liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Application Whitelisting: Smartphones in High Security Environments
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
2013 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Today, smartphones are in widespread use by consumers, commercial companies and government authorities. Unfortunately, there are many examples of applications carrying out malicious activities, such as stealing information or subscribing to premium-rate services. In this thesis work, a novel application whitelisting process (AWP) is proposed. It defines processes for application security audits and whitelisting i.e. methods on how to classify, evaluate and test a given application to make sure that it with a level of assurance does not have malicious intentions. In a risk analysis of users in high security environments, the results showed that confidentiality and availability is the top most important security aspects to protect in this environment. The applications in the whitelisting process should therefore be tested for known malware and adware as well as permissions that can be used to send private information to remote servers. Additionally, testing should also be carried out for information leakage through intents and content resolvers. Because whitelisting is locking down the freedom and usability that comes with a smartphone, three different leveled whitelists are proposed to satisfy users and organizations with different security needs. A prototype was developed to prove the overall usability of the design. The result of scanning 200 applications from Google Play showed that 12% of all applications can be placed in the highest leveled whitelist. The results also suggest that 17.5 % of all applications on Google Play are malware or potentially unwanted applications. The results points to that using this novel whitelisting process, about 30% of all applications can be automated into whitelists and will not need manual analysis.

Place, publisher, year, edition, pages
2013. , 62 p.
Keyword [en]
Application whitelisting process, Android, malware, obfuscation
National Category
Computer Science
Identifiers
URN: urn:nbn:se:liu:diva-96005ISRN: LIU-IDA/LITH-EX-A--13/018—SEOAI: oai:DiVA.org:liu-96005DiVA: diva2:640193
External cooperation
Sectra Communications AB
Subject / course
Information Technology
Supervisors
Examiners
Available from: 2013-08-16 Created: 2013-08-12 Last updated: 2013-08-19Bibliographically approved

Open Access in DiVA

Application Whitelisting(1785 kB)678 downloads
File information
File name FULLTEXT01.pdfFile size 1785 kBChecksum SHA-512
51b6b80fb441a49f96ec85752d49d7b4dabc461d00523dce9444868920dfdcb8ac5c5948d09e36f449df80220d9c789b5293a61ba025ca1eb49ce07a98cda1f4
Type fulltextMimetype application/pdf

By organisation
Database and information techniquesThe Institute of Technology
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 678 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 688 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf