Shifting to Mobile: Network-Based Empirical Study of Mobile Vulnerability Market
作者: Keman Huang , Jia Zhang , Wei Tan , Zhiyong Feng
关键词: Empirical research 、 Sociotechnical system 、 Mobile computing 、 Vendor 、 Cellular network 、 Computer science 、 Information sharing 、 Vulnerability 、 Computer security 、 Mobile telephony
摘要: With the increasing popularity and great economic benefit from vulnerability exploitation, it is important to study mobile in ecosystem. Beyond traditional technical solutions such as developing technologies identify potential vulnerabilities, discover widely available exploitations protect consumers attacks, constructing market, a marketplace for discovery, disclosure has been considered an effective approach. Therefore, understanding mechanism of market further optimizations attracting attentions both academia industry. Since ecosystem playing increasingly role daily life, this paper aims understand evolution data-driven approach, aiming issues research. Specially, five-layer heterogeneous network, consisting software vendors, products, public disclosed hunters, organizations their relations, established formally represent market. Based on data collected variety agencies, including NVD, OSVDB, BID vendor advisories, comprehensive empirical analysis reported, focusing growth well interactions between other PCs platforms. Finally, suggestions drawn observations, security evaluation code reused, leaking protection permission overuse identification, hunter's strategy behavior understanding, information sharing external workforce hiring, cross-platform digging are discussed enhancement.
computer.org
sci-hub.se 参考文章(51)
Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, David Wagner, Android permissions: user attention, comprehension, and behavior symposium on usable privacy and security. pp. 3- ,(2012) , 10.1145/2335356.2335360
Keith Harrison, Gregory White, An Empirical Study on the Effectiveness of Common Security Measures hawaii international conference on system sciences. pp. 1- 7 ,(2010) , 10.1109/HICSS.2010.51
Anthony Short, Feng Li, Android Smartphone Third Party Advertising Library Data Leak Analysis mobile adhoc and sensor systems. pp. 749- 754 ,(2014) , 10.1109/MASS.2014.131
R. Anderson, T. Moore, The Economics of Information Security Science. ,vol. 314, pp. 610- 613 ,(2006) , 10.1126/SCIENCE.1130992
Leyla Bilge, Tudor Dumitras, Before we knew it Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 833- 844 ,(2012) , 10.1145/2382196.2382284
Mu Zhang, Heng Yin, Efficient, context-aware privacy leakage confinement for android applications without firmware modding computer and communications security. pp. 259- 270 ,(2014) , 10.1145/2590296.2590312
Henning Perl, Sergej Dechand, Matthew Smith, Daniel Arp, Fabian Yamaguchi, Konrad Rieck, Sascha Fahl, Yasemin Acar, VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits computer and communications security. pp. 426- 437 ,(2015) , 10.1145/2810103.2813604
Jianwei Yin, Xingjian Lu, Xinkui Zhao, Hanwei Chen, Xue Liu, BURSE: A Bursty and Self-Similar Workload Generator for Cloud Computing IEEE Transactions on Parallel and Distributed Systems. ,vol. 26, pp. 668- 680 ,(2015) , 10.1109/TPDS.2014.2315204
Dorothy E. Denning, Toward more secure software Communications of The ACM. ,vol. 58, pp. 24- 26 ,(2015) , 10.1145/2736281
Neal Leavitt, Mobile Security: Finally a Serious Problem? IEEE Computer. ,vol. 44, pp. 11- 14 ,(2011) , 10.1109/MC.2011.184