Friday, December 6, 2019
Vulnerabilities in Mobile Platform Security
Question: Write a Research Proposal on Mobile Platform Security? Answer: Introduction The figuring scene has changed significantly since the product planners of the 60's and 70's established the framework throughout today's advanced working frameworks. In those days, machines were likely just joined with other trusted machines, if associated with a system whatsoever. Malware was additionally not a huge issue. Out of these circumstances, large portions of the early outline choices around working framework security were made. The Internet changed a number of these suppositions, as you could no more trust each other machine and program on the system. Presently there were numerous machines and projects effectively looking to cause harm. Numerous headways in working framework security have happened over the earlier decades to address these issues. Today's portable working frameworks have profited from these progressions and have possessed the capacity to coordinate better efforts to establish safety from the beginning, instead of needing to include them in later (Flinn, 2012). Doing so sets the bar for security high from the earliest starting point, rather than regressively similarity or prior configuration choices making it hard to completely coordinate new security characteristics. One of the essential security gimmicks introduce in today's portable working frameworks is the application sandbox. Android, Blackberry, ios, and Windows Phone all contain help for this security characteristic. This post is planned to depict what a sandbox is, the way it lives up to expectations, lastly how the vicinity of the sandbox serves to expand security in an extremely associated world. With the rapid change in technology within the last two decades, the popularity of smart-phones, and other mobile devices has basically brought in a wide ranged software applications that is basically designed for running some applications, that are actually used to deliver the web services through their compact and dignified user interfaces and easy program logic which are basically tailored to the mobile platforms. Sometimes few major applications or the operating system tends to behave abnormally which actually exploits the software or the operating system to perform abnormally, not as expected. Purpose Vulnerability is one of the most important issues that basically arise in this era of mobility and technology. As stated already, vulnerability potentially causes definite threats in using different application. The weakness in the operating system or the core applications potentially exploits the software to perform as expected which actually creates a debacle within the mobile performance. The major question that arises during this major hypothesis is what actually happens or how the vulnerability of the mobile is so opened up. The basic threats that actually takes a role on the vulnerability of the mobile platforms comes basically from three major sources: application based, web based and physical threats (Jarvis, n.d.). By these major sources the application or the operating system gets exploited by which the potential user of the mobile faces major technical issues probing its personal details to be hampered via the use of the platform of mobile. This major thesis helps to propa gate the major threats of the vulnerable attacks that can actually seize to hamper the mobile platforms. Static Application Security Testing (SAST) devices can distinguish a few vulnerabilities as the code is being composed amid improvement, yet they make a lot of superfluous data furthermore frustratingly high false positives which diminishes their viability. Literature Review To explain briefly a platform, vulnerability is basically a major security weakness in the operating system or the core applications that can majorly be exploited to cause software to not perform as expected. The issue actually doesnt help the mobile software to perform well in the circumstances. This major deviation potentially from the expected behavior can basically impact the platform security controls that are mainly meant to protect the data. One of the basic example of a platform security control is actually restricting access for reading and writing the data to a particular location in the file system. Vulnerability is basically a major threat to an individual using a mobile phone (Lopez, Huang Sandhu, 2013). Vulnerability sometimes even causes the input personal information to work in an abnormal mode creating major threats to the personal information of the prolific user. This type of platform vulnerability can cause major problems in the mobile phones. The problem may sig nificantly persist either in the operating system or the core applications. In general, this type of vulnerability is very much important because of the potential power that is gained to exploit them. Operating systems are basically responsible for managing the resources and when platform vulnerability is exploited, major key security controls are also bypassed to help with the managing resources. Methodology Methodology is one of the important parts of a report that shows and depicts the entire structure of the report and the procedure in which the research is conducted. Here in this section we make a brief discussion on the procedures used to complete the research. Research design is the blue print of the report as per which the research is represented in the report. The research report is of different type. Some are descriptive in nature, some are explanatory and some are exploratory in nature. But in this case we have used the descriptive and the quantitative research method through which the entire field of the topic can be discussed and the solution to the questions can be provided for completing the research work. The descriptive research provides full knowledge on the given topic that helps the readers easier to understand. For data collection method few samples are taken into consideration out of a huge population of samples. It is not possible to take into consideration the entire population because of the limitation of the research and time constraint of the research. Hence, few out of the population is taken into consideration by random selection. For conducting this research few mobile companies were chosen and a deep study was made on the mobile apps provided by the companies. After the collection of the data a random sampling was done to complete the entire research report. Data collection is the most important part of a research. It is essential because it increases the knowledge base of the researcher to complete the research as per the requirements depicted by the topic. For data collection two different methods are used. The first method is the collection of the primary data which done by the process of direct interviews. In the second method the secondary data collection methods data is collected from other sources like books, journals and internet source. In this study the secondary data collection method is used. In most cases primary data collection method is used to avail solid evidence of the research (Markantonakis, Mayes Piper, n.d.). But in this research the data is collected from the secondary sources because the research requires huge base of knowledge. Hypothesis testing is the most important and difficult part of a research report. It is the most challenging task for a researcher. There the first method of data analysis is to determine the factors of the variables and arrange the variables in a proper format for the analysis. In this process the data is analyzed on the topic that how the mobile pattern securities are vulnerable in nature. The variables are analyzed and a report is represented on the analysis. For presenting the report graphs and other diagrams are used to make this report easier for understanding. Every research work has a certain limitation and boundary that it must follow for a smooth completion of the research report. The major limitation of a research is the time constraint of the research. The researcher must keep in mind the time required for completing each process of the research. The researcher must also see that his research work does not affect the environment and the society adversely and follows the law that is guiding it. Planning, analysis and organization It is quite obvious that every technology based gadgets comes with flaws. It is bound that the mobile platforms too sometimes are bound to have flaws and security vulnerabilities. Security vulnerabilities are majorly identified in regular basis and must be potentially fixed to prevent the major attackers from attacking from using to compromise systems. Basically in case of personal computers vendors often provide potentially important patches which actually help to secure the systems from any sort of misuse by the attackers. In case of mobile platforms the security of the platforms totally depends on the nature of the vulnerability. It needs secure planning and analysis of the vulnerability to actually make the mobile platform secure. Depending on the type of vulnerability a patch may be as simple as updating the major single application or as complex as the needed firmware update that basically involves both the device manufacturer and the carrier. In case of android and ios operating systems the vendors basically produce major patches or updates to fix security vulnerabilities. Software vendors want to fix vulnerabilities as quickly as possible, before they can be exploited and used maliciously, so well-intentioned researchers typically disclose vulnerabilities they find to the software vendor. On mobile devices, however, there is a conflict of interest. Because vulnerabilities are often the only way to root or jailbreak devices, many researchers do not want vulnerabilities to get fixed so they can maintain full control over their devices. The desire to gain full control over devices creates a disincentive for researchers to disclosure vulnerabilities (Sauveron, Bilas, Markantonakis Quisquater, 2007). This conflict of interest between vulnerability disclosure and the ability for people to fully control their own device poses a great security issue. Once a vulnerability being used to root or jailbreak devices becomes public knowledge it may also be used by malicious attackers, like Droid Dream. Until all mobile devices allow users to gain full control without resorting to exploits, this conflict of interest between control and safety is likely to continue. Other consideration Basically the research will contribute to raising the major awareness among all the experts and he academic community about the major impacts and the suitable consequences of the attacks of the smart-phones, which is actually something which has not been totally recognized. This is very much important on a critical note which can be prolifically used to cause major extensive damage and the disruption for major individuals and business alike. The major contribution can be particularly very much important as it is very much important to present major proactive critical defense strategies and alert on the mobile platform security (Vacca, 2013). The vendors of the mobile platform play a major key role in the participation of the major threats of the mobile platforms. Jail-breaking, SMS phishing and Trojans are the major proximity threats of every mobile platform which are vulnerable to the operating systems or the core applications. References Bidgoli, H. (2006).Handbook of information security. Hoboken, N.J.: John Wiley Sons. Flinn, J. (2012).Cyber foraging. [San Rafael, Calif.]: Morgan Claypool. Jarvis, M.Security Architect 75 Success Secrets. Lopez, J., Huang, X., Sandhu, R. (2013).Network and system security. Berlin: Springer. Markantonakis, K., Mayes, K., Piper, F.Secure smart embedded devices, platforms and applications. Sauveron, D., Bilas, A., Markantonakis, K., Quisquater, J. (2007).Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems. Berlin: Springer. Vacca, J. (2013).Computer and information security handbook. Amsterdam: Morgan Kaufmann Publishers is an imprint of Elsevier.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.