Free for All! Assessing User Data Exposure to Advertising Libraries on Android
|
|
- Ferdinand Jordan
- 5 years ago
- Views:
Transcription
1 Free for All! Assessing User Data Exposure to Advertising Libraries on Android Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang, Carl Gunter University of Illinois at Urbana - Champaign
2 Approach
3 Approach GOAL: Assess the RISK of integrating advertising libraries in Android apps RISK: Potential compromise of an asset as a result of an exploit of a vulnerability by a threat. All the different ways an ad library can access private user Private User Data data Ad Library
4 Approach OUT-APP EXPOSURE Host app IN-APP EXPOSURE API API FILES Ad Library
5 Is there any interesting information in local files? FILES
6 Motivation: in-app FILES I m Pregnant / Pregnancy App Weight Height Pregnancy month and day Symptoms (headaches, backache, cons9pa9on) Events (date of intercourse) Outcomes (miscarriage, birth date)
7 Motivation: in-app FILES Diabetes Journal Birth date Gender First name Last name Weight Height Blood glucose levels Workout ac9vi9es
8 Motivation: in-app FILES Diabetes Journal There is a plethora of private user information in app local files. It is trivial for ad libraries to access such information. Birth date Gender First name Last name Weight Height Blood glucose levels Workout ac9vi9es
9 Are ad libraries interested in app bundles?
10 Motivation: out-app API METHODOLOGY RESULTS Call graphs on 2700 Google Play apps 2535 unique apps getinstalledpackages (gip) getinstalledapplications (gia) Manual analysis of packages containing gip and gia 27.5% contain at least one invocation of gip or gia 12.54% contain an ad library that invokes gip or gia 28 unique ad libraries
11 Motivation: out-app API METHODOLOGY RESULTS Call graphs on 2700 Google Play apps 2535 unique apps Ad getinstalledpackages Libraries are (gip) increasingly collecting 27.5% contain app at least bundles one invocation from of gip or gia getinstalledapplications (gia) user devices % contain an ad library that invokes gip Manual analysis of packages containing gip or gia and gia 28 unique ad libraries
12 What can ad libraries learn from app bundles?
13 Motivation: out-app Ground Truth collection: Private User Data Question 1 Question 2 Random ID
14 Motivation: out-app Ground Truth collection: Private User Data Question 1 Question approved users Random ID 1985 distinct apps
15 Evaluation: out-app AGE MARITAL STATUS SEX P (%) R (%) P (%) R (%) P (%) R (%) Random Forest SVM KNN P: Precision R: Recall
16 Pluto Risk Assessment Framework
17 Pluto Design PURPOSE: offline estimation of the private user data a target app can expose to an embedded ad library that utilizes: in-app attack channels out-app attack channels [please see the paper for details]
18 Pluto Design: in-app exposure discovery MONKEY DB XML JSON DB XML GENERIC U MANIFEST Layout Strings DECOMPILER MANIFEST Miners Matching Goals Dynamic Analysis Module
19 Evaluation
20 Evaluation Ground Truth collection: Data Points
21 Evaluation: in-app Ground Truth collection: Manual construction of L1 and L2 Name Number Description Full Dataset (FD) 2535 Unique apps collected from the 27 Google Play categories Level 1 Dataset (L1) 262 Apps randomly selected from FD Level 2 Dataset (L2) 35 Apps purposively selected from L1
22 0" 0.1" 0.2" 0.3" 0.4" 0.5" 0.6" 0.7" 0.8" 0.9" 1" PRECISION" RECALL" L1" L2" AGE 0" 0.1" 0.2" 0.3" 0.4" 0.5" 0.6" 0.7" 0.8" 0.9" 1" PRECISION" RECALL" L1" L2" GENDER 0" 0.1" 0.2" 0.3" 0.4" 0.5" 0.6" 0.7" 0.8" 0.9" 1" PRECISION" RECALL" L1" L2" WORKOUT 0" 0.1" 0.2" 0.3" 0.4" 0.5" 0.6" 0.7" 0.8" 0.9" 1" PRECISION" RECALL" L1" L1:MMiner" L2" L2:Mminer" ADDRESS Evaluation: in-app
23 Privacy Risk App Ranking
24 Utility: assessing the risk with Pluto D: set of data points in cost model (e.g. Financial Times) X: set of data point weights in the cost model D = X = n α: target app x α : sum of all weights of data points exposed by α risk score:
25 Utility: assessing the risk with Pluto CATEGORY APP TITLE AVG # INSTALLS RISK SCORE [ 0-10 ] MEDICAL Depression CBT Self-Help Guide 100K - 500K 8.14 MEDICAL Prognosis: Your Diagnosis 500K - 1M 6.31 HEALTH & FITNESS HEALTH & FITNESS Dream Body Workout Plan 100K - 500K 7.33 mycigna 100K - 500K 5.62
26 Utility: assessing the risk with Pluto CATEGORY APP TITLE AVG # INSTALLS RISK SCORE [ 0-10 ] MEDICAL Depression CBT Self-Help Guide 100K - 500K 8.14 MEDICAL Prognosis: Your Diagnosis 500K - 1M 6.31 HEALTH & FITNESS HEALTH & FITNESS Dream Body Workout Plan 100K - 500K 7.33 exposes 16 data points mycigna 100K - 500K 5.62 depression, headache, pregnancy,
27 Summary Apps store an abundance of private user data in local files. Revealed a trend of aggressive collection of app bundles. New techniques for assessing user sensitive information exposure to libraries. [not covered in this talk] Designed a tool (Pluto) to automatically assess the data exposure risk to third-party libraries by apps at scale. Pluto is evaluated on real world apps and user data and evidently achieves good prediction performance.
28 Thank You! Source code is available online at:
XHound: Quantifying the Fingerprintability of Browser Extensions. Priyankit Bangia Software Engineering. By Oleksii Starov & Nick Nikiforakis
XHound: Quantifying the Fingerprintability of Browser Extensions By Oleksii Starov & Nick Nikiforakis Priyankit Bangia Software Engineering INTRODUCTION What are browser extensions? Browsers are designed
More informationResolving the Predicament of Android Custom Permissions
Resolving the Predicament of Android Custom Permissions Güliz Seray Tuncay, Soteris Demetriou, Karan Ganju, Carl A. Gunter University of Illinois at Urbana - Champaign #NDSS18 Install-time Permissions
More informationVulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits
Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits Carl Sabottke Octavian Suciu Tudor Dumitraș University of Maryland 2 Problem Increasing number
More informationFinding Clues For Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps
Finding Clues For Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps Yuhong Nan, Zhemin Yang, Yuan Zhang, Donglai Zhu and Min Yang Fudan University Xiaofeng Wang Indiana University
More informationYou are Who You Know and How You Behave: Attribute Inference Attacks via Users Social Friends and Behaviors
You are Who You Know and How You Behave: Attribute Inference Attacks via Users Social Friends and Behaviors Neil Zhenqiang Gong Iowa State University Bin Liu Rutgers University 25 th USENIX Security Symposium,
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationVulnerability Assessment Process
Process Coleman Kane Coleman.Kane@ge.com January 14, 2015 Security Process 1 / 12 is the practice of discovering the vulnerabilties posed by an environment, determining their negative risk impact, and
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationPenetration testing.
Penetration testing Penetration testing is a globally recognized security measure that can help provide assurances that a company s critical business infrastructure is protected from internal or external
More informationPATIENT INFORMATION SPOUSE INFORMATION REFERRAL INFORMATION INSURANCE INFORMATION IN CASE OF EMERGENCY
Today s date: PATIENT INFORMATION Patient s Last name: First: Middle: Physician Name: Mr. Sex: Marital status (circle one) Single / Mar / Div / Sep / Wid Mailing address: City: State: ZIP Code: D.O.B:
More informationELEC6910Q Analytics and Systems for Social Media and Big Data Applications Lecture 4. Prof. James She
ELEC6910Q Analytics and Systems for Social Media and Big Data Applications Lecture 4 Prof. James She james.she@ust.hk 1 Selected Works of Activity 4 2 Selected Works of Activity 4 3 Last lecture 4 Mid-term
More informationi2b2 User Guide University of Minnesota Clinical and Translational Science Institute
Clinical and Translational Science Institute i2b2 User Guide i2b2 is a tool for discovering research cohorts using existing, de-identified, clinical data This guide is provided by the Office of Biomedical
More informationWhat s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources
What s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources Soteris Demetriou, Xiaoyong Zhou, Muhammad Naveed, Yeonjoon Lee, Kan Yuan, XiaoFeng Wang, Carl
More informationPersonal Information. New Profile Icon
What is New in MyChart? On December 8th, we will be upgrading our MyChart patient portal site. We would like to make you aware of a few differences that you will see, when you sign into your MyChart account.
More informationSecurity and privacy in the smartphone ecosystem: Final progress report
Security and privacy in the smartphone ecosystem: Final progress report Alexios Mylonas Athens University of Economics & Business Overview 2 Research Motivation Related work Objective Approach Methodology
More informationAutomated Assessment of Security Risks for Mobile Applications
Automated Assessment of Security Risks for Mobile Applications Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie Department of Computer Science North Carolina State University Lookout Mobile
More informationTrustwave Managed Security Testing
Trustwave Managed Security Testing SOLUTION OVERVIEW Trustwave Managed Security Testing (MST) gives you visibility and insight into vulnerabilities and security weaknesses that need to be addressed to
More informationGLOOKO FOR PATIENTS QUICK START GUIDE
GLOOKO FOR PATIENTS QUICK START GUIDE September 2018 Version IFU-0008 02 Contents Intended Use... 3 Warnings... 3 1. How to Start Using Glooko... 4 1.1. Device Compatibility... 4 MeterSync Blue... 4 Glooko
More informationSurvey Result on Privacy Preserving Techniques in Data Publishing
Survey Result on Privacy Preserving Techniques in Data Publishing S.Deebika PG Student, Computer Science and Engineering, Vivekananda College of Engineering for Women, Namakkal India A.Sathyapriya Assistant
More informationDetecting Malicious Activity with DNS Backscatter Kensuke Fukuda John Heidemann Proc. of ACM IMC '15, pp , 2015.
Detecting Malicious Activity with DNS Backscatter Kensuke Fukuda John Heidemann Proc. of ACM IMC '15, pp. 197-210, 2015. Presented by Xintong Wang and Han Zhang Challenges in Network Monitoring Need a
More informationExam : Title : ASAM Advanced Security for Account Managers Exam. Version : Demo
Exam : 646-578 Title : ASAM Advanced Security for Account Managers Exam Version : Demo 1. When do you align customer business requirements with the needed solution functionality? A. when preparing for
More informationSOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk.
RiskSense Platform RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 27 RiskSense, Inc. Executive Summary The RiskSense Platform is a Software-as-a-Service
More informationIllustration of Random Forest and Naïve Bayes Algorithms on Indian Liver Patient Data Set
Volume 119 No. 10 2018, 585-595 ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version) url: http://www.ijpam.eu ijpam.eu Illustration of Random Forest and Naïve Bayes Algorithms on Indian
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationInternational Journal of Research in Advent Technology, Vol.7, No.3, March 2019 E-ISSN: Available online at
Performance Evaluation of Ensemble Method Based Outlier Detection Algorithm Priya. M 1, M. Karthikeyan 2 Department of Computer and Information Science, Annamalai University, Annamalai Nagar, Tamil Nadu,
More informationSecurity Audit What Why
What A systematic, measurable technical assessment of how the organization's security policy is employed at a specific site Physical configuration, environment, software, information handling processes,
More informationFacts about long term conditions. Our approach
Introduction my mhealth create digital solutions for the management of long term conditions. Evidence based, and highly secure, my mhealth provide a suite of solutions to manage patients with COPD, Asthma,
More informationKeywords- Classification algorithm, Hypertensive, K Nearest Neighbor, Naive Bayesian, Data normalization
GLOBAL JOURNAL OF ENGINEERING SCIENCE AND RESEARCHES APPLICATION OF CLASSIFICATION TECHNIQUES TO DETECT HYPERTENSIVE HEART DISEASE Tulasimala B. N* 1, Elakkiya S 2 & Keerthana N 3 *1 Assistant Professor,
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationU.S. TV and Internet Providers: Competing services for mobile consumers TV time. Market Study Second Quarter 2017
U.S. TV and Internet Providers: Competing services for mobile consumers TV time Market Study Second Quarter 2017 U.S. TV and Internet Providers: Competing services for mobile consumers TV time Market Study
More informationPerformance Evaluation of Various Classification Algorithms
Performance Evaluation of Various Classification Algorithms Shafali Deora Amritsar College of Engineering & Technology, Punjab Technical University -----------------------------------------------------------***----------------------------------------------------------
More informationOnapsis: The CISO Imperative Taking Control of SAP
Onapsis: The CISO Imperative Taking Control of SAP Cyberattacks @onapsis 2016 Key SAP Cyber-Security Trends Over 95% of the SAP systems we have assessed, were exposed to vulnerabilities that could lead
More informationData Breach Risk Scanning and Reporting
Data Breach Risk Scanning and Reporting 2017. SolarWinds. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationModelling Personalized Screening: a Step Forward on Risk Assessment Methods
Modelling Personalized Screening: a Step Forward on Risk Assessment Methods Validating Prediction Models Inmaculada Arostegui Universidad del País Vasco UPV/EHU Red de Investigación en Servicios de Salud
More informationThreat Centric Vulnerability Management
Threat Centric Vulnerability Management Solution Brief When it comes to vulnerability management, security leaders continue struggle to identify which of the thousands even millions of vulnerabilities
More informationAlde: Privacy Risk Analysis of Analytics Libraries in the Android Ecosystem
Alde: Privacy Risk Analysis of Analytics Libraries in the Android Ecosystem Xing Liu 1, Sencun Zhu 2,3, Wei Wang 1,, and Jiqiang Liu 1 1 School of Computer and Information Technology, Beijing Jiaotong
More informationPredicting Diabetes using Neural Networks and Randomized Optimization
Predicting Diabetes using Neural Networks and Randomized Optimization Kunal Sharma GTID: ksharma74 CS 4641 Machine Learning Abstract This paper analysis the following randomized optimization techniques
More informationRanking Vulnerability for Web Application based on Severity Ratings Analysis
Ranking Vulnerability for Web Application based on Severity Ratings Analysis Nitish Kumar #1, Kumar Rajnish #2 Anil Kumar #3 1,2,3 Department of Computer Science & Engineering, Birla Institute of Technology,
More informationCyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.
Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility
More informationApplication of Clustering as a Data Mining Tool in Bp systolic diastolic
Application of Clustering as a Data Mining Tool in Bp systolic diastolic Assist. Proffer Dr. Zeki S. Tywofik Department of Computer, Dijlah University College (DUC),Baghdad, Iraq. Assist. Lecture. Ali
More informationCoordinated Disclosure of Vulnerabilities in AVG Antivirus Free Android
Coordinated Disclosure of Vulnerabilities in AVG Antivirus Free Android 5.9.4.1 1 Executive summary Researchers of MRG Effitas tested the AVG AntiVirus Free Android application. During use, we came across
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationProtecting Health Information
Agenda Protecting Health Information BRONSON HEALTHCARE GROUP INFORMATION TECHNOLOGY SECURITY ENGINEERING MICHAEL SMITH Personal device usage with sensitive data Mobile devices and BYOD Secure messaging
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationRule Modeling Case Study Generic Diabetic Monitoring. Mike Parish
Rule Modeling Case Study Generic Diabetic Monitoring Mike Parish Contents Table of Figures... 3 Rule Modeling Case Study... 4 Step 1 Review and clarify the rule statements... 4 Step 2 Determine the Data
More informationSecOps : Security Operations. Saurav Sinha Head of Presales India
SecOps : Security Operations Saurav Sinha Head of Presales India 1 The World s Best and Most Innovative Companies Trust BMC #1 Ranked ITOM Vendor by Gartner for 3 consecutive years 300+ Patents $8B Investment
More information2017 Partners in Excellence Executive Overview, Targets, and Methodology
2017 Partners in Excellence Executive Overview, s, and Methodology Overview The Partners in Excellence program forms the basis for HealthPartners financial and public recognition for medical or specialty
More informationIntroducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.
Introducing MVISION Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls Jon Parkes McAfee 1 All information provided here is subject to non-disclosure
More informationAn Empirical Study of Web Resource Manipulation in Real-world Mobile Applications
An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications Xiaohan Zhang, Yuan Zhang, Qianqian Mo, Hao Xia, Zhemin Yang, Min Yang XiaoFeng Wang, Long Lu, and Haixin Duan Background
More informationPredicting Diabetes and Heart Disease Using Diagnostic Measurements and Supervised Learning Classification Models
Predicting Diabetes and Heart Disease Using Diagnostic Measurements and Supervised Learning Classification Models Kunal Sharma CS 4641 Machine Learning Abstract Supervised learning classification algorithms
More informationCoordinated Disclosure of Vulnerabilities in McAfee Security Android
Coordinated Disclosure of Vulnerabilities in McAfee Security Android 4.8.0.370 1 Executive summary Researchers of MRG Effitas tested the McAfee Security Android application. During use, we came across
More informationMOBILE DEFEND. Powering Robust Mobile Security Solutions
MOBILE DEFEND Powering Robust Mobile Security Solutions Table of Contents Introduction Trustlook SECURE ai Mobile Defend Who Uses SECURE ai Mobile Defend? How it Works o Mobile Device Risk Score o Mobile
More informationHIPAA Privacy & Security Training. Privacy and Security of Protected Health Information
HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security
More informationIBM Research - China
TIARA: A Visual Exploratory Text Analytic System Furu Wei +, Shixia Liu +, Yangqiu Song +, Shimei Pan #, Michelle X. Zhou*, Weihong Qian +, Lei Shi +, Li Tan + and Qiang Zhang + + IBM Research China, Beijing,
More informationEvaluating the Security of Your IT Network. Vulnerability Scanning & Network Map
Click to edit Master title style Evaluating the Security of Your IT Network Vulnerability Scanning & Network Map Kyle Stafford / M-CEITA 5/12/2017 1 1 Disclaimer This presentation was current at the time
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationWhitepaper. Endpoint Strategy: Debunking Myths about Isolation
Whitepaper Endpoint Strategy: Debunking Myths about Isolation May 2018 Endpoint Strategy: Debunking Myths about Isolation Endpoints are, and have always been, a major cyberattack vector. Attackers, aiming
More informationAnomaly Detection. You Chen
Anomaly Detection You Chen 1 Two questions: (1) What is Anomaly Detection? (2) What are Anomalies? Anomaly detection refers to the problem of finding patterns in data that do not conform to expected behavior
More informationDynamic Detection of Inter- Application Communication Vulnerabilities in Android. Daniel Barton
Dynamic Detection of Inter- Application Communication Vulnerabilities in Android Daniel Barton Authors/Paper Metadata Roee Hay IBM Security Omer Tripp IBM T.J. Watson Research Center Marco Pistoia IBM
More informationAgent Online Application User Guide
Agent Online Application User Guide Contact Phone Numbers: Agent Licensing & Supplies: 1-800-321-0102 Marketing Support: 1-866-644-3988 Claims, Underwriting, Cust. Svc., & Commissions: 1-855-664-5517 02/20/2015
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationAvoiding an Information Security Mismanagement Program through Fundamentals. Bill Curtis, SynerComm
Avoiding an Information Security Mismanagement Program through Fundamentals Bill Curtis, SynerComm Husband, father and grandfather 30+ years IT/IS: Army Allen Bradley/Rockwell Automation Bucyrus/Caterpillar
More informationUser Guide (Android)
Heart Foundation Walking App User Guide (Android) The Heart Foundation Walking app is a joint venture between the Australian Government and the National Heart Foundation Australia, looking to improve the
More informationSecuring the SMB Cloud Generation
Securing the SMB Cloud Generation Intelligent Protection Against the New Generation of Threats Colin Brackman, National Distribution Manager, Consumer Sales, Symantec Christopher Covert Principal Product
More informationSECURITY RISK METRICS: THE VIEW FROM THE TRENCHES. Alain Mayer CTO, RedSeal Systems
SECURITY RISK METRICS: THE VIEW FROM THE TRENCHES Alain Mayer CTO, RedSeal Systems Alain@RedSeal.net Security Defects Defects Vulnerabilities on applications, OS, embedded systems Un-approved applications
More informationPredictive malware response testing methodology. Contents. 1.0 Introduction. Methodology version 1.0; Created 17/01/2018
Predictive malware response testing methodology Methodology version 1.0; Created 17/01/2018 Contents Contents... 1 1.0 Introduction... 1 2.0 Test framework... 2 3.0 Threat selection and management... 3
More informationLibreHealth Electronic Health Record
1 of 10 LibreHealth Electronic Health Record The LibreHealth EHR log in page can be accessed using Google Chrome and other common browsers. LibreHealth EHR is an open source EHR which means the programming
More informationChrome Extension Security Architecture
Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline Chrome extension introduction Threats towards extension Chrome extension s security architecture
More informationCyber Risk and Networked Medical Devices
Cyber Risk and Networked Medical Devices Hot Topics Deloitte & Touche LLP February 2016 Copyright Scottsdale Institute 2016. All Rights Reserved. No part of this document may be reproduced or shared with
More informationON AUTOMATICALLY DETECTING SIMILAR ANDROID APPS. By Michelle Dowling
ON AUTOMATICALLY DETECTING SIMILAR ANDROID APPS By Michelle Dowling Motivation Searching for similar mobile apps is becoming increasingly important Looking for substitute apps Opportunistic code reuse
More informationMOBILE THREAT LANDSCAPE. February 2018
MOBILE THREAT LANDSCAPE February 2018 WHERE DO MOBILE THREATS COME FROM? In 2017, mobile applications have been a target of choice for hackers to access and steal data, with 86% of mobile threats coming
More informationMedical Device Vulnerability Management
Medical Device Vulnerability Management MDISS / NH-ISAC Process Draft Dale Nordenberg, MD June 2015 Market-based public health: collaborative acceleration Objectives Define a trusted and repeatable process
More informationRBS OpenEMR Multisite Setup Improper Access Restriction Remote Code Execution of 5
RBS-2017-001 OpenEMR Multisite Setup Improper Access Restriction Remote Code Execution 2018-03-22 1 of 5 Vendor / Product Information OpenEMR is a Free and Open Source electronic health records and medical
More information1. Study Registration. 2. Confirm Registration
USER MANUAL 1. Study Registration Diabetic patients are more susceptible to experiencing cardiovascular events, but this can be minimized with control of blood glucose levels and other risk factors (blood
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 12: Database Security Department of Computer Science and Engineering University at Buffalo 1 Review of Access Control Types We previously studied four types
More informationWhat is New in MyChart? My Medical Record Health Preferences Settings Appointments and Visits Visits Schedule an Appointment Update Information
What is New in MyChart? On August 26th, we will be upgrading and changing the look and feel to our MyChart patient portal site. We would like to make you aware of a few differences that you will see, when
More informationICTR UW Institute of Clinical and Translational Research. i2b2 User Guide. Version 1.0 Updated 9/11/2017
ICTR UW Institute of Clinical and Translational Research i2b2 User Guide Version 1.0 Updated 9/11/2017 Table of Contents Background/Search Criteria... 2 Accessing i2b2... 3 Navigating the Workbench...
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationText4baby: Launching an App! Harnessing the Power of Mobile for Maternal & Child Health in the U.S.
Text4baby: Launching an App! Harnessing the Power of Mobile for Maternal & Child Health in the U.S. Why Are We Launching An App? It s where moms are Smartphone penetration among target audience is much
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationOverview of Web Application Security and Setup
Overview of Web Application Security and Setup Section Overview Where to get assistance Assignment #1 Infrastructure Setup Web Security Overview Web Application Evaluation & Testing Application Security
More informationSimplified CVSS 2.0 for End User and Development team
International Journal of Latest Technology in Engineering & Management (IJLTEM) www.ijltem.com ISSN: 2456-1770 Simplified CVSS 2.0 for End User and Development team Vishal Ojha #1, Chetan Patil #2, Vishak
More informationMachine-Based Penetration Testing
Always in Control CyBot Suite Machine-Based Penetration Testing www.cronus-cyber.com - April 2016 CyBot PRODUCT SUITE Unique, patented Machine-based Penetration Testing Software with Global Attack Path
More informationUnderstanding the Changing Cybersecurity Problem
Understanding the Changing Cybersecurity Problem Keith Price BBus, MSc, CGEIT, CISM, CISSP Founder & Principal Consultant 1 About About me - Specialise in information security strategy, architecture, and
More informationSmart Grid Cybersecurity Exposure Analysis and Evaluation Framework
Smart Grid Cybersecurity Exposure Analysis and Evaluation Framework Authors: Adam Hahn, Manimaran Govindarasu Department of Electrical and Computer Engineering Iowa State University Presenter: Olamide
More informationEvery Picture Tells a Story: Generating Sentences from Images
Every Picture Tells a Story: Generating Sentences from Images Ali Farhadi, Mohsen Hejrati, Mohammad Amin Sadeghi, Peter Young, Cyrus Rashtchian, Julia Hockenmaier, David Forsyth University of Illinois
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationUsing Machine Learning to Identify Security Issues in Open-Source Libraries. Asankhaya Sharma Yaqin Zhou SourceClear
Using Machine Learning to Identify Security Issues in Open-Source Libraries Asankhaya Sharma Yaqin Zhou SourceClear Outline - Overview of problem space Unidentified security issues How Machine Learning
More informationASIC RG206 CPD PROGRAM
ASIC RG206 CPD PROGRAM FLEXIBLE FINANCIAL SERVICES This program meets the ASIC licence requirements for RG206. ACHIEVE YOUR ASIC LICENSING NEEDS WITH INDUSTRY EXPERTS. UNDERTAKE THIS ONLINE PROGRAM TO
More informationWIWE ios application User Guide
WIWE ios application User Guide v1.0 MEDICAL-SZOFIT KFT. Contents 1. Introduction 2. System requirements 3. Start 4. First use o Account registration o Discovering WIWE device, Bluetooth pairing o Settings
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationProvenance: Information for Shared Understanding
Provenance: Information for Shared Understanding M. David Allen June 2012 Approved for Public Release: 3/7/2012 Case 12-0965 Government Mandates Net-Centric Data Strategy mandate: Is the source, accuracy
More informationMEDICAL PROCESSING AND QUALIFCATION FOR APPOINTMENT
Medical Processing and Qualification: Pay close attention to all suspense deadlines indicated below. Your medical processing consists of two major parts: PART I The Department of Defense Medical Examination
More informationHuman Computer Interaction in Health Informatics: From Laboratory Usability Testing to Televaluation of Web-based Information Systems
Human Computer Interaction in Health Informatics: From Laboratory Usability Testing to Televaluation of Web-based Information Systems André W. Kushniruk, Ph.D. Arts Information Technology Program York
More informationSecuring and File Sharing in the Cloud
Securing Email and File Sharing in the Cloud Your Presenter Erick Simpson Vice President & CIO, SPC International Online A strategic IT business transformation specialist experienced in improving top and
More informationTale of a mobile application ruining the security of global solution because of a broken API design. SIGS Geneva 21/09/2016 Jérémy MATOS
Tale of a mobile application ruining the security of global solution because of a broken API design SIGS Geneva 21/09/2016 Jérémy MATOS whois securingapps Developer background Spent last 10 years working
More informationE-santé mentale: définitions, enjeux, expériences Paris, 13 Juin 2017
E-santé mentale: définitions, enjeux, expériences Paris, 13 Juin 2017 Questions éthiques en e-santé mentale Kyriaki G. Giota, Chercheuse en psychologie Université de Thessaly, Grèce Dr. Kyriaki Giota,
More informationPrescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC
Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet
More information