Proceedings ArticleDOI
Toward risk-driven security measurement for Android smartphone platforms
Reijo Savola,Teemu Väisänen,Antti Evesti,Pekka Savolainen,Juha Kemppainen,Marko Kokemaki +5 more
- pp 1-8
TLDR
This work analyzes the security objectives of two distinct envisioned public safety and security mobile network systems utilising the Android platform and proposes initial heuristics for security objective decomposition aimed at security metrics definition.Abstract:
Security for Android smartphone platforms is a challenge arising in part from their openness. We analyse the security objectives of two distinct envisioned public safety and security mobile network systems utilising the Android platform. The analysis is based on an industrial risk analysis activity. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and applied security metrics can be used for informed risk-driven security decision-making, enabling higher security effectiveness.read more
Citations
More filters
Proceedings ArticleDOI
Combining real-time risk visualization and anomaly detection
TL;DR: This paper presents means for transferring and visualizing the network events in the risk management instantly with a tool called Metrics Visualization System (MVS), used to dynamically visualize network security events of a Terrestrial Trunked Radio network running in Software Defined Networking context as a case study.
Proceedings ArticleDOI
Risk Analysis and Safety Protection of Android Phone
TL;DR: Android framework, application components, and Android system and the risks of personal privacy information under the current mobile phone protective mechanism are analyzed in detail, and a kind of double users privacy protection system model is designed.
Proceedings ArticleDOI
Security objectives, controls and metrics development for an Android smartphone application
Reijo Savola,Markku Kylänpää +1 more
TL;DR: The target system of the investigation is an Android platform utilized for public safety and security mobile network and how a security decision making regarding this target system can be supported by effective and efficient security metrics is analyzed.
Journal ArticleDOI
A Case Study of Introducing Security Risk Assessment in Requirements Engineering in a Large Organization
Shanai Ardi,Kristian Sandahl +1 more
TL;DR: In this paper , a lightweight risk assessment method that flags security issues as early as possible in the software project, namely during requirements analysis, is described, which requires minimal training effort, adds low overhead, and makes it possible to show immediate results to affected stakeholders.
References
More filters
The Goal Question Metric Approach
TL;DR: Measurement is a mechanism for creating a corporate memory and an aid in answering a variety of questions associated with the enactment of any software process.
Proceedings ArticleDOI
Why eve and mallory love android: an analysis of android SSL (in)security
TL;DR: An analysis of 13,500 popular free apps downloaded from Google's Play Market revealed that 1,074 (8.0%) of the apps examined contain SSL/TLS code that is potentially vulnerable to MITM attacks, and MalloDroid is introduced, a tool to detect potential vulnerability againstMITM attacks.
Book
Security Metrics: Replacing Fear, Uncertainty, and Doubt
TL;DR: The Definitive Guide to Quantifying, Classifying, and Measuring Enterprise IT Security OperationsSecurity Metrics is the first comprehensive best-practice guide to defining, creating, and utilizing security metrics in the enterprise.
ReportDOI
Directions in Security Metrics Research
TL;DR: An overview of the security metrics area is provided and possible avenues of research that could be pursued to advance the state of the art are looked at.
Proceedings ArticleDOI
Quantified security is a weak hypothesis: a critical survey of results and assumptions
TL;DR: This paper critically surveys previous work on quantitative representation and analysis of security with respect to security perspective, target of quantification, underlying assumptions and type of validation.