nach oben

Erschienen in:

2022 | OriginalPaper | Buchkapitel

Classification and Analysis of Vulnerabilities in Mobile Device Infrastructure Interfaces

verfasst von : Konstantin Izrailov, Dmitry Levshun, Igor Kotenko, Andrey Chechulin

Erschienen in: Mobile Internet Security

Verlag: Springer Nature Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

A consequence of the widespread use of mobile devices is the emergence of a threat to information security. One of the reasons for this lies in the vulnerabilities of device interaction interfaces. This area is quite new, so it is not well investigated. The aim of this investigation is to classify and analyze vulnerabilities of infrastructure interfaces. As a part of the results the general classification model is proposed in an analytical form. This model allows one to map vulnerabilities to the interface classes. Interfaces are separated based on infrastructure components they provide interaction between. Additionally, the interactions themselves are separated into subclasses. The categorical division apparatus is used for classification with 64 classes. The relationship between the infrastructure of mobile devices and the vulnerabilities of its interfaces is analysed. An experiment was carried out for a typical scenario of finding the owner of devices in the infrastructure of mobile devices. The experiment showed the efficiency of the proposed model and made it possible to make a number of predictions regarding potential vulnerabilities in the future.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Forensic Analysis of Apple CarPlay: A Case Study

Nächstes Kapitel Which One is More Robust to Low-Rate DDoS Attacks? The Multipath TCP or The SCTP

Abhishta, A., van Heeswijk, W., Junger, M., Nieuwenhuis, L.J., Joosten, R.: Why would we get attacked? an analysis of attacker’s aims behind DDos attacks. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 11(2), 3–22 (2020)

Almaiah, M.A., Al-Zahrani, A., Almomani, O., Alhwaitat, A.K.: Classification of cyber security threats on mobile devices and applications. In: Maleh, Y., Baddi, Y., Alazab, M., Tawalbeh, L., Romdhani, I. (eds.) Artificial Intelligence and Blockchain for Future Cybersecurity Applications. SBD, vol. 90, pp. 107–123. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-74575-2_6CrossRef

Bryukhovetskiy, A., Miryanova, V., Moiseev, D.: Research of the model for detecting UMV interfaces vulnerabilities based on information criterion. In: CEUR Workshop Proceedings, pp. 162–168 (2021)

Buinevich, M., Izrailov, K., Kotenko, I., Kurta, P.: Method and algorithms of visual audit of program interaction. J. Internet Serv. Inf. Secur. 11(1), 16–43 (2021)

Chen, H., Zhang, D., Chen, J., Lin, W., Shi, D., Zhao, Z.: An automatic vulnerability classification system for IoT softwares. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1525–1529. IEEE (2020)

Choi, I., Rhiu, I., Lee, Y., Yun, M.H., Nam, C.S.: A systematic review of hybrid brain-computer interfaces: taxonomy and usability perspectives. PLoS ONE 12(4), e0176674 (2017)CrossRef

Desnitsky, V., Kotenko, I., Chechulin, A.: Configuration-based approach to embedded device security. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 270–285. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33704-8_23CrossRef

Dey, D., et al.: Taming the eHMI jungle: a classification taxonomy to guide, compare, and assess the design principles of automated vehicles’ external human-machine interfaces. Transp. Res. Interdisc. Perspect. 7, 100174 (2020)

Du, X., Yin, L., Wu, P., Jia, L., Dong, W.: Vulnerability analysis through interface-based checker design. In: 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 46–52. IEEE (2020)

10.

Huang, G., Li, Y., Wang, Q., Ren, J., Cheng, Y., Zhao, X.: Automatic classification method for software vulnerability based on deep neural network. IEEE Access 7, 28291–28298 (2019)CrossRef

11.

Izrailov, K., Chechulin, A., Vitkova, L.: Threats classification method for the transport infrastructure of a smart city. In: 2020 IEEE 14th International Conference on Application of Information and Communication Technologies (AICT), pp. 1–6. IEEE (2020)

12.

Kim, H.: 5G core network security issues and attack classification from network protocol perspective. J. Internet Serv. Inf. Secur. 10(2), 1–15 (2020)

13.

Kitana, A., Traore, I., Woungang, I.: Towards an epidemic SMS-based cellular botnet. J. Internet Serv. Inf. Secur. 10(4), 38–58 (2020)

14.

Last, D.: Using historical software vulnerability data to forecast future vulnerabilities. In: 2015 Resilience Week (RWS), pp. 1–7. IEEE (2015)

15.

Levshun, D., Gaifulina, D., Chechulin, A., Kotenko, I.: Problematic issues of information security of cyber-physical systems. Inform. Autom. 19(5), 1050–1088 (2020)

16.

McGrew, R.W.: Vulnerability analysis case studies of control systems human machine interfaces. Ph.D. thesis, Mississippi State University (2013)

17.

Moiseev, D., Bryukhovetskiy, A.: Method for detecting vulnerabilities of unmanned vehicle interfaces based on continuous values discretization, pp. 43–47 (2021)

18.

Mulliner, C., Robertson, W., Kirda, E.: Hidden gems: automated discovery of access control vulnerabilities in graphical user interfaces. In: 2014 IEEE Symposium on Security and Privacy, pp. 149–162. IEEE (2014)

19.

Nowaczewski, S., Mazurczyk, W.: Securing future internet and 5G using customer edge switching using DNSCrypt and DNSSEC. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 11(3), 87–106 (2020)

20.

Papp, D., Ma, Z., Buttyan, L.: Embedded systems security: threats, vulnerabilities, and attack taxonomy. In: 2015 13th Annual Conference on Privacy, Security and Trust (PST), pp. 145–152. IEEE (2015)

21.

Qasem, A., Shirani, P., Debbabi, M., Wang, L., Lebel, B., Agba, B.L.: Automatic vulnerability detection in embedded devices and firmware: survey and layered taxonomies. ACM Comput. Surv. (CSUR) 54(2), 1–42 (2021)CrossRef

22.

Sabetta, A., Bezzi, M.: A practical approach to the automatic classification of security-relevant commits. In: 2018 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 579–582. IEEE (2018)

23.

Siewruk, G., Mazurczyk, W.: Context-aware software vulnerability classification using machine learning. IEEE Access 9, 88852–88867 (2021)CrossRef

24.

Skatkov, A., Bryukhovetskiy, A., Moiseev, D.: Adaptive fuzzy model for detecting of vulnerabilities of unmanned vehicles interfaces based on evaluation of the information state of resources. In: IOP Conference Series: Materials Science and Engineering, vol. 862, p. 052029. IOP Publishing (2020)

25.

Spreitzer, R., Moonsamy, V., Korak, T., Mangard, S.: Systematic classification of side-channel attacks: a case study for mobile devices. IEEE Commun. Surv. Tutor. 20(1), 465–488 (2017)CrossRef

26.

Wong, S.K., Yiu, S.M.: Identification of device motion status via Bluetooth discovery. J. Internet Serv. Inf. Secur. 10(4), 59–69 (2020)

27.

Wong, S.K., Yiu, S.M.: Location spoofing attack detection with pre-installed sensors in mobile devices. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 11(4), 16–30 (2020)

28.

Zhernova, K., Chechulin, A.: Overview of vulnerabilities of decision support interfaces based on virtual and augmented reality technologies. In: Kovalev, S., Tarassov, V., Snasel, V., Sukhanov, A. (eds.) IITI 2021. LNNS, vol. 330, pp. 400–409. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-87178-9_40CrossRef

Titel: Classification and Analysis of Vulnerabilities in Mobile Device Infrastructure Interfaces
verfasst von: Konstantin Izrailov
Dmitry Levshun
Igor Kotenko
Andrey Chechulin
Verlag: Springer Nature Singapore
Buch: Mobile Internet Security
Print ISBN: 978-981-16-9575-9

Electronic ISBN: 978-981-16-9576-6

Copyright-Jahr: 2022
DOI: https://doi.org/10.1007/978-981-16-9576-6_21

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner