Leierzopf, Ernst ; Mayrhofer, René ; Roland, Michael ; Studier, Wolfgang ; Dean, Lawrence ; Seiffert, Martin ; Putz, Florentin ; Becker, Lucas ; Thomas, Daniel (2024)
A Data-Driven Evaluation of the Current Security State of Android Devices.
2024 IEEE Conference on Communications and Network Security (CNS). Taipei, Taiwan (30.09.2024 - 03.10.2024)
doi: 10.1109/CNS62487.2024.10735682
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Android’s fast-paced development cycles and the large number of devices from different manufacturers do not allow for an easy comparison between different devices’ security and privacy postures. Manufacturers each adapt and update their respective firmware images. Furthermore, images published on OEM websites do not necessarily match those installed in the field. Relevant software aspects do not remain static after initial device release, but need to be measured on real devices that receive these updates. There are various potential sources for collecting such attributes, including webscraping, crowdsourcing, and dedicated device farms. However, raw data alone is not helpful in making meaningful decisions on device security and privacy. We make a website available to access collected data. Our implementation focuses on reproducible requests and supports filtering by OEMs, devices, device models, and attributes. To improve usability, we further propose a security score grounded on the list of attributes. Based on input from Android experts, including a focus group and eight individuals, we have created a method that derives attribute weights from the importance of attributes for mitigating threats on the Android platform. We derive weights for general use cases and suggest possible examples for more specialized weights for groups of confidentiality/privacy-sensitive users and integrity-sensitive users. Since there is no one-size-fits-all setting for Android devices, our website provides the possibility to adapt all parameters of the calculated security score to individual needs.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2024 |
| Autor(en): | Leierzopf, Ernst ; Mayrhofer, René ; Roland, Michael ; Studier, Wolfgang ; Dean, Lawrence ; Seiffert, Martin ; Putz, Florentin ; Becker, Lucas ; Thomas, Daniel |
| Art des Eintrags: | Bibliographie |
| Titel: | A Data-Driven Evaluation of the Current Security State of Android Devices |
| Sprache: | Englisch |
| Publikationsjahr: | 31 Oktober 2024 |
| Verlag: | IEEE |
| Buchtitel: | 2024 IEEE Conference on Communications and Network Security |
| Veranstaltungstitel: | 2024 IEEE Conference on Communications and Network Security (CNS) |
| Veranstaltungsort: | Taipei, Taiwan |
| Veranstaltungsdatum: | 30.09.2024 - 03.10.2024 |
| DOI: | 10.1109/CNS62487.2024.10735682 |
| Kurzbeschreibung (Abstract): | Android’s fast-paced development cycles and the large number of devices from different manufacturers do not allow for an easy comparison between different devices’ security and privacy postures. Manufacturers each adapt and update their respective firmware images. Furthermore, images published on OEM websites do not necessarily match those installed in the field. Relevant software aspects do not remain static after initial device release, but need to be measured on real devices that receive these updates. There are various potential sources for collecting such attributes, including webscraping, crowdsourcing, and dedicated device farms. However, raw data alone is not helpful in making meaningful decisions on device security and privacy. We make a website available to access collected data. Our implementation focuses on reproducible requests and supports filtering by OEMs, devices, device models, and attributes. To improve usability, we further propose a security score grounded on the list of attributes. Based on input from Android experts, including a focus group and eight individuals, we have created a method that derives attribute weights from the importance of attributes for mitigating threats on the Android platform. We derive weights for general use cases and suggest possible examples for more specialized weights for groups of confidentiality/privacy-sensitive users and integrity-sensitive users. Since there is no one-size-fits-all setting for Android devices, our website provides the possibility to adapt all parameters of the calculated security score to individual needs. |
| Freie Schlagworte: | emergenCITY_KOM, emergenCITY |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Sichere Mobile Netze LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > emergenCITY |
| Hinterlegungsdatum: | 06 Nov 2024 12:41 |
| Letzte Änderung: | 06 Nov 2024 12:41 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum