The prevalence of smartphones is deeply embedded in modern society,impacting various aspects of our lives.Their versatility and functionalities have fundamentally changed how we communicate,work,seek entertainment,and...The prevalence of smartphones is deeply embedded in modern society,impacting various aspects of our lives.Their versatility and functionalities have fundamentally changed how we communicate,work,seek entertainment,and access information.Among the many smartphones available,those operating on the Android platform dominate,being the most widely used type.This widespread adoption of the Android OS has significantly contributed to increased malware attacks targeting the Android ecosystem in recent years.Therefore,there is an urgent need to develop new methods for detecting Android malware.The literature contains numerous works related to Android malware detection.As far as our understanding extends,we are the first ones to identify dangerous combinations of permissions and system calls to uncover malicious behavior in Android applications.We introduce a novel methodology that pairs permissions and system calls to distinguish between benign and malicious samples.This approach combines the advantages of static and dynamic analysis,offering a more comprehensive understanding of an application’s behavior.We establish covalent bonds between permissions and system calls to assess their combined impact.We introduce a novel technique to determine these pairs’Covalent Bond Strength Score.Each pair is assigned two scores,one for malicious behavior and another for benign behavior.These scores serve as the basis for classifying applications as benign or malicious.By correlating permissions with system calls,the study enables a detailed examination of how an app utilizes its requested permissions,aiding in differentiating legitimate and potentially harmful actions.This comprehensive analysis provides a robust framework for Android malware detection,marking a significant contribution to the field.The results of our experiments demonstrate a remarkable overall accuracy of 97.5%,surpassing various state-of-the-art detection techniques proposed in the current literature.展开更多
Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and th...Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.展开更多
Electronic mail is perhaps one of the greatest inventions of our lifetime.It is having a phenomenal effect on the way we communicate.E-mail is not just a quick and relatively cheap way to keep in touch with family and...Electronic mail is perhaps one of the greatest inventions of our lifetime.It is having a phenomenal effect on the way we communicate.E-mail is not just a quick and relatively cheap way to keep in touch with family and friends,it has also become an essential tool in business,a fundamental part of the way in which we work.E-mail with fast speed and low cost can reach global audience and become a useful tool to promote online selling.This paper will mainly discuss e-mail marketing and its good functions on communication with potential or existing customers and other characteristics.Permission based marketing,which has common point with e-mail marketing,is regarded as e-mail marketing to some extend.This paper will further discuss the effective format,effective subject lines and words that can't be used in e-mail marketing.At last,the problems and prospect of permission based e-mail marketing will also be stated.展开更多
In the age of smartphones, people do most of their daily work using their smartphones due to significant improvement in smartphone technology. When comparing different platforms such as Windows, iOS, Android, and Blac...In the age of smartphones, people do most of their daily work using their smartphones due to significant improvement in smartphone technology. When comparing different platforms such as Windows, iOS, Android, and Blackberry, Android has captured the highest percentage of total market share [1]. Due to this tremendous growth, cybercriminals are encouraged to penetrate various mobile marketplaces with malicious applications. Most of these applications require device information permissions aiming to collect sensitive data without user’s consent. This paper investigates each element of system information permissions and illustrates how cybercriminals can harm users’ privacy. It presents some attack scenarios using READ_PHONE_STATE permission and the risks behind it. In addition, this paper refers to possible attacks that can be performed when additional permissions are combined with READ_PHONE_STATE permission. It also discusses a proposed solution to defeat these types of attacks.展开更多
Mobile applications affect user’s privacy based on the granted application’s permissions as attackers exploit mobile application permissions in Android and other mobile operating systems. This research divides permi...Mobile applications affect user’s privacy based on the granted application’s permissions as attackers exploit mobile application permissions in Android and other mobile operating systems. This research divides permissions based on Google’s classification of dangerous permissions into three groups. The first group contains the permissions that can access user’s private data such as reading call log. The second group contains the permissions that can modify user’s data such as modifying the numbers in contacts. The third group contains the remaining permissions which can track the location, and use the microphone and other sensitive issues that can spy on the user. This research is supported by a study that was conducted on 100 participants in Saudi Arabia to show the level of users’ awareness of associated risks in mobile applications permissions. Associations among the collected data are also analyzed. This research fills the gap in user’s awareness by providing best practices in addition to developing a new mobile application to help users decide whether an application is safe to be installed and used or not. This application is called “Sparrow” and is available in Google Play Store.展开更多
As permissioned blockchain becomes a common foundation of blockchain-based circumstances for current organizations,related stakeholders need a means to assess the trustworthiness of the applications involved within.It...As permissioned blockchain becomes a common foundation of blockchain-based circumstances for current organizations,related stakeholders need a means to assess the trustworthiness of the applications involved within.It is extremely important to consider the potential impact brought by the Blockchain technology in terms of security and privacy.Therefore,this study proposes a rigorous security risk management framework for permissioned blockchain-enabled applications.The framework divides itself into different implementation domains,i.e.,organization security,application security,consensus mechanism security,node management and network security,host security and perimeter security,and simultaneously provides guidelines to control the security risks of permissioned blockchain applications with respect to these security domains.In addition,a case study,including a security testing and risk evaluation on each stack of a specific organization,is demonstrated as an implementation instruction of our proposed risk management framework.According to the best of our knowledge,this study is one of the pioneer researches that provide a means to evaluate the security risks of permissioned blockchain applications from a holistic point of view.If users can trust the applications that adopted this framework,this study can contribute to the adoption of permissioned blockchain-enabled technologies.Furthermore,application providers can use the framework to perform gap analysis on their existing systems and controls and understand the risks of their applications.展开更多
Consensus protocols are used for the distributed management of large databases in an environment without trust among participants.The choice of a specific protocol depends on the purpose and characteristics of the sys...Consensus protocols are used for the distributed management of large databases in an environment without trust among participants.The choice of a specific protocol depends on the purpose and characteristics of the system itself.The subjects of the paper are consensus protocols in permissioned blockchains.The objective of this paper is to identify functional advantages and disadvantages of observed protocol.The analysis covers a total of six consensus protocols for permissioned blockchains.The following characteristics were compared:security,trust among participants,throughput and scalability.The results show that no protocol shows absolute dominance in all aspects of the comparison.Paxos and Raft are intended for systems in which there is no suspicion of unreliable users,but only the problem of a temporary shutdown.Practical Byzantine Fault Tolerance is intended for systems with a small number of nodes.Federated Byzantine Fault Tolerance shows better scalability and is more suitable for large systems,but can withstand a smaller number of malicious nodes.Proof-of-authority can withstand the largest number of malicious nodes without interfering with the functioning of the system.When choosing a consensus protocol for a blockchain application,one should take into account priority characteristics.展开更多
为确保数字经济高质量发展,加强移动应用的个人隐私保护至关重要。隐私设置和权限请求设置作为当前移动服务商向用户提供的主要隐私保护技术措施,其有效性受到争议,并未得到用户广泛的使用或采纳,这可能是因为用户无法通过隐私设置选择...为确保数字经济高质量发展,加强移动应用的个人隐私保护至关重要。隐私设置和权限请求设置作为当前移动服务商向用户提供的主要隐私保护技术措施,其有效性受到争议,并未得到用户广泛的使用或采纳,这可能是因为用户无法通过隐私设置选择和控制移动应用收集的个人信息种类、使用目的与共享对象,且权限请求设置操作流程较为复杂。要想切实发挥隐私保护技术的积极效果,其应具备的技术特征不容小觑。本研究从给予用户对个人信息披露的细粒度控制的视角,针对现有隐私设置和权限请求设置提出两种技术特征,即隐私设置可操作性与权限请求设置有效性,并基于信号传递理论,探究这两种技术特征对用户拒绝提供个人信息和提供虚假个人信息意愿(简称“隐私保护行为意愿”)的影响机理。本研究采用基于情景的实验方法,共收集334份有效数据,应用PLS-SEM(partial least squares-structural equation modeling)方法进行实证分析。研究结果发现,本研究提出的两种技术特征对用户的隐私保护行为意愿具有显著的直接负向影响,并通过隐私担忧间接负向影响用户的隐私保护行为意愿;这两种技术特征对用户隐私保护行为意愿具有显著的正向交互作用。本研究丰富和拓展了隐私保护技术设计与用户信息行为研究,并为移动服务商设计有效的隐私保护技术以提升竞争优势提供了启示,从而促进数字经济高质量发展。展开更多
文摘The prevalence of smartphones is deeply embedded in modern society,impacting various aspects of our lives.Their versatility and functionalities have fundamentally changed how we communicate,work,seek entertainment,and access information.Among the many smartphones available,those operating on the Android platform dominate,being the most widely used type.This widespread adoption of the Android OS has significantly contributed to increased malware attacks targeting the Android ecosystem in recent years.Therefore,there is an urgent need to develop new methods for detecting Android malware.The literature contains numerous works related to Android malware detection.As far as our understanding extends,we are the first ones to identify dangerous combinations of permissions and system calls to uncover malicious behavior in Android applications.We introduce a novel methodology that pairs permissions and system calls to distinguish between benign and malicious samples.This approach combines the advantages of static and dynamic analysis,offering a more comprehensive understanding of an application’s behavior.We establish covalent bonds between permissions and system calls to assess their combined impact.We introduce a novel technique to determine these pairs’Covalent Bond Strength Score.Each pair is assigned two scores,one for malicious behavior and another for benign behavior.These scores serve as the basis for classifying applications as benign or malicious.By correlating permissions with system calls,the study enables a detailed examination of how an app utilizes its requested permissions,aiding in differentiating legitimate and potentially harmful actions.This comprehensive analysis provides a robust framework for Android malware detection,marking a significant contribution to the field.The results of our experiments demonstrate a remarkable overall accuracy of 97.5%,surpassing various state-of-the-art detection techniques proposed in the current literature.
基金Project(61003140) supported by the National Natural Science Foundation of ChinaProject(013/2010/A) supported by Macao Science and Technology Development FundProject(10YJC630236) supported by Social Science Foundation for the Youth Scholars of Ministry of Education of China
文摘Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.
文摘Electronic mail is perhaps one of the greatest inventions of our lifetime.It is having a phenomenal effect on the way we communicate.E-mail is not just a quick and relatively cheap way to keep in touch with family and friends,it has also become an essential tool in business,a fundamental part of the way in which we work.E-mail with fast speed and low cost can reach global audience and become a useful tool to promote online selling.This paper will mainly discuss e-mail marketing and its good functions on communication with potential or existing customers and other characteristics.Permission based marketing,which has common point with e-mail marketing,is regarded as e-mail marketing to some extend.This paper will further discuss the effective format,effective subject lines and words that can't be used in e-mail marketing.At last,the problems and prospect of permission based e-mail marketing will also be stated.
文摘In the age of smartphones, people do most of their daily work using their smartphones due to significant improvement in smartphone technology. When comparing different platforms such as Windows, iOS, Android, and Blackberry, Android has captured the highest percentage of total market share [1]. Due to this tremendous growth, cybercriminals are encouraged to penetrate various mobile marketplaces with malicious applications. Most of these applications require device information permissions aiming to collect sensitive data without user’s consent. This paper investigates each element of system information permissions and illustrates how cybercriminals can harm users’ privacy. It presents some attack scenarios using READ_PHONE_STATE permission and the risks behind it. In addition, this paper refers to possible attacks that can be performed when additional permissions are combined with READ_PHONE_STATE permission. It also discusses a proposed solution to defeat these types of attacks.
文摘Mobile applications affect user’s privacy based on the granted application’s permissions as attackers exploit mobile application permissions in Android and other mobile operating systems. This research divides permissions based on Google’s classification of dangerous permissions into three groups. The first group contains the permissions that can access user’s private data such as reading call log. The second group contains the permissions that can modify user’s data such as modifying the numbers in contacts. The third group contains the remaining permissions which can track the location, and use the microphone and other sensitive issues that can spy on the user. This research is supported by a study that was conducted on 100 participants in Saudi Arabia to show the level of users’ awareness of associated risks in mobile applications permissions. Associations among the collected data are also analyzed. This research fills the gap in user’s awareness by providing best practices in addition to developing a new mobile application to help users decide whether an application is safe to be installed and used or not. This application is called “Sparrow” and is available in Google Play Store.
基金This work was supported by the Ministry of Science and Technology,Taiwan,under grants MOST 110-2218-E-011-007-MBK,MOST 111-2218-E-011-012-MBK,MOST 109-2221-E-011-110-MY2,MOST 109-2221-E-259-011-MY2,MOST 110-2629-E-259-001,MOST 110-2926-I-259-501,and MOST 110-2634-F-A49-004.
文摘As permissioned blockchain becomes a common foundation of blockchain-based circumstances for current organizations,related stakeholders need a means to assess the trustworthiness of the applications involved within.It is extremely important to consider the potential impact brought by the Blockchain technology in terms of security and privacy.Therefore,this study proposes a rigorous security risk management framework for permissioned blockchain-enabled applications.The framework divides itself into different implementation domains,i.e.,organization security,application security,consensus mechanism security,node management and network security,host security and perimeter security,and simultaneously provides guidelines to control the security risks of permissioned blockchain applications with respect to these security domains.In addition,a case study,including a security testing and risk evaluation on each stack of a specific organization,is demonstrated as an implementation instruction of our proposed risk management framework.According to the best of our knowledge,this study is one of the pioneer researches that provide a means to evaluate the security risks of permissioned blockchain applications from a holistic point of view.If users can trust the applications that adopted this framework,this study can contribute to the adoption of permissioned blockchain-enabled technologies.Furthermore,application providers can use the framework to perform gap analysis on their existing systems and controls and understand the risks of their applications.
文摘Consensus protocols are used for the distributed management of large databases in an environment without trust among participants.The choice of a specific protocol depends on the purpose and characteristics of the system itself.The subjects of the paper are consensus protocols in permissioned blockchains.The objective of this paper is to identify functional advantages and disadvantages of observed protocol.The analysis covers a total of six consensus protocols for permissioned blockchains.The following characteristics were compared:security,trust among participants,throughput and scalability.The results show that no protocol shows absolute dominance in all aspects of the comparison.Paxos and Raft are intended for systems in which there is no suspicion of unreliable users,but only the problem of a temporary shutdown.Practical Byzantine Fault Tolerance is intended for systems with a small number of nodes.Federated Byzantine Fault Tolerance shows better scalability and is more suitable for large systems,but can withstand a smaller number of malicious nodes.Proof-of-authority can withstand the largest number of malicious nodes without interfering with the functioning of the system.When choosing a consensus protocol for a blockchain application,one should take into account priority characteristics.
文摘为确保数字经济高质量发展,加强移动应用的个人隐私保护至关重要。隐私设置和权限请求设置作为当前移动服务商向用户提供的主要隐私保护技术措施,其有效性受到争议,并未得到用户广泛的使用或采纳,这可能是因为用户无法通过隐私设置选择和控制移动应用收集的个人信息种类、使用目的与共享对象,且权限请求设置操作流程较为复杂。要想切实发挥隐私保护技术的积极效果,其应具备的技术特征不容小觑。本研究从给予用户对个人信息披露的细粒度控制的视角,针对现有隐私设置和权限请求设置提出两种技术特征,即隐私设置可操作性与权限请求设置有效性,并基于信号传递理论,探究这两种技术特征对用户拒绝提供个人信息和提供虚假个人信息意愿(简称“隐私保护行为意愿”)的影响机理。本研究采用基于情景的实验方法,共收集334份有效数据,应用PLS-SEM(partial least squares-structural equation modeling)方法进行实证分析。研究结果发现,本研究提出的两种技术特征对用户的隐私保护行为意愿具有显著的直接负向影响,并通过隐私担忧间接负向影响用户的隐私保护行为意愿;这两种技术特征对用户隐私保护行为意愿具有显著的正向交互作用。本研究丰富和拓展了隐私保护技术设计与用户信息行为研究,并为移动服务商设计有效的隐私保护技术以提升竞争优势提供了启示,从而促进数字经济高质量发展。
