Security considerations related to the use of mobile devices in the operation of critical infrastructures

International Journal of Critical Infrastructure Protection

Volumn 7, Issue 4, 2014, Pages 247-256

  Armando, Alessandro ^a   Merlo, Alessio ^a   Verderame, Luca ^a  

^a UNIVERSITY OF GENOA   (Italy)

Author keywords

Android; Critical infrastructure; Cross layer interplay; Malware; Mobile devices; Security

Indexed keywords

ANDROID (OPERATING SYSTEM); CRITICAL INFRASTRUCTURES; MALWARE; MOBILE COMPUTING; NETWORK SECURITY; PUBLIC WORKS;

ANDROID; ANDROID APPLICATIONS; CROSS LAYER; SECURITY; SECURITY CONSIDERATIONS; SECURITY EVALUATION; SECURITY FRAMEWORKS; SECURITY MECHANISM;

MOBILE SECURITY;

EID: 84918840541     PISSN: 18745482     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijcip.2014.10.002     Document Type: Article

References (40)

1. Android Developers, Security Tips ().
2. J. Antony, B. Vijayan, S. Joy, G. Santhoshkumar, N. Chandran, Ubiquitous patient monitoring and smart alert generation in an intensive care unit supported by low cost tablet PC based automation system powered through open source software, in: Proceedings of the Global Humanitarian Technology Conference: South Asia Satellite, 2013, pp. 334-339.
3. Apple, App Store Review Guidelines, Cupertino, California (), 2013.
4. A. Armando, G. Costa, A. Merlo, Formal modeling and reasoning about the Android Security Framework, in: Proceedings of the Seventh International Symposium on Trustworthy Global Computing, 2012, pp. 64-81.
5. A. Armando, G. Costa A. Merlo, L. Verderame, Bring your own device, securely, in: Proceedings of the Twenty-Eighth ACM Symposium on Applied Computing, 2013, pp. 1852-1858.
6. A. Armando, A. Merlo, M. Migliardi, L. Verderame, Would you mind forking this process? A denial-of-service attack on Android (and some countermeasures), in: Proceedings of the Twenty-Seventh IFIP International Information Security and Privacy Conference, 2012, pp. 13-24.
7. A. Armando, A. Merlo, M. Migliardi, L. Verderame, Breaking and fixing the Android launching flow, Comput. Secur. 39(A) (2013) 104-115.
8. T. Blasing, L. Batyuk, A. Schmidt, S. Camtepe, S. Albayrak, An Android application sandbox system for suspicious software detection, in: Proceedings of the Fifth International Conference on Malicious and Unwanted Software, 2010, pp. 55-62.
9. P. Brady, Anatomy and physiology of an Android, Google I/O, 2008.
10. I. Burguera, U. Zurutuza, S. Nadjm-Therani, Crowdroid: behavior-based malware detection system for Android, in: Proceedings of the First ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, 2011, pp. 15-26.
11. A. Chaudhuri, Language-based security on Android, in: Proceedings of the Fourth ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, 2009, pp. 1-7.
12. E. Chin, A. Porter Felt, K. Greenwood, D. Wagner, Analyzing inter-application communication in Android, in: Proceedings of the Ninth International Conference on Mobile Systems, Applications and Services, 2011, pp. 239-252.
13. S. Choe, Computer networks in South Korea are paralyzed in cyberattacks, New York Times, March 20, 2013.
14. Citrix, IT Organizations Embrace Bring-Your-Own Devices, Fort Lauderdale, Florida, 2013.
15. L. Constantin, Kill timer found in Shamoon malware suggests possible connection to Saudi Aramco attack, Computerworld, August 23, 2012.
16. L. Davi, A. Dmitrienko, A. Sadeghi, M. Winandy, Privilege escalation attacks on Android, in: Proceedings of the Thirteenth International Conference on Information Security, 2011, pp. 346-360.
17. National Australia Bank hangs up on desk phones, trials BYOD, FierceMobileIT, September 27, 2013.
18. W. Enck, M. Ongtang and P. McDaniel, Understanding Android security, IEEE Secur. Priv. 7(1) (2009) 50-57.
19. Fielder, Tales from the darkside: Mobile malware brings down Korean banks, RSA Security Analytics, March 21, 2013.
20. F-Secure Labs, Mobile Threat Report, July-September 2013, Technical Report, Helsinki, Finland, 2013.
21. A. Fuchs, A. Chaudhuri, J. Foster, SCanDroid: Automated Security Certication of Android Applications, Technical Report, Department of Computer Science, University of Maryland, College Park, Maryland, 2009.
22. D. Gessner, J. Girao, G. Karame, W. Li, Towards a user-friendly security-enhancing BYOD solution, NEC Tech. J. 7(3) (2013) 113-116.
23. M. Hamblen, Haverhill, MA, Water treatment plant uses iPads to monitor systems, Computerworld, October 16, 2012.
24. A. Igarashi, B. Pierce, P. Wadler, Featherweight Java: a minimal core calculus for Java and GJ, ACM Trans. Program. Lang. Syst. 23(3) (2001) 396-450.
25. Y. Ishigaki, Y. Matsumoto, R. Ichimiya, K. Tanaka, Development of mobile radiation monitoring system utilizing smartphone and its field tests in Fukushima, IEEE Sensors J. 13(10) (2013) 3520-3526.
26. V. Koufi, F. Malamateniou, G. Vassilacopoulos, A. Prentza, An Android-enabled mobile framework for ubiquitous access to cloud emergency medical services, in: Proceedings of the Second Symposium on Network Cloud Computing and Applications, 2013, pp. 95-101.
27. H. Lockheimer, Android and security, Google Mobile Blog , February 2, 2012. http://googlemobile.blogspot.com/2012/02/android-and-security.html.
28. T. Luo, H. Hao, W. Du, Y. Wang, H. Yin, Attacks on WebView in the Android system, in: Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, 2011, pp. 343-352.
29. A. Mylonas, S. Dritsas, B. Tsoumas, D. Gritzalis, Smartphone security evaluation: the malware attack case, in: Proceedings of the International Conference on Security and Cryptography, 2011, pp. 25-36.
30. Y. Noh, H. Yamaguchi, U. Lee, P. Vij, J. Joy, M. Gerla, CLIPS: Infrastructure-free collaborative indoor positioning scheme for time-critical team operations, in: Proceedings of the IEEE International Conference on Pervasive Computing and Communications, 2013, pp. 172-178.
31. J. Oberheide, C. Miller, Dissecting the Android Bouncer, Presented at the SummerCon Conference, 2012.
32. K. Poulsen, Slammer worm crashed Ohio nuke plant network, SecurityFocus, August 19, 2003.
33. R. Schlegel, K. Zhang, X. Zhou, M. Intwala, A. Kapadia, X. Wang, Soundcomber: a stealthy and context-aware sound Trojan for smartphones, in: Proceedings of the Eighteenth Annual Network and Distributed System Security Symposium, 2011.
34. A. Schmidt, R. Bye, H. Schmidt, J. Clausen, O. Kiraz, K. Yuksel, S. Camtepe, S. Albayrak, Static analysis of executables for collaborative malware detection on Android, in: Proceedings of the IEEE International Conference on Communications, 2009, pp. 631-635.
35. A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, C. Glezer, Google Android: a comprehensive security assessment, IEEE Secur. Priv. 8(2) (2010) 35-44.
36. A. Stephane, Using STPA in the design of a nuclear power plant control room, Presented at the MIT STAMP/STPA Workshop, 2012.
37. G. Thomson, BYOD: enabling the chaos, Netw. Secur. 2012(2) (2012) 5-8.
38. T. Wang, K. Lu, L. Lu, S. Chung, W. Lee, Jekyll on iOS: when benign apps become evil, in: Proceedings of the Twenty-Second USENIX Security Symposium, 2013, pp. 559-572.
39. World Economic Forum, Global Risks 2013, eighth edition, Cologny/Geneva, Switzerland, 2013.
40. Y. Zhou, Z. Wang, W. Zhou, X. Jiang, Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets, in: Proceedings of the Nineteenth Annual Network and Distributed System Security Symposium, 2012.