A risk assessment method for smartphones

Marianthi Theoharidou; Alexios Mylonas; Dimitris Gritzalis

doi:10.1007/978-3-642-30436-1_36

A risk assessment method for smartphones

Marianthi Theoharidou, Alexios Mylonas, Dimitris Gritzalis

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

55 Citations (Scopus)

Abstract

Smartphones are multi-purpose ubiquitous devices, which face both, smartphone-specific and typical security threats. This paper describes a method for risk assessment that is tailored for smartphones. The method does not treat this kind of device as a single entity. Instead, it identifies smartphone assets and provides a detailed list of specific applicable threats. For threats that use application permissions as the attack vector, risk triplets are facilitated. The triplets associate assets to threats and permission combinations. Then, risk is assessed as a combination of asset impact and threat likelihood. The method utilizes user input, with respect to impact valuation, coupled with statistics for threat likelihood calculation. Finally, the paper provides a case study, which demonstrates the risk assessment method in the Android platform.

Original language	English
Title of host publication	Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings
Pages	443-456
Number of pages	14
DOIs	https://doi.org/10.1007/978-3-642-30436-1_36
Publication status	Published - 2012
Event	27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012 - Heraklion, Crete, Greece Duration: 4 Jun 2012 → 6 Jun 2012

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	376 AICT
ISSN (Print)	1868-4238

Conference

Conference	27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012
Country/Territory	Greece
City	Heraklion, Crete
Period	4/06/12 → 6/06/12

Keywords

Android
Risk Assessment
Security
Smartphone
Threat

Access to Document

10.1007/978-3-642-30436-1_36

Cite this

@inproceedings{abcce7b3449c45a2b5b62dcd5161d048,

title = "A risk assessment method for smartphones",

abstract = "Smartphones are multi-purpose ubiquitous devices, which face both, smartphone-specific and typical security threats. This paper describes a method for risk assessment that is tailored for smartphones. The method does not treat this kind of device as a single entity. Instead, it identifies smartphone assets and provides a detailed list of specific applicable threats. For threats that use application permissions as the attack vector, risk triplets are facilitated. The triplets associate assets to threats and permission combinations. Then, risk is assessed as a combination of asset impact and threat likelihood. The method utilizes user input, with respect to impact valuation, coupled with statistics for threat likelihood calculation. Finally, the paper provides a case study, which demonstrates the risk assessment method in the Android platform.",

keywords = "Android, Risk Assessment, Security, Smartphone, Threat",

author = "Marianthi Theoharidou and Alexios Mylonas and Dimitris Gritzalis",

year = "2012",

doi = "10.1007/978-3-642-30436-1_36",

language = "English",

isbn = "9783642304354",

series = "IFIP Advances in Information and Communication Technology",

pages = "443--456",

booktitle = "Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings",

note = "27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012 ; Conference date: 04-06-2012 Through 06-06-2012",

}

Theoharidou, M, Mylonas, A & Gritzalis, D 2012, A risk assessment method for smartphones. in Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings. IFIP Advances in Information and Communication Technology, vol. 376 AICT, pp. 443-456, 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, 4/06/12. https://doi.org/10.1007/978-3-642-30436-1_36

A risk assessment method for smartphones. / Theoharidou, Marianthi; Mylonas, Alexios; Gritzalis, Dimitris.
Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings. 2012. p. 443-456 (IFIP Advances in Information and Communication Technology; Vol. 376 AICT).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - A risk assessment method for smartphones

AU - Theoharidou, Marianthi

AU - Mylonas, Alexios

AU - Gritzalis, Dimitris

PY - 2012

Y1 - 2012

N2 - Smartphones are multi-purpose ubiquitous devices, which face both, smartphone-specific and typical security threats. This paper describes a method for risk assessment that is tailored for smartphones. The method does not treat this kind of device as a single entity. Instead, it identifies smartphone assets and provides a detailed list of specific applicable threats. For threats that use application permissions as the attack vector, risk triplets are facilitated. The triplets associate assets to threats and permission combinations. Then, risk is assessed as a combination of asset impact and threat likelihood. The method utilizes user input, with respect to impact valuation, coupled with statistics for threat likelihood calculation. Finally, the paper provides a case study, which demonstrates the risk assessment method in the Android platform.

AB - Smartphones are multi-purpose ubiquitous devices, which face both, smartphone-specific and typical security threats. This paper describes a method for risk assessment that is tailored for smartphones. The method does not treat this kind of device as a single entity. Instead, it identifies smartphone assets and provides a detailed list of specific applicable threats. For threats that use application permissions as the attack vector, risk triplets are facilitated. The triplets associate assets to threats and permission combinations. Then, risk is assessed as a combination of asset impact and threat likelihood. The method utilizes user input, with respect to impact valuation, coupled with statistics for threat likelihood calculation. Finally, the paper provides a case study, which demonstrates the risk assessment method in the Android platform.

KW - Android

KW - Risk Assessment

KW - Security

KW - Smartphone

KW - Threat

UR - http://www.scopus.com/inward/record.url?scp=84863927277&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-30436-1_36

DO - 10.1007/978-3-642-30436-1_36

M3 - Conference contribution

AN - SCOPUS:84863927277

SN - 9783642304354

T3 - IFIP Advances in Information and Communication Technology

SP - 443

EP - 456

BT - Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings

T2 - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012

Y2 - 4 June 2012 through 6 June 2012

ER -

A risk assessment method for smartphones

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this