NDLI: Plugin in the Middle - Minimising Security Risks in Mobile Middleware Implementations

Please wait, while we are loading the content...

Isn't the Time Ripe for a Standard Ontology on Security of Information and Networks?

Trustworthiness of Identity Attributes

Design and Analysis of a New Hash Function Gear

Identification and Detection of Phishing Emails Using Natural Language Processing Techniques

An ID and Address Protection Unit for NoC based Communication Architectures

A Novel Authentication Scheme for Online Transactions

Mathematical Modelling of Identity, Identity Management and Other Related Topics

Differential Fault Analysis for Block Ciphers: an Automated Conservative Analysis

On the Possibility of Insider Threat Detection Using Physiological Signal Monitoring

GLoP: Enabling Massively Parallel Incident Response Through GPU Log Processing

CBR Clone Based Software Flaw Detection Issues

Towards Practical Methods to Protect the Privacy of Location Information with Mobile Devices

Improbable Differential Attacks on Serpent using Undisturbed Bits

Continuous Authentication using Fuzzy Logic

A Highly-Efficient Memory-Compression Scheme for GPU-Accelerated Intrusion Detection Systems

Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids (Poster)

A Small Data Approach to Identification of Individuals on the Transport Layer using Statistical Behaviour Templates

HISEC: A New Lightweight Block Cipher Algorithm

An Empirical Study of Smartphone Based Iris Recognition in Visible Spectrum

Physical Dangers in the Cyber Security and Precautions to be Taken

Traversing symmetric NAT with predictable port allocation

Deploying Suitable Countermeasures to Solve the Security Problems within an E-learning Environment

Known Plaintexts Attack on Polynomial based Homomorphic Encryption

Detecting Malicious Users in Twitter using Classifiers

Employing Neural Networks for the Detection of SQL Injection Attack

An Approach of Privacy Preserving based Publishing in Twitter

Group Key Exchange Protocol Based on Diffie-Hellman Technique in Ad-Hoc Network

The Uncertainty of Identity Toolset: Analysing Digital Traces for User Profiling

Framework for distributed virtual honeynets

An effectiveness of application of <> competitions concept within higher education (Student contribution)

Human Visualisation of Cryptographic Code Using Progressive Multi-Scale Resolution

Implementation of Safety Techniques in a Cyber Domain

HosTaGe: a Mobile Honeypot for Collaborative Defense

Autonomic management for convergent networks to support robustness of appliance technologies

Memory access time as entropy source for RNG

Exploring the Guessability of Image Passwords

Challenges in developing Capture-HPC exclusion lists

Information Security Theory Development

Mathematical model of the polyalphabetic information security system based on the normal generalized knapsack

Educated Guessing Attacks on Culturally Familiar Graphical Passwords Using Personal Information on Social Networks

Instrumental System for Analysis of Information Systems Using Smart Cards Protection

A New Perspective to Information Security: Total Quality Information Security Management

Symmetric Fully Homomorphic Encryption Using Decidable Matrix Equations

Users' Perceptions of Recognition-Based Graphical Passwords: A Qualitative Study on Culturally Familiar Graphical Passwords

Reverse Engineering of ARM Binaries Using Formal Transformations

Towards an Innovative Systemic Approach of Risk Management

Bandwidth-Optimized Parallel Private Information Retrieval

Implementation Aspects of MeterGoat, a Smart Meter Security Training Platform

Automated Session Fixation Vulnerability Detection in Web Applications using the Set-Cookie HTTP response header in cookies

Managing Mobile Device Security in Critical Infrastructure Sectors

Cryptanalysis of Polynomial based Homomorphic Encryption

Analyzing the Effectiveness of DoS Attacks on Tor

A Protocol For Storage Limitations and Upgrades in Decentralised Networks

An Order Preserving Encryption Scheme for Cloud Computing

Content Provider Leakage Vulnerability Detection in Android Applications

Analysing Security requirements in Cloud-based Service Level Agreements

Non-cryptographic Detection Approach and Countermeasure for JFDV Attack

Compliance with standards, assurance and audit: does this equal security?

Towards the Detection of Undetectable Metamorphic Malware

Sector-Specific Tool for Information Security Risk Management in the Context of Telecommunications Regulation (Tool demo)

Exploring Worm Behaviors using DTW

Big Data Information Security Maintenance

Implementation of an Adaptive Traffic-aware Firewall

Location Identity Based Content Security Scheme for Content Centric Networking

MapReduce: MR Model Abstraction for Future Security Study

A Privacy-Preserving E-Ticketing System for Public Transportation Supporting Fine-Granular Billing and Local Validation

Intrusion Detection System for Cloud Environment

Towards a HL7 based Metamodeling Integration Approach for Embracing the Privacy of Healthcare Patient Records Administration

Virtual Machine Introspection

Privacy Implications of Wearable Health Devices

Current Trends and the Future of Metamorphic Malware Detection

Negotiation Based Framework for Attribute-Based Access Control Policy Evaluation

Integrated Framework for Classification of Malwares

Dynamic Analysis of Web Objects

Classification of PE Files using Static Analysis

Plugin in the Middle - Minimising Security Risks in Mobile Middleware Implementations

Analysis of Identity Forging Attack in MANETs

Development of a Threat Model for Vehicular Ad-hoc Network based Accident Warning Systems

The Botnet Revenue Model

Efficient Protection of Response Messages in DTLS-Based Secure Multicast Communication

In-Cloud Malware Analysis and Detection: State of the Art

Applying Large-scale Adaptive Graphs to Modeling Internet of Things Security

Plugin in the Middle - Minimising Security Risks in Mobile Middleware Implementations

Content Provider	ACM Digital Library
Author	Merzdovnik, Georg Weippl, Edgar Huber, Markus Aufner, Peter
Abstract	Mobile computing platforms, like smartphones and tablet computers, are becoming a commodity nowadays. The diversity and fast changing nature of these systems often makes it hard for developers to adapt their applications to the user's context. To simplify development a number of approaches have been suggested, which offer a context-middleware solution such that common functionality can be pooled into plugins and provided to applications. These extensions are then automatically installed if needed, thus enabling easier and faster development of complex applications. Furthermore, if the device changes, it often suffices to exchange the plugins for the applications to function correctly. However, mobile platforms like Android never expected integration in the sense that one application would dynamically host pieces of code from different vendors and allow access to other applications, since doing so basically circumvents many built-in security measures of the operating system. In this paper we analyze Ambient Dynamix, an advanced context-middleware solution, in detail. Hereby, we propose and evaluate security mechanisms to increase the security of Ambient Dynamix. We outline a system to verify the permissions an application requests against the actual Ambient Dynamix plugins it uses. In the following, we evaluate the use of static code analysis to ensure requested and used permissions by a novel method for lightweight on-device analysis. Finally, we propose a secure infrastructure to host, download and install third-party plugins. Our proposed security extensions significantly improve the user's security regarding third-party applications and considerably advance the area of secure mobile middleware.
Starting Page	434
Ending Page	440
Page Count	7
File Format	PDF
ISBN	9781450330336
DOI	10.1145/2659651.2659689
Language	English
Publisher	Association for Computing Machinery (ACM)
Publisher Date	2014-09-09
Publisher Place	New York
Access Restriction	Subscribed
Subject Keyword	Plugin security Mobile middleware Android
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in