Advertisement

Data Protection Labware for Mobile Security

  • Hossain ShahriarEmail author
  • Md Arabin Talukder
  • Hongmei Chi
  • Mohammad Rahman
  • Sheikh Ahamed
  • Atef Shalan
  • Khaled Tarmissi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11611)

Abstract

The majority of malicious mobile attacks take advantage of vulnerabilities in mobile applications, such as sensitive data leakage via inadvertent or side channel, unsecured sensitive data storage, data transmission, and many others. Most of these mobile vulnerabilities can be detected in the mobile software testing phase. However, most development teams often have virtually no time to address them due to critical project deadlines. To combat this, the more defect removal filters there are in the software development life cycle, the fewer defects that can lead to vulnerabilities will remain in the software product when it is released. In this paper, we provide details of a data protection module and how it can be enforced in mobile applications. We also share our initial experience and feedback on the module.

Keywords

Mobile software security Android Data protection Labware SSL 

Notes

Acknowledgment

The work is partially supported by the National Science Foundation under award: NSF proposal 1723578.

References

  1. 1.
    Secure Mobile Software Development. https://sites.google.com/site/smsdproject/home
  2. 2.
    Xie, J., Lipford, H.R., Chu, B.: Why do programmers make security errors? In: Proceedings of IEEE Symposium on Visual Languages and Human Centric Computing, pp. 161–164 (2011)Google Scholar
  3. 3.
    Introduction to Database Security Issues Types of Security Database. http://www.academia.edu/6866589/Introduction_to_Database_Security_Issues_Types_of_Security_Database
  4. 4.
    Davis, N.: Secure software development life cycle processes. Software Engineering Institute (2013)Google Scholar
  5. 5.
    Feng, J., Yang, L.T., Liu, X., Zhan, R.: Privacy-preserving tensor analysis and processing models for wireless Internet of Things. IEEE Wirel. Commun. 25(6), 98–103 (2018)CrossRefGoogle Scholar
  6. 6.
    Whitney, M., Lipford, H., Chu, B., Zhu, J.: Embedding secure coding instruction into the IDE: a field study in an advanced CS course. In: Proceedings of the 46th ACM Technical Symposium on Computer Science Education (SIGCSE), pp. 60–65 (2015)Google Scholar
  7. 7.
    Whitney, M., Lipford, H., Chu, B., Thomas, T.: Embedding secure coding instruction into the ide: complementing early and intermediate CS courses with ESIDE. J. Educ. Comput. Res. 56, 415–438 (2017)CrossRefGoogle Scholar
  8. 8.
    Zhu, J., Lipford, H., Chu, B.: Interactive support for secure programming education. In: Proceedings of the 44th Technical Symposium on Computer Science Education, pp. 687–692, March 2013Google Scholar
  9. 9.
    Yuan, X., et al.: Teaching mobile computing and mobile security. In: Proceedings of IEEE Frontiers in Education (FIE), pp. 1–6 (2016)Google Scholar
  10. 10.
    Computer Science Curricula, Association for Computing (2013). https://www.acm.org/education/CS2013-final-report.pdf
  11. 11.
    Goseva-Popstojanovaa, K., Perhinschib, A.: On the capability of static code analysis to detect security vulnerabilities. www.community.wvu.edu/~kagoseva/Papers/IST-2015.pdf
  12. 12.
    Li, L., et al.: Static analysis of Android apps: a systematic literature review. Inf. Softw. Technol. 88, 67–95 (2017)CrossRefGoogle Scholar
  13. 13.
    Chi, H.: Teaching secure coding practices to STEM students. In: Proceedings of the 2013 Information Security Curriculum Development Conference, Kennesaw, GA, p. 42, October 2013Google Scholar
  14. 14.
    The FindBugs plugin for security audits of Java web applications. http://find-sec-bugs.github.io. Accessed 2019
  15. 15.
    Dwivedi, K., et al.: DidFail: coverage and precision enhancement (2017)Google Scholar
  16. 16.
  17. 17.
    What is Cuckoo? — CuckooDroid v1.0 Book. (n.d.). https://cuckoo-droid.readthedocs.io/en/latest/introduction/what/
  18. 18.
    Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pp. 259–269 (2014)Google Scholar
  19. 19.
    Babil, G.S., Mehani, O., Boreli, R., Kaafar, M.-A.: On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices. In: Proceedings of 2013 IEEE International Conference on Security and Cryptography (SECRYPT), Reykjavik, Iceland, pp. 1–8 (2013)Google Scholar
  20. 20.
    Xu, F., Su, M.: Privacy preservation based on separation sensitive attributes for cloud computing. Int. J. Inf. Secur. Priv. 13(2), 104–119 (2019)CrossRefGoogle Scholar
  21. 21.
    Feng, J., Yang, L., Zhu, Q., Choo, K.: Privacy-preserving tensor decomposition over encrypted data in a federated cloud environment. IEEE Trans. Dependable Secure Comput. (2018).  https://doi.org/10.1109/tdsc.2018.2881452
  22. 22.
    Feng, J., Yang, L., Zhang, R.: Practical privacy-preserving high-order bi-lanczos in integrated edge-fog-cloud architecture for cyber-physical-social systems. ACM Trans. Internet Technol. 19(2), 26 (2019)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Hossain Shahriar
    • 1
    Email author
  • Md Arabin Talukder
    • 1
  • Hongmei Chi
    • 2
  • Mohammad Rahman
    • 3
  • Sheikh Ahamed
    • 4
  • Atef Shalan
    • 5
  • Khaled Tarmissi
    • 6
  1. 1.Kennesaw State UniversityKennesawUSA
  2. 2.Florida A&M UniversityTallahasseUSA
  3. 3.Florida International UniversityMiamiUSA
  4. 4.Marquette UniversityMilwaukeeUSA
  5. 5.Alderson Broaddus UniversityPhilippeUSA
  6. 6.Umm Al Qura UniversityMeccaKingdom of Saudi Arabia

Personalised recommendations