A Risk Assessment Method for Smartphones

Abstract : Smartphones are multi-purpose ubiquitous devices, which face both, smartphone-specific and typical security threats. This paper describes a method for risk assessment that is tailored for smartphones. The method does not treat this kind of device as a single entity. Instead, it identifies smartphone assets and provides a detailed list of specific applicable threats. For threats that use application permissions as the attack vector, risk triplets are facilitated. The triplets associate assets to threats and permission combinations. Then, risk is assessed as a combination of asset impact and threat likelihood. The method utilizes user input, with respect to impact valuation, coupled with statistics for threat likelihood calculation. Finally, the paper provides a case study, which demonstrates the risk assessment method in the Android platform.
Type de document :
Communication dans un congrès
Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.443-456, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_36〉
Liste complète des métadonnées

Littérature citée [18 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01518232
Contributeur : Hal Ifip <>
Soumis le : jeudi 4 mai 2017 - 13:45:27
Dernière modification le : jeudi 4 mai 2017 - 14:53:54
Document(s) archivé(s) le : samedi 5 août 2017 - 13:07:15

Fichier

978-3-642-30436-1_36_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Marianthi Theoharidou, Alexios Mylonas, Dimitris Gritzalis. A Risk Assessment Method for Smartphones. Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.443-456, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_36〉. 〈hal-01518232〉

Partager

Métriques

Consultations de la notice

123

Téléchargements de fichiers

434