Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust, Privacy and Security in Digital Business

TrustBus 2011: Trust, Privacy and Security in Digital Business pp 49–61Cite as

A Secure Smartphone Applications Roll-out Scheme

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6863))

Abstract

The adoption of smartphones, devices transforming from simple communication devices to smart and multipurpose devices, is constantly increasing. Amongst the main reasons for their vast pervasiveness are their small size, their enhanced functionality, as well as their ability to host many useful and attractive applications. Furthermore, recent studies estimate that application installation in smartphones acquired from official application repositories, such as the Apple Store, will continue to increase. In this context, the official application repositories might become attractive to attackers trying to distribute malware via these repositories. The paper examines the security inefficiencies related to application distribution via application repositories. Our contribution focuses on surveying the application management procedures enforced during application distribution in the popular smartphone platforms (i.e. Android, Black-Berry, Apple iOS, Symbian, Windows Phone), as well as on proposing a scheme for an application management system suited for secure application distribution via application repositories.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Weiser, M.: The computer for the 21st century. Scientific American 265(3), 94–104 (1991)

    Article  Google Scholar 

  2. Gartner: Gartner Newsroom (accessed April 15, 2011), http://www.gartner.com/it/page.jsp?id=1543014

  3. Adleman, L.: An abstract theory of computer viruses. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 354–374. Springer, Heidelberg (1990)

    Chapter  Google Scholar 

  4. Cohen, F.: Computational aspects of computer viruses. Computers & Security 8(4), 325–344 (1989)

    Article  Google Scholar 

  5. Kephart, J., White, S.: Directed graph epidemiological models of computer viruses. In: Lunt, T., et al. (eds.) Proc. of IEEE Symposium on Research in Security and Privacy (SP), pp. 343–359. IEEE Press, USA (1991)

    Google Scholar 

  6. Hypponen, M.: Malware goes mobile. Scientific American 295(5), 70–77 (2006)

    Article  Google Scholar 

  7. McAfee Labs, 2011 Threats Predictions, Technical Report (December 2010)

    Google Scholar 

  8. Cisco: Cisco 2010 Annual Security Report (accessed April 15, 2011), http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html

  9. Forrester: Forrester Research (accessed April 15, 2011), http://www.forrester.com/rb/Research/security_of_b2b_enabling_unbounded_enterprise/q/id/56670/t/2

  10. Gartner: Gartner Newsroom (accessed April 15, 2011), http://www.gartner.com/it/page.jsp?id=1529214

  11. PAMPAS, Pioneering Advanced Mobile Privacy and Security (accessed April 15, 2011), http://www.pampas.eu.org/

  12. Hogben G., Dekker M.: Smartphone security: Information security risks, opportunities and recommendations for users, Technical report (December 2010)

    Google Scholar 

  13. GSM World, Mobile Privacy (accessed April 15, 2011), http://www.gsmworld.com/our-work/public-policy/mobile_privacy.htm

  14. Security on MSNBC, Malware infects more than 50 android apps (accessed April 15, 2011), http://www.msnbc.msn.com/id/41867328/ns/

  15. Goguen, J., Mesajue, J.: Security Policies and Security Models. In: Neumann, P. (ed.) Proc. of the 1982 IEEE Symposium on Security and Privacy (SP), pp. 11–20. IEEE Press, USA (1982)

    Google Scholar 

  16. Google, Security and Permissions (accessed April 15, 2011), http://developer.android.com/guide/topics/security/Security.html

  17. Google, Android Developers (accessed April 15, 2011), http://android-developers.blogspot.com/2010/06/exercising-our-remote-application.html

  18. RIM, Security overview (accessed April 15, 2011), http://docs.blackberry.com/en/developers/deliverables/21091/Security_overview_1304155_11.jsp

  19. RIM, Code Signing Keys (accessed April 15, 2011), http://us.blackberry.com/developers/javaappdev/codekeys.jsp

  20. Nokia, Symbian Platform Security Model (accessed April 15, 2011), http://wiki.forum.nokia.com/index.php/Symbian_Platform_Security_Model

  21. Nokia, Symbian Signed Test Criteria V4 Wiki version (accessed April 15, 2011), http://wiki.forum.nokia.com/index.php/Symbian_Signed_Test_Criteria_V4_Wiki_version

  22. Nokia, Developer_certificate (accessed April 15, 2011), http://wiki.forum.nokia.com/index.php/Developer_certificate

  23. Nokia, OVI Publisher Guide, Technical Report (December 2010)

    Google Scholar 

  24. Apple, iOS Dev Center (accessed April 15, 2011), http://developer.apple.com/devcenter/ios/index.action

  25. Seriot, N.: iPhone Privacy. Black Hat Technical Security Conference, Technical report (February 2010)

    Google Scholar 

  26. Microsoft, Windows ® Phone 7 security model, Technical report (December 2010)

    Google Scholar 

  27. Microsoft, App Hub (accessed April 15, 2011), http://create.msdn.com/en-US/home/about/developer_registration_walkthrough_confirmation

  28. Microsoft, Windows Phone 7 Application Certification Requirements, Technical report, ver. 1.4 (October 2010)

    Google Scholar 

  29. Fluxcard, Fluxcard Fake ID (accessed April 15, 2011), http://www.fluxcard.com/

  30. GeoTrust, GeoTrust Repository (accessed April 15, 2011), http://www.geotrust.com/resources/repository/legal/

  31. GeoTrust, GeoTrust Technical Support (accessed April 15, 2011), https://knowledge.geotrust.com/support/knowledge-base/index?page=chatConsole

  32. European Parliament and of the Council of the European Union. Community Framework for Electronic Signatures, Directive 1999/93/EC (December 1999)

    Google Scholar 

  33. Legislation.gov.uk, Computer Misuse Act 1990 (accessed April 15, 2011), http://www.legislation.gov.uk/ukpga/1990/18/contents

  34. NIST, Secure Hash Standard (SHS), Technical Report FIPS PUB 180-3 (October 2008)

    Google Scholar 

  35. Dang, Q.: Recommendation for Applications Using Approved Hash Algorithms. NIST Special Publication 800-107 (February 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security and Critical Infrastructure Protection Research Laboratory Dept. of Informatics, Athens University of Economics & Business (AUEB), 76 Patission Ave., GR-10434, Athens, Greece

    Alexios Mylonas, Bill Tsoumas, Stelios Dritsas & Dimitris Gritzalis

Authors
  1. Alexios Mylonas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bill Tsoumas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stelios Dritsas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dimitris Gritzalis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing, Communications and Electronics, University of Plymouth, PL4 8AA, Plymouth, UK

    Steven Furnell

  2. Department of Digital Systems, University of Piraeus, 18532, Piraeus, Greece

    Costas Lambrinoudakis

  3. Department of Management Information Systems, University of Regensburg, Universitätsstraße 31, 93053, Regensburg, Germany

    Günther Pernul

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mylonas, A., Tsoumas, B., Dritsas, S., Gritzalis, D. (2011). A Secure Smartphone Applications Roll-out Scheme. In: Furnell, S., Lambrinoudakis, C., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2011. Lecture Notes in Computer Science, vol 6863. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22890-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22890-2_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22889-6

  • Online ISBN: 978-3-642-22890-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation