Please use this identifier to cite or link to this item:
Type: Congresso
Title: Risk Assessment Of User-defined Security Configurations For Android Devices
Author: Vecchiato
Daniel; Vieira
Marco; Martins
Abstract: The wide spreading of mobile devices, such as smart-phones and tablets, and their advancing capabilities, ranging from taking photos to accessing banking accounts, make them an attractive target for attackers. This, together with the fact that users frequently store critical information in such devices and that many organizations allow employees to use their personal devices to access the enterprise information infrastructure and applications, makes security assessment a key need. This paper proposes an approach for assessing the security risk posed by user-defined configurations in Android devices. The approach is based on the analysis of the risk (impact and likelihood) of user misconfiguration to harm the device or the user. The impact and likelihood values are defined based on a Multiple-Criteria Decision Analysis (MCDA) performed on the inputs provided by a set of security experts. A case study considering the user-defined configurations of 561 Android devices is presented, showing that the majority of the users neglect important and basic security configurations and that the proposed approach can be used in practice to characterize the security risk level of such devices.
Editor: IEEE
New York
Citation: 2016 Ieee 27th International Symposium On Software Reliabilityengineering (issre). Ieee, p. 467 - 477, 2016.
Rights: fechado
Identifier DOI: 10.1109/ISSRE.2016.30
Date Issue: 2016
Appears in Collections:Unicamp - Artigos e Outros Documentos

Files in This Item:
File SizeFormat 
000391437700043.pdf931.72 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.