TY - JOUR
T1 - A framework to determine applications' authenticity
AU - Naeem, Rida Zojaj
AU - Abbas, Haider
AU - Shafqat, Narmeen
AU - Saleem, Kashif
AU - Iqbal, Waseem
N1 - Publisher Copyright:
© 2019 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the Conference Program Chairs.
PY - 2019
Y1 - 2019
N2 - With the advancement in technology, the installation and usage of diverse applications and softwares on various Operating Systems (OS) have become a very common practice. Owing to technical flaws, misconfigurations, hidden vulnerabilities etc, these applications/ softwares are highly susceptible to cyber-attacks. The installation of such applications on critical systems may compromise the security of the systems as well as the resident data. Numerous standards and guidelines already exist that help determine the authenticity of software applications, but they are very specific to an OS or a single point of check. Furthermore, the tools, available in this regard, are used to target a very specific issue while others are not freely available. This research work, after the critical analysis of such frameworks and tools, proposes an integrated framework to check the application's authenticity before its installation. It covers the aspects of confidentiality, integrity, availability and authentication. This is a general framework for all kinds of organizations, but critical organizations with high security objectives specifically, may use this framework to increase their security. The framework has been applied and validated on data sets of six PDF readers, taken from "CVE Details".
AB - With the advancement in technology, the installation and usage of diverse applications and softwares on various Operating Systems (OS) have become a very common practice. Owing to technical flaws, misconfigurations, hidden vulnerabilities etc, these applications/ softwares are highly susceptible to cyber-attacks. The installation of such applications on critical systems may compromise the security of the systems as well as the resident data. Numerous standards and guidelines already exist that help determine the authenticity of software applications, but they are very specific to an OS or a single point of check. Furthermore, the tools, available in this regard, are used to target a very specific issue while others are not freely available. This research work, after the critical analysis of such frameworks and tools, proposes an integrated framework to check the application's authenticity before its installation. It covers the aspects of confidentiality, integrity, availability and authentication. This is a general framework for all kinds of organizations, but critical organizations with high security objectives specifically, may use this framework to increase their security. The framework has been applied and validated on data sets of six PDF readers, taken from "CVE Details".
KW - Applications' credibility
KW - Authenticity
KW - Cyber security
KW - Risk Analysis
KW - Vulnerability analysis
UR - http://www.scopus.com/inward/record.url?scp=85074716860&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85074716860&partnerID=8YFLogxK
U2 - 10.1016/j.procs.2019.08.038
DO - 10.1016/j.procs.2019.08.038
M3 - Conference article
AN - SCOPUS:85074716860
SN - 1877-0509
VL - 155
SP - 268
EP - 275
JO - Procedia Computer Science
JF - Procedia Computer Science
T2 - 16th International Conference on Mobile Systems and Pervasive Computing, MobiSPC 2019, 14th International Conference on Future Networks and Communications, FNC 2019, 9th International Conference on Sustainable Energy Information Technology, SEIT 2019
Y2 - 19 August 2019 through 21 August 2019
ER -