東華大學圖書館 |

Towards Intelligent and Scalable Security Analysis of Mobile and IoT Systems.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Towards Intelligent and Scalable Security Analysis of Mobile and IoT Systems./
作者:	Wang, Xueqiang.
面頁冊數:	1 online resource (162 pages)
附註:	Source: Dissertations Abstracts International, Volume: 82-08, Section: B.
Contained By:	Dissertations Abstracts International82-08B.
標題:	Computer science. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28265289click for full text (PQDT)
ISBN:	9798569966837

Towards Intelligent and Scalable Security Analysis of Mobile and IoT Systems.
Wang, Xueqiang.

Towards Intelligent and Scalable Security Analysis of Mobile and IoT Systems. - 1 online resource (162 pages)

Source: Dissertations Abstracts International, Volume: 82-08, Section: B.

Thesis (Ph.D.)--Indiana University, 2021.

Includes bibliographical references

The growing popularity of mobile and IoT systems have introduced a set of new requirements for security analysis tools to identify risks exposed to end-users. On the one hand, the tools need to be automatic and intelligent, capable of capturing the rapidly evolving threats to the systems. On the other hand, they need to be scalable in order to serve the vast amount of devices (and applications running on top of them). Although a considerable effort has been made, there are still a few gaps that need to be filled in current security analysis approaches. This dissertation focuses on discussing intelligent and scalable approaches to evaluating security and privacy exposures of mobile and IoT systems.First, we introduce a new type of potentially harmful apps on iOS App Store: Chameleon apps that hide their potentially harmful UIs (PHI-UI), such as crowdturfing UIs, behind their innocent-looking UIs. To evaluate the scope and impact of the Chameleon apps, we came up with Chameleon-Hunter, a new static analysis approach to identifying Chameleon apps based on the observation that PHI-UI not only is structurally hidden but also has notable semantic difference compared to the benign UI. Using the approach, we conduct the first systematic study of the Chameleon apps. The study reveals that Chameleon apps could easily bypass the App Store vetting and conduct a set of harmful activities, including crowdturfing that monetizes a large number of users to serve illegal missions (e.g., ranking fraud), collecting users' private information via a phishing UI, and leading the users to a pirated app store, etc.Second, we present a platform that accelerates vulnerable device discovery and analysis, without requiring the presence of actual devices or firmware. Our approach is based on two key observa- tions: First, IoT devices tend to reuse and customize others' components (e.g., software, hardware, protocol, and services), so vulnerabilities found in one device are often present in others. Second, reused components can be indirectly inferred from the mobile companion apps of the devices; so a cross analysis of mobile companion apps may allow us to approximate the similarity between devices. Using a suite of program analysis techniques, our platform analyzes mobile companion apps of smart home IoT devices on market and automatically discovers potentially vulnerable ones, allowing us to perform a large-scale analysis involving over 4,700 devices. Our study brings to light the sharing of vulnerable components across the smart home IoT devices (e.g., shared vulnerable protocol, backend services, device rebranding), and leads to the discovery of 324 devices from 73 different vendors that are likely to be vulnerable to a set of security issues.Lastly, we report the first large-scale study on IoT data exposure, based upon a new framework, IoTProfiler, that statically analyzes a large number of IoT companion apps to infer and track the data on their IoT devices. Our approach utilizes machine learning to detect the code snippet in a companion app that handles IoT data and further recovers the semantics of the data from the snippet to evaluate whether their exposure has been properly communicated to the user. By running IoTProfiler on 6,208 companion apps, our research has led to the discovery of 3,578 apps that expose user data without proper authorization, covering IoT devices from at least 2,696 vendors. Our findings include highly sensitive information such as health status and home address, and the pervasiveness of unauthorized sharing of the data to third parties, including those in different countries, which highlight the urgent need to regulate today's IoT industry to protect user privacy.

Electronic reproduction.
Ann Arbor, Mich. :
ProQuest,
2023

Mode of access: World Wide Web

ISBN: 9798569966837Subjects--Topical Terms:

523869
Computer science.
Subjects--Index Terms:

Internet of ThingsIndex Terms--Genre/Form:

542853
Electronic books.

Towards Intelligent and Scalable Security Analysis of Mobile and IoT Systems.
LDR:05356nmm a2200505K 4500 001 2365084
005 20231213130537.5
006 m o d
007 cr mn ---uuuuu
008 241011s2021 xx obm 000 0 eng d
020 $a 9798569966837
035 $a (MiAaPQ)AAI28265289
035 $a AAI28265289
040 $a MiAaPQ $b eng $c MiAaPQ $d NTU
100 1 $a Wang, Xueqiang. $3 3705902
245 1 0 $a Towards Intelligent and Scalable Security Analysis of Mobile and IoT Systems.
264 0 $c 2021
300 $a 1 online resource (162 pages)
336 $a text $b txt $2 rdacontent
337 $a computer $b c $2 rdamedia
338 $a online resource $b cr $2 rdacarrier
500 $a Source: Dissertations Abstracts International, Volume: 82-08, Section: B.
500 $a Advisor: Wang, XiaoFeng.
502 $a Thesis (Ph.D.)--Indiana University, 2021.
504 $a Includes bibliographical references
520 $a The growing popularity of mobile and IoT systems have introduced a set of new requirements for security analysis tools to identify risks exposed to end-users. On the one hand, the tools need to be automatic and intelligent, capable of capturing the rapidly evolving threats to the systems. On the other hand, they need to be scalable in order to serve the vast amount of devices (and applications running on top of them). Although a considerable effort has been made, there are still a few gaps that need to be filled in current security analysis approaches. This dissertation focuses on discussing intelligent and scalable approaches to evaluating security and privacy exposures of mobile and IoT systems.First, we introduce a new type of potentially harmful apps on iOS App Store: Chameleon apps that hide their potentially harmful UIs (PHI-UI), such as crowdturfing UIs, behind their innocent-looking UIs. To evaluate the scope and impact of the Chameleon apps, we came up with Chameleon-Hunter, a new static analysis approach to identifying Chameleon apps based on the observation that PHI-UI not only is structurally hidden but also has notable semantic difference compared to the benign UI. Using the approach, we conduct the first systematic study of the Chameleon apps. The study reveals that Chameleon apps could easily bypass the App Store vetting and conduct a set of harmful activities, including crowdturfing that monetizes a large number of users to serve illegal missions (e.g., ranking fraud), collecting users' private information via a phishing UI, and leading the users to a pirated app store, etc.Second, we present a platform that accelerates vulnerable device discovery and analysis, without requiring the presence of actual devices or firmware. Our approach is based on two key observa- tions: First, IoT devices tend to reuse and customize others' components (e.g., software, hardware, protocol, and services), so vulnerabilities found in one device are often present in others. Second, reused components can be indirectly inferred from the mobile companion apps of the devices; so a cross analysis of mobile companion apps may allow us to approximate the similarity between devices. Using a suite of program analysis techniques, our platform analyzes mobile companion apps of smart home IoT devices on market and automatically discovers potentially vulnerable ones, allowing us to perform a large-scale analysis involving over 4,700 devices. Our study brings to light the sharing of vulnerable components across the smart home IoT devices (e.g., shared vulnerable protocol, backend services, device rebranding), and leads to the discovery of 324 devices from 73 different vendors that are likely to be vulnerable to a set of security issues.Lastly, we report the first large-scale study on IoT data exposure, based upon a new framework, IoTProfiler, that statically analyzes a large number of IoT companion apps to infer and track the data on their IoT devices. Our approach utilizes machine learning to detect the code snippet in a companion app that handles IoT data and further recovers the semantics of the data from the snippet to evaluate whether their exposure has been properly communicated to the user. By running IoTProfiler on 6,208 companion apps, our research has led to the discovery of 3,578 apps that expose user data without proper authorization, covering IoT devices from at least 2,696 vendors. Our findings include highly sensitive information such as health status and home address, and the pervasiveness of unauthorized sharing of the data to third parties, including those in different countries, which highlight the urgent need to regulate today's IoT industry to protect user privacy.
533 $a Electronic reproduction. $b Ann Arbor, Mich. : $c ProQuest, $d 2023
538 $a Mode of access: World Wide Web
650 4 $a Computer science. $3 523869
650 4 $a Computer engineering. $3 621879
650 4 $a Web studies. $3 2122754
650 4 $a Systems science. $3 3168411
650 4 $a Information technology. $3 532993
650 4 $a Public policy. $3 532803
653 $a Internet of Things
653 $a Scalability security
653 $a Mobile systems
653 $a Chameleon apps
653 $a Harmful apps
653 $a iOS App Store
653 $a Crowdturfing
653 $a Illegal missions
653 $a Collecting user private information
653 $a Phishing
655 7 $a Electronic books. $2 lcsh $3 542853
690 $a 0984
690 $a 0790
690 $a 0489
690 $a 0464
690 $a 0630
690 $a 0454
690 $a 0646
710 2 $a ProQuest Information and Learning Co. $3 783688
710 2 $a Indiana University. $b Computer Science. $3 3560719
773 0 $t Dissertations Abstracts International $g 82-08B.
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28265289 $z click for full text (PQDT)