A risk assessment method for smartphones

Marianthi Theoharidou, Alexios Mylonas, Dimitris Gritzalis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

55 Citations (Scopus)


Smartphones are multi-purpose ubiquitous devices, which face both, smartphone-specific and typical security threats. This paper describes a method for risk assessment that is tailored for smartphones. The method does not treat this kind of device as a single entity. Instead, it identifies smartphone assets and provides a detailed list of specific applicable threats. For threats that use application permissions as the attack vector, risk triplets are facilitated. The triplets associate assets to threats and permission combinations. Then, risk is assessed as a combination of asset impact and threat likelihood. The method utilizes user input, with respect to impact valuation, coupled with statistics for threat likelihood calculation. Finally, the paper provides a case study, which demonstrates the risk assessment method in the Android platform.

Original languageEnglish
Title of host publicationInformation Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings
Number of pages14
Publication statusPublished - 2012
Event27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012 - Heraklion, Crete, Greece
Duration: 4 Jun 20126 Jun 2012

Publication series

NameIFIP Advances in Information and Communication Technology
Volume376 AICT
ISSN (Print)1868-4238


Conference27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012
CityHeraklion, Crete


  • Android
  • Risk Assessment
  • Security
  • Smartphone
  • Threat


Dive into the research topics of 'A risk assessment method for smartphones'. Together they form a unique fingerprint.

Cite this