scholarly journals Information security evaluation for Android mobile operating system

2020 ◽  
Vol 7 (6) ◽  
pp. 44-55 ◽  
Author(s):  
Dmitriy A. Izergin ◽  
Mikhail A. Eremeev ◽  
Shamil G. Magomedov ◽  
Stanislav I. Smirnov
Keyword(s):  
Operating System ◽  
Information Systems ◽  
Information Security ◽  
Mobile Devices ◽  
Data Exchange ◽  
Security Evaluation ◽  
Steady Increase ◽  
Special Importance ◽  
Monitoring And Control ◽  
Static And Dynamic Analysis

One of the main directions of information systems development is to increase the efficiency of collecting, processing and exchanging information through the introduction of modern data transfer technologies, automated remote monitoring and control. The cornerstone of this concept is mobile devices that solve the issue of operational data exchange and processing. Modern mobile services used including the exchange and processing of personalized, banking and critical data are the result of the steady increase in the number of crimes in the field of information security in relation to and using mobile devices. The widespread use of these devices for access to protected information contained in information systems has given special importance to the issue of information security.The subject of this research is to assess the current state of information security mechanisms for mobile operating systems that form the basis of the structure of episodic distributed mobile networks. The Android OS (operating system) was used as an example. The article discusses the problems of the development of a mobile ecosystem and methods aimed at solving them, the main vectors of malicious impact, ways of countering the means of static and dynamic analysis and modern protection mechanisms.

scholarly journals PECULIARITIES OF INFORMATION SECURITY IN MOBILE DEVICES RUNNING THE ANDROID OPERATING SYSTEM

2019 ◽  
Vol 46 (2) ◽  
pp. 71-80
Author(s):  
Yu. M. Barkalov ◽  
A. D. Nesterov
Keyword(s):  
Operating System ◽  
Information Security ◽  
Mobile Devices ◽  
Formal Model ◽  
Minimum Cost ◽  
Sensitive Information ◽  
Malicious Software ◽  
Static And Dynamic Analysis ◽  
Android Operating System

Objectives The article presents a formal model of information security in mobile devices running the Android operating system, an example of detection and investigation of malicious software, as well as static and dynamic analysis of malicious software.Method To protect sensitive information on mobile devices, you can use software and organizational measures at the same time.Result The proposed formal model of information security and analysis of suspected malicious software will ensure the security of information in mobile devices, as well as reduce the risk of threats to an acceptable level at a minimum cost of the protection system. The presented algorithm of the application designed for illegal transfer of funds, as well as an example of the analysis of this application will allow the specialist to improve the quality of their professional tasks in the analysis of incidents in the field of information security.Conclusion Due to the fact that today there is no scientifically based method of detection and analysis of malicious software in the memory of mobile devices, the information provided in this article will help to improve the efficiency of information protection in mobile devices running the Android operating system. 

Importance of Information Security and Strategies to Prevent Data Breaches in Mobile Devices

2020 ◽  
pp. 215-225
Author(s):  
Maulik Desai ◽  
Swati Jaiswal
Keyword(s):  
Operating System ◽  
Information Security ◽  
Mobile Phone ◽  
Mobile Devices ◽  
Cell Phone ◽  
End User ◽  
Shoulder Surfing ◽  
A Cell ◽  
Encryption Algorithms ◽  
E Mail

Mobile devices have upgraded from normal java-based phones whose basic functionality was calling, messaging, and storing contact information to a more adaptive operating system like Symbian, iOS, and Android, which have smart features like e-mail, audio player, camera, etc. Gradually, everyone started relying more and more on these mobile devices. This led to an increase in the number of cell phone hackers. Common ways that a hacker gets access to your phone is via phishing, shoulder surfing, piggybacking, etc. There are countermeasures to this like bookmarking your most visited sites, using VPN, using encryption algorithms. Data theft and identity theft are a new concern for today's user; this chapter is to educate the end user of different ways in which their privacy can be invaded via a mobile phone. This chapter will help the researchers to know the mindset of a cell phone hacker and what are the potential damages that can be caused by them and strategies to prevent them.

Intellectual method of programs interactions visualization for information security audit of the operating system

2020 ◽  
Vol 4 ◽  
pp. 67-74
Author(s):  
Mikhail Buinevich ◽  
◽  
Gregory Ganov ◽  
Konstantin Izrailov ◽  
◽  
...  
Keyword(s):  
Artificial Intelligence ◽  
Operating System ◽  
Information Security ◽  
Data Exchange ◽  
Partial Solution ◽  
Security Audit ◽  
Huge Number ◽  
Exchange Processes ◽  
Full Automation

One of the tasks of information security audit is to monitor the processes of data exchange between operating system programs. A huge number of such files as well as the heterogeneity of exchange between them do not allow an expert to perform the task manually. Full automation of the process is difficult to implement due to the weak formalization of information about exchange processes and criteria for their insecurity. This paper proposes a partial solution to the problem by visualizing the interaction of programs for an expert — in the form of an appropriate method. The expediency of using artificial intelligence as one of the stages of the method is substantiated. The developed prototype of the tool is described and its basic testing is carried out.

scholarly journals SafeCandy: System for security, analysis and validation in Android

2015 ◽  
Vol 13 (35) ◽  
pp. 89-102 ◽  
Author(s):  
Sebastián Londoño ◽  
Christian Urcuqui ◽  
Manuel Fuentes Amaya ◽  
Johan Gómez ◽  
Andrés Navarro Cadavid
Keyword(s):  
Operating System ◽  
Mobile Devices ◽  
Security Analysis ◽  
Threat Detection ◽  
Malicious Software ◽  
Static And Dynamic Analysis ◽  
Security Controls ◽  
Android Applications ◽  
Google Play ◽  
New System

Android is an operating system which currently has over one billion active users for all their mobile devices, a market impact that is influencing an increase in the amount of information that can be obtained from different users, facts that have motivated the development of malicious software by cybercriminals. To solve the problems caused by malware, Android implements a different architecture and security controls, such as a unique user ID (UID) for each application, while an API permits its distribution platform, Google Play applications. It has been shown that there are ways to violate that protection, so the developer community has been developing alternatives aimed at improving the level of safety. This paper presents: the latest information on the various trends and security solutions for Android, and SafeCandy, an app proposed as a new system for analysis, validation and configuration of Android applications that implements static and dynamic analysis with improved ASEF. Finally, a study is included to evaluate the effectiveness in threat detection of different malware antivirus software for Android.

Analisis Manajemen Risiko Infrastruktur Dengan Metode NIST (National Institute of Standards and Technology) SP 800-30 (Studi Kasus : STMIK Rosma)

2021 ◽  
Vol 14 (1) ◽  
pp. 141-151
Author(s):  
Anggi Elanda ◽  
Robby Lintang Buana
Keyword(s):  
Operating System ◽  
Risk Assessment ◽  
Information Systems ◽  
Information Security ◽  
Human Resources ◽  
Programming Language ◽  
Academic Community ◽  
Security Vulnerabilities ◽  
Language Data ◽  
Program Software

Infrastructure is an important thing in an organization/company that is used to support activities carried out within the organization. Infrastructure that includes STMIK Rosma, including hardware, software, data, and information, and human resources that support information systems. Hardware resources include PCs that are used for clients with application program software. Windows 10 professional 32 and 64 bit as the operating system. While the software on the server uses Linux OS and PHP programming language. Data and information include infrastructure data, device data, server data and data on staff, students and lecturers at STMIK Rosma. So the need for the sustainability of this system is increasingly important. Problems that have existed in the STMIK Rosma infrastructure, such as those related to information security vulnerabilities. If this problem cannot be fixed in a sustainable manner, it will have an impact or risk on the sustainability of this infrastructure, especially the academic community. This study uses NIST SP 800-30 as the method used to solve these problems. Keywords: Information Security, NIST SP 800-30, Infrastructure, Risk Assessment

scholarly journals EVALUASI KEMANANAN SISTEM INFORMASI PASDEAL BERDASARKAN INDEKS KEAMANAN INFORMASI (KAMI) ISO/IEC 27001:2013

2021 ◽  
Vol 4 (2) ◽  
pp. 115-130
Author(s):  
Yahya Dwi Wijaya
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Electronic Commerce ◽  
Physical World ◽  
Security Evaluation ◽  
World Information ◽  
Iec 27001 ◽  
Iso 27001 ◽  
Reference Tool

Information systems are a valuable asset for business actors, one of which is engaged in e-commerce. Pasdeal is a credit distributor and server service that implements an e-commerce information system. The use of information systems in the field of sales or electronic commerce is considered efficient because it has become a platform for media and services and new and unique capabilities that are not found in the physical world. Information security factor is a very important aspect to consider considering the performance of ICT governance. For this reason, information systems need an information security evaluation in order to find out the gaps and deficiencies in information security in the information system. The KAMI index is a reference tool to evaluate the level of readiness of information system security in an organization. Evaluation is carried out on various areas that are the target of information security implementation based on the ISO/IEC 27001:2013 standard. Based on the results of the KAMI index assessment, it was found that Pasdeal got a score of 591 points from the application of the ISO 27001 standard with a pretty good predicate.

METHODS OF ENSURING THE SECURITY OF PERSONAL DATA IN MEDICAL INFORMATION SYSTEMS USING MOBILE TECHNOLOGIES

2020 ◽  
pp. 132-140
Author(s):  
Владимир Павлович Гулов ◽  
Виктор Анатольевич Хвостов ◽  
Алексей Васильевич Скрыпников ◽  
Владимир Петрович Косолапов ◽  
Галина Владимировна Сыч
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Mobile Devices ◽  
Medical Information ◽  
Personal Data ◽  
Mobile Systems ◽  
Mobile Technologies ◽  
Smart Devices ◽  
Medical Information Systems ◽  
Mobile Access

Проведен анализ использования мобильных технологий при обработке персональных данных в медицинских информационных системах. Мобильные технологии как объект обеспечения информационной безопасности характеризуются рядом критических уязвимостей, связанных с недостатками реализации мобильных устройств (смартфонов, планшетов, смарт устройств, различных периферийных устройств смартфонов и т.п.), технологий предоставления доступа к интернету для мобильных систем (используемые в сетях сотовой связи, беспроводного доступа) и серверной части медицинских информационных систем. В связи с обработкой в медицинских информационных системах с мобильными устройствами персональных данных специальной категории защита от угроз безопасности информации требует особого внимания и определена на законодательном уровне. В руководящих документах регуляторов обработки персональных данных России вопросы защиты информации при использовании мобильных технологий не рассматриваются в связи с новизной проблемы. В этой связи проблема обеспечения безопасности персональных данных в медицинских информационных системах с применением мобильных технологий является актуальной. В статье рассматриваются принципы построения мобильных приложений, используемых для работы с медицинскими информационными системами, и их серверных частей. На основе анализа актуальной модели угроз безопасности информации мобильных технологий и средств защиты информации, применяемых при использовании мобильных систем, предлагается система защиты для медицинских информационных систем, использующих мобильный доступ The analysis of the use of mobile technologies in the processing of personal data (PD) in medical information systems (MIS). Mobile technologies as an object of information security are characterized by a number of critical vulnerabilities associated with the implementation flaws of mobile devices (smartphones, tablets, smart devices, various peripheral devices of smartphones, etc.), technologies for providing Internet access for mobile systems (used in cellular networks, wireless access) and the server part of the MIS. In connection with the processing of personal data of a special category in MIS with mobile devices, protection against BI threats requires special attention and is defined at the legislative level. In the guidance documents of the regulators of the processing of personal data in Russia, the issues of information protection when using mobile technologies are not considered due to the novelty of the problem. In this regard, the problem of ensuring the security of PD in MIS using mobile technologies is urgent. The article discusses the principles of building mobile applications used to work with MIS and their server parts. Based on the analysis of the current threat model of information security mobile technologies and information security tools used when using mobile systems, a protection system for MIS using mobile access is proposed

Importance of Information Security and Strategies to Prevent Data Breaches in Mobile Devices

2021 ◽  
pp. 454-464
Author(s):  
Maulik Desai ◽  
Swati Jaiswal
Keyword(s):  
Operating System ◽  
Information Security ◽  
Mobile Phone ◽  
Mobile Devices ◽  
Cell Phone ◽  
End User ◽  
Shoulder Surfing ◽  
A Cell ◽  
Encryption Algorithms ◽  
E Mail

Mobile devices have upgraded from normal java-based phones whose basic functionality was calling, messaging, and storing contact information to a more adaptive operating system like Symbian, iOS, and Android, which have smart features like e-mail, audio player, camera, etc. Gradually, everyone started relying more and more on these mobile devices. This led to an increase in the number of cell phone hackers. Common ways that a hacker gets access to your phone is via phishing, shoulder surfing, piggybacking, etc. There are countermeasures to this like bookmarking your most visited sites, using VPN, using encryption algorithms. Data theft and identity theft are a new concern for today's user; this chapter is to educate the end user of different ways in which their privacy can be invaded via a mobile phone. This chapter will help the researchers to know the mindset of a cell phone hacker and what are the potential damages that can be caused by them and strategies to prevent them.

ANALYSIS OF THREATS TO INFORMATION SECURITY IN THE CONTEXT OF THE TRANSITION OF EMPLOYEES TO REMOTE OPERATION

2020 ◽  
Author(s):  
Вадим Георгиевич Ерышов ◽  
Никита Вадимович Ерышов
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Remote Operation ◽  
Mode Of Operation

В статье проведен анализ актуальных угроз информационной безопасности информационных систем, возникших при переходе сотрудников организаций на удаленный режим работы. The article analyzes the current threats to information security of information systems that occurred when employees of organizations switch to remote mode of operation.

Sign in / Sign up

Export Citation Format

Share Document