Smart phones combine the functionality of mobile phones and PDAs. These devices have become commonplace during the past few years, integrating multiple wireless networking technologies to support additional functionality and services. Unfortunately, the development of both devices and services has been driven by market demand, focusing on new features and neglecting security. Therefore, smart phones now face new security problems not found elsewhere. We address two particular problems related to the increased capabilities of smart phones.
The ﬁrst problem is related to the integration of multiple wireless interface. Here, an attack carried out through the wireless network interface may eventually provide access to the phone functionality.
This type of attack can cause considerable damage because some services charge the user based on the traﬃc or time of use. We have created a proof-of-concept attack to show the feasibility of such attacks.
To address these security issues, we have designed and implemented a solution based on resource labeling. Labels are used to track network service usage, and are transferred between processes and resources as a result of either access or execution. Experimental evaluation of our mechanism shows that it eﬀectively prevents such attacks.
The second problem is the security analysis of software components running on smart phones. The particular application analyzed is the client part of the Multimedia Messaging Service (MMS).
The security of these components is critical because they might have access to private information and, if compromised, could be leveraged to spread an MMS-based worm.
Vulnerability analysis of these components is made diﬃcult because they are closed-source and their testing has to be performed through the mobile phone network, making the testing time-consuming and costly.
File Type: PDF
File Size: 413 KB
Total Pages: 119
Direct Link Mega:
Direct Link AnonFiles:
Direct Link Mediafire:
Direct Link Solidfiles:
Direct Link Sabercathost:
Direct Link Tusfiles: