A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps

D'Orazio, Christian Javier; Lu, Rongxing; Choo, Kim‐Kwang Raymond; Vasilakos, Athanasios V.

doi:10.1016/j.amc.2016.08.051

Cited by 23 publications

(6 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…is research addresses major economic, production, corporate, and commercial requirement issues. e success of IoT also relies on the lucrative contract that every IoT approach has for regulatory affairs [103]. IoT security issues must provide solutions for user's protection from attackers as well as all unauthorized people.…”

Section: Discussionmentioning

confidence: 99%

Home Automation and RFID-Based Internet of Things Security: Challenges and Issues

Fatima

Khan

Akbar

2021

Security and Communication Networks

View full text Add to dashboard Cite

Internet of Things (IoT) protection refers to the software field related to securing the Internet of Things and associated linked devices and systems. The IoT is a system of interconnected computers, sensors, actuators, or people on the World Wide Web (WWW). All these different devices have a unique identity in the IoT and must convey data across the network automatically. If computers are not adequately secured, allowing them to connect to the Internet exposes them to a range of serious vulnerabilities. Because the consequences of IoT failures are severe, it is necessary to observe and analyze security issues related to IoT. The prime goal of IoT security is to protect personal safety, while also guaranteeing and ensuring accessibility. In the context of IoT technology, the present study conducts a systematic literature review that analyzes the security problems associated with commercial and educational applications of home automation and details the technical possibilities of IoT with respect to the network layer. In this systematic review, we discuss how current contexts result in the inability of designers of IoT devices to enhance their cyber-security initiatives. Typically, application developers are responsible for training themselves to understand recent security advancements. As a result, active participation on the ridge scale with passive improvement can be achieved. A comparative analysis of the literature was conducted. The main objective of this research is to provide an overview of current IoT security research in home automation, particularly those using authentication methods in different devices, and related technologies in radio frequency identification (RFID) on network layers. IoT security issues are addressed, and various security problems in each layer are analyzed. We describe cross-layer heterogeneous integration as a domain of IoT and demonstrate how it can provide some promising solutions.

show abstract

Section: Discussionmentioning

confidence: 99%

Home Automation and RFID-Based Internet of Things Security: Challenges and Issues

Fatima

Khan

Akbar

2021

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Apple strongly focuses on having done additional design work to improve its safety. The iOS security model consists of the following architectural design [23][24][25][26][27] System Architecture apple iOS is one of the best operating systems in terms of the boot loading process. Each step in the booting ensures the system is trusted cryptographically and signed by Apple itself.…”

Section: Ios Security Modelmentioning

confidence: 99%

AI-Enabled Cybernetic Analytics of Security Models for Smart Serious Games-Based Mobile Operating Systems

Ali¹,

Jamil²,

Whangbo³

et al. 2022

Artificial Intelligence Trends &Amp; Technologies

View full text Add to dashboard Cite

Smart serious games are games which are primarily designed for a serious job such as education and training rather than entertainment. Mobile Phones are an essential enabler of smart serious games. Over the past few years, there has been an exponential growth in the security of the cyber-physical system of multiple operating systems. Security challenges have emerged from access scenarios in conventional operating systems. However, in Mobile Operating Systems, there is a lack of systematic study about mobile security measurement. Artificial Intelligence (AI) is one of the critical features which exists inside mobile operating systems. AI enhances the working of Mobile OS functionality by providing thinking on user behavior and extending the functionality. We explore some key security models for different mobile Operating System providers. In particular, the comparison of security policies implemented by multiple mobile operating system vendors. It's challenging to deal with and study the related data models and measurements for mobile operating system platforms. This paper collects, analyzes, and provides effective decisions about the existing research on multiple mobile operating systems. We consider the built-in security, Authentication, Data Protection, Device protection, Application Security, Device Wipe, Mobile Device Management, Cooperate Managed e-mail, Active Sync Support, Device Firewall, Security Certifications, and Virtualizations. AI supports all these features to help OS to extend its functionality for effective game management. We have focused on these components that clearly understand the Mobile operating system structure and support services. General, as well as specific features, are explored about the different platforms of the operating systems. The systematic research study is applied to these platforms to capture the response, and based on these responses, and we developed results based on the feedback and research responses. This comparison aims to make the right choice for mobile users to device the best mobile with a high-security Operating System installed for mobiles partaking serious games in cyber-physical environment.

show abstract

“…In our work, we rely on TEEs to reduce the likelihood of software vulnerabilities that can be exploited by an adversary, as well as to reduce their impact through partitioning. For instance, the authors explain attacks to obtain users' data and recognise that these attacks would not have been possible if the data were encrypted. Our partitioning approach using TEEs provides an efficient solution to this challenge.…”

Section: Related Workmentioning

confidence: 99%

A framework for application partitioning using trusted execution environments

Atamli-Reineh

Paverd

Petracca

et al. 2017

Concurrency and Computation

View full text Add to dashboard Cite

Summary The size and complexity of modern applications are the underlying causes of numerous security vulnerabilities. In order to mitigate the risks arising from such vulnerabilities, various techniques have been proposed to isolate the execution of sensitive code from the rest of the application and from other software on the platform (such as the operating system). New technologies, notably Intel's Software Guard Extensions (SGX), are becoming available to enhance the security of partitioned applications. SGX provides a trusted execution environment (TEE), called an enclave, that protects the integrity of the code and the confidentiality of the data inside it from other software, including the operating system (OS). However, even with these partitioning techniques, it is not immediately clear exactly how they can and should be used to partition applications. How should a particular application be partitioned? How many TEEs should be used? What granularity of partitioning should be applied? To some extent, this is dependent on the capabilities and performance of the partitioning technology in use. However, as partitioning becomes increasingly common, there is a need for systematisation in the design of partitioning schemes. To address this need, we present a novel framework consisting of four overarching types of partitioning schemes through which applications can make use of TEEs. These schemes range from coarse‐grained partitioning, in which the whole application is included in a single TEE, through to ultra‐fine partitioning, in which each piece of security‐sensitive code and data is protected in an individual TEE. Although partitioning schemes themselves are application specific, we establish application‐independent relationships between the types we have defined. Because these relationships have an impact on both the security and performance of the partitioning scheme, we envisage that our framework can be used by software architects to guide the design of application partitioning schemes. To demonstrate the applicability of our framework, we have carried out case studies on two widely used software packages, the Apache Web server and the OpenSSL library. In each case study, we provide four high‐level partitioning schemes—one for each of the types in our framework. We also systematically review the related work on hardware‐enforced partitioning by categorising previous research efforts according to our framework. Copyright © 2017 John Wiley & Sons, Ltd.

show abstract

A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps

Cited by 23 publications

References 16 publications

Home Automation and RFID-Based Internet of Things Security: Challenges and Issues

Home Automation and RFID-Based Internet of Things Security: Challenges and Issues

AI-Enabled Cybernetic Analytics of Security Models for Smart Serious Games-Based Mobile Operating Systems

A framework for application partitioning using trusted execution environments

Contact Info

Product

Resources

About