Abstract
The majority of malicious mobile attacks take advantage of vulnerabilities in mobile applications, such as sensitive data leakage via inadvertent or side channel, unsecured sensitive data storage, data transmission, and many others. Most of these mobile vulnerabilities can be detected in the mobile software testing phase. However, most development teams often have virtually no time to address them due to critical project deadlines. To combat this, the more defect removal filters there are in the software development life cycle, the fewer defects that can lead to vulnerabilities will remain in the software product when it is released. In this paper, we provide details of a data protection module and how it can be enforced in mobile applications. We also share our initial experience and feedback on the module.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Secure Mobile Software Development. https://sites.google.com/site/smsdproject/home
Xie, J., Lipford, H.R., Chu, B.: Why do programmers make security errors? In: Proceedings of IEEE Symposium on Visual Languages and Human Centric Computing, pp. 161–164 (2011)
Introduction to Database Security Issues Types of Security Database. http://www.academia.edu/6866589/Introduction_to_Database_Security_Issues_Types_of_Security_Database
Davis, N.: Secure software development life cycle processes. Software Engineering Institute (2013)
Feng, J., Yang, L.T., Liu, X., Zhan, R.: Privacy-preserving tensor analysis and processing models for wireless Internet of Things. IEEE Wirel. Commun. 25(6), 98–103 (2018)
Whitney, M., Lipford, H., Chu, B., Zhu, J.: Embedding secure coding instruction into the IDE: a field study in an advanced CS course. In: Proceedings of the 46th ACM Technical Symposium on Computer Science Education (SIGCSE), pp. 60–65 (2015)
Whitney, M., Lipford, H., Chu, B., Thomas, T.: Embedding secure coding instruction into the ide: complementing early and intermediate CS courses with ESIDE. J. Educ. Comput. Res. 56, 415–438 (2017)
Zhu, J., Lipford, H., Chu, B.: Interactive support for secure programming education. In: Proceedings of the 44th Technical Symposium on Computer Science Education, pp. 687–692, March 2013
Yuan, X., et al.: Teaching mobile computing and mobile security. In: Proceedings of IEEE Frontiers in Education (FIE), pp. 1–6 (2016)
Computer Science Curricula, Association for Computing (2013). https://www.acm.org/education/CS2013-final-report.pdf
Goseva-Popstojanovaa, K., Perhinschib, A.: On the capability of static code analysis to detect security vulnerabilities. www.community.wvu.edu/~kagoseva/Papers/IST-2015.pdf
Li, L., et al.: Static analysis of Android apps: a systematic literature review. Inf. Softw. Technol. 88, 67–95 (2017)
Chi, H.: Teaching secure coding practices to STEM students. In: Proceedings of the 2013 Information Security Curriculum Development Conference, Kennesaw, GA, p. 42, October 2013
The FindBugs plugin for security audits of Java web applications. http://find-sec-bugs.github.io. Accessed 2019
Dwivedi, K., et al.: DidFail: coverage and precision enhancement (2017)
DroidSafe. https://mit-pac.github.io/droidsafe-src/
What is Cuckoo? — CuckooDroid v1.0 Book. (n.d.). https://cuckoo-droid.readthedocs.io/en/latest/introduction/what/
Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pp. 259–269 (2014)
Babil, G.S., Mehani, O., Boreli, R., Kaafar, M.-A.: On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices. In: Proceedings of 2013 IEEE International Conference on Security and Cryptography (SECRYPT), Reykjavik, Iceland, pp. 1–8 (2013)
Xu, F., Su, M.: Privacy preservation based on separation sensitive attributes for cloud computing. Int. J. Inf. Secur. Priv. 13(2), 104–119 (2019)
Feng, J., Yang, L., Zhu, Q., Choo, K.: Privacy-preserving tensor decomposition over encrypted data in a federated cloud environment. IEEE Trans. Dependable Secure Comput. (2018). https://doi.org/10.1109/tdsc.2018.2881452
Feng, J., Yang, L., Zhang, R.: Practical privacy-preserving high-order bi-lanczos in integrated edge-fog-cloud architecture for cyber-physical-social systems. ACM Trans. Internet Technol. 19(2), 26 (2019)
Acknowledgment
The work is partially supported by the National Science Foundation under award: NSF proposal 1723578.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Shahriar, H. et al. (2019). Data Protection Labware for Mobile Security. In: Wang, G., Feng, J., Bhuiyan, M., Lu, R. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2019. Lecture Notes in Computer Science(), vol 11611. Springer, Cham. https://doi.org/10.1007/978-3-030-24907-6_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-24907-6_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24906-9
Online ISBN: 978-3-030-24907-6
eBook Packages: Computer ScienceComputer Science (R0)