popular apps, frequently installed along. Filter with same category policy.  Accessories Apps: Compare similarity in apps description (English only) using natural language processing technique called semantic similarity.  Polluting Apps: Apps from the same developer with similar functionality. Filter by developer account.

11

12 Uncovering Privacy Disclosures  Conditional Flow Identification (sensitivities can’t be surely determined) a. Opportunistic Constant Evaluation (dependent on parameter value), e.g., uri=content://contacts//…” will be considered as sensitive data source. b. Object Origin Interface (dependent on object type), infer derived type of interested object, e.g., HttpsURLConnection.getOutputStream(), will be considered as sensitive sink.  Joint Flow Tracking joint flow tracking records all potential sources/sinks even they point to non-sensitive resources/channels, and finds all sub-flows containing potential sources or potential sinks by conservatively matching all potential sinks with all potential sources.

13

14

15 CHEX

16 IBM Wala

17 AAPL Usage Cases  Market Providers (e.g. Google Play) An efficient detection and screening system to detect apps with potential privacy leakages.  Users Identify apps with suspicious privacy disclosures. (should be developed further to recommend alternative apps with less or none privacy disclosures)  Developers Check whether their apps have suspicious privacy disclosures. If caused by third party library, choose an alternative library.

18

19

20

21 Already cited by 3 papers in less than a year.

22 Weaknesses  Peer apps selection has not been bound formally by an algorithm. Such algorithm will make it more scalable.  The authors skipped non English description from the peer apps filtering. It should not be hard to use digital translator such as Google translate to provide better peer apps filtering.  Peer voting mechanism will not work if majority of peer apps show similar behavior. Suspicious primary apps will be detected as legitimate in this scenario.  Because of Android fragmentation, this method might not work well in all Android version (software) or devices (hardware).

23 Further Improvement  Recommend an alternative apps from peer apps in a situation where the primary apps display suspicious privacy disclosures.

24 Thank you.

Download ppt "Checking More Alerting Less PRESENTED BY: AMIN ROIS SINUNG NUGROHO."

Similar presentations

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.
By: Lucas Clarkson.  “could potentially launch a ‘root exploit’ attack to take control of your phone” - Dr. Xuxian Jiang  Ads use GPS, call logs, phone.

By: Lucas Clarkson.  “could potentially launch a ‘root exploit’ attack to take control of your phone” - Dr. Xuxian Jiang  Ads use GPS, call logs, phone.
SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.

SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Centers for IBM e-Business Innovation :: Chicago © 2005 IBM Corporation IBM Project October 2005.

Centers for IBM e-Business Innovation :: Chicago © 2005 IBM Corporation IBM Project October 2005.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
LS403 Evaluation of Information Services Problem Statements.

LS403 Evaluation of Information Services Problem Statements.
The Project AH Computing. Functional Requirements  What the product must do!  Examples attractive welcome screen all options available as clickable.

The Project AH Computing. Functional Requirements  What the product must do!  Examples attractive welcome screen all options available as clickable.
Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)

Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)
Project Proposal: Academic Job Market and Application Tracker Website Project designed by: Cengiz Gunay Client: Cengiz Gunay Audience: PhD candidates and.

Project Proposal: Academic Job Market and Application Tracker Website Project designed by: Cengiz Gunay Client: Cengiz Gunay Audience: PhD candidates and.
Sophos Mobile Security

Sophos Mobile Security
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.

Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.
PrivacyShield: Real-time Monitoring and Detection of Android Privacy Leakage Review and Discussion Yan Chen Lab of Internet and Security Technology Northwestern.

PrivacyShield: Real-time Monitoring and Detection of Android Privacy Leakage Review and Discussion Yan Chen Lab of Internet and Security Technology Northwestern.
Chapter 12: Finale! Publishing Your Android App. Objectives In this chapter, you learn to: Understand Google Play Target various device configurations.

Chapter 12: Finale! Publishing Your Android App. Objectives In this chapter, you learn to: Understand Google Play Target various device configurations.
1 Shawlands Academy Higher Computing Software Development Unit.

1 Shawlands Academy Higher Computing Software Development Unit.
Wave Relay System and General Project Details. Wave Relay System Provides seamless multi-hop connectivity Operates at layer 2 of networking stack Seamless.

Wave Relay System and General Project Details. Wave Relay System Provides seamless multi-hop connectivity Operates at layer 2 of networking stack Seamless.
Characteristic Studies of User- Perceived Information in Security Analysis Wei Yang Univ. of Illinois.

Characteristic Studies of User- Perceived Information in Security Analysis Wei Yang Univ. of Illinois.
Michael Margel Dec 2 2013 CSC 2524 SURFBRD. What is SURFBRD? SURFace-Based Remote Desktop Pronounced “Surfboard” A desktop environment that allows users.

Michael Margel Dec CSC 2524 SURFBRD. What is SURFBRD? SURFace-Based Remote Desktop Pronounced “Surfboard” A desktop environment that allows users.
SUPOR : Precise and Scalable Sensitive User Input Detection for Android Apps Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang,

SUPOR : Precise and Scalable Sensitive User Input Detection for Android Apps Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang,
Forensic Aspect of Remote Wiping in Android Presented by: Ming Di Leom Supervisor: Dr. Kim-Kwang Raymond Choo.

Forensic Aspect of Remote Wiping in Android Presented by: Ming Di Leom Supervisor: Dr. Kim-Kwang Raymond Choo.

Similar presentations

Ads by Google