Leakage Detection and Risk Assessment on Privacy for Android Applications: LRPAndroid





ABSTRACT


How to identify and manage information leakage of user privacy is a very crucial and sensitive topic for handheld mobile device manufacturers, telecommunication companies, and mobile device users. As the success of a financial fraud usually requires possessing a victim’s private information, new types of personal identity theft and private information acquirement attack are developed and deployed along with various Apps in order to steal personal private information from mobile device users. With more than 50% of smartphone market share, Android-based mobile phone vendors and Internet service providers have to face the new challenge on user privacy management. In this paper, we present a user privacy analysis framework for an Android platform called LRPdroid. The goals of LRPdroid are to achieve information leakage detection, user privacy disclosure evaluation, and privacy risk assessment for Apps installed on Android-based mobile devices. With a formally defined user privacy model, LRPdroid can effectively support mobile users to manage their own privacy risks on targeted Apps. In addition, new privacy analysis viewpoints such as user perception and leakage awareness are introduced in LRPdroid. Two general App usage scenarios are evaluated with our system prototype to show the feasibility and practicability of the LRPdroid framework on user privacy management




Proposed System
The contributions of this paper are summarized as follows.
1) We have surveyed and identified various solution weaknesses of existing user privacy protection systems or mechanisms for the Android platform. To manage user privacy, we proposed the border patrol concept. By monitoring user input operations and message transmission operations from running Apps, effective and efficient warning or detection mechanisms for user privacy risk can be constructed and developed quickly.
2) A user privacy analysis framework called LRPdroid is introduced to manage user privacy and customize the tolerance level of personal information leakage for each individual mobile user.
3) A privacy analysis model is presented to support the proposed LRPdroid framework. Using the information from App execution data flow, user perception setting and leakage awareness detection, three levels of privacy measure are designed, respectively: privacy risk assessment, privacy disclosure evaluation, and information leakage detection.
4) Five novel modules are implemented as an LRPdroid App service under the Android platform. To evaluate the proposed framework, two general App usage scenarios are applied.
We study data privacy in the context of information leakage. As more of our sensitive data gets exposed to merchants, health care providers, employers, social sites and so on, there is a higher chance that an adversary can “connect the dots” and piece together a lot of our information. The more complete the integrated information, the more our privacy is compromised. We present a model that captures this privacy loss (information leakage) relative to a target person, on a continuous scale from 0 (no information about the target is known by the adversary) to 1 (adversary knows everything about the target). The model takes into account the confidence the adversary has for the gathered information (leakage is less if the adversary is not confident), as well as incorrect information (leakage is less if the gathered information does not match the target’s). We compare our information leakage model with existing privacy models, and we propose several interesting problems that can be formulated with our model. We also propose efficient algorithms for computing information leakage and evaluate their performance and scalability.
In recent work we have developed a software reliability analysis technique [9] that uses a bounded symbolic execution to collect a set of symbolic paths over the analyzed programs. The path constraints associated with the paths are combined with given probabilistic usage profiles and analyzed using model counting techniques [1] to quantify the probability of reaching designated program states (e.g. successful termination or the opposite, failure states such as assert violations). In this work we adapt the reliability analysis to QIF by considering information leakage as the failure states and using model counting over the input constraints to quantify the likelihood of leakage assuming a uniform usage profile. Example. Figure 1 shows an example function that we use to illustrate QIF. It is a convention in the security literature to use the label L (“low”) to denote non-sensitive input, to use the label H (“high”) to denote sensitive private input, and to use the label O (“output”) to denote the output. A malicious user has access to the public data, L and O, and tries to infer the hidden secret, H, from that. Automating QIF analysis is a challenge. For example, to analyze the program above, in [16] and more recently [17], the authors manually transformed it into bit vector predicates. Other papers require users to have verification expertise to use an interactive theorem prover [12], or require user to write a driver following a template [10] or to instrument the program under test



1.1  Objectives

Here, when we use online purchase mean time how to secure our transaction details and card details.

1.2  System Specifications

Hardware Requirements:-
Ø Windows OS
Software Requirements: -
Operating System :   Windows OS
Front-End            :    HTML, CSS, and JS
Back-End             :    Angular JS, PHP, MYSQL
Tool                     :    Cordova







Android Projects 

codeshoppy.com
http://codeshoppy.com/android-ieee-projects-titles-2017-2018.html
Android Youtube Channel
arudhrainnovations.com

contact@codeshoppy.com
9790675343

Comments

Post a Comment

Popular posts from this blog

ecriminal Identification Using Face Recognition Based Mobile App

Abstract Criminals identification using face recognition based mobile app to search and identify criminal details. In the existing system finding the criminal and identify the background data is diffcuilt, which leads to time taking process and lack of accurcy. The proposed mobile applications contains criminal details such as name, case no, photo and etc. Police shall search using face recognition and other details easily through mobile. This research proposes an unobtrusive means of acquiring and recording shoeprints of anyone who enters the safe room. Existing System ·          It need employment as the human efforts. ·          In existing system works on manual process which is a time taking process and data organizing is not efficient.  Proposed System ·          The system allows automate management system. ·     ...
Read more

Bridge between Investor and Business people

Investment in India is a concept based on business purpose. In my project I will be providing     platform to the investors and also connecting the people with good business concepts. This in turn will evolve how much to invest and where to invest the money with good returns on investment. Here providing two forms - one for investors and another one for business people with contact details. There are situation when the people have excess funds they will try to park this amount in Banks or Gold.   Here, I am exploring the possibility of investing these excess funds directly to the business connecting the investor and the business persons.   I am developing the application which will connect the investor and the business people and vice-versa.   I will be charging for usage of my application from both the ends. The need for developing this project was to bridge the huge communicational gap between the business people and investors and also with no time...
Read more

Mobile App for Soil with suitable farming agent and distributor location

ABSTRACT The Soil Screening Guidance incorporates readily obtainable site data into simple, standardized equations to derive site-specific screening levels for selected contaminants and exposure pathways. Admin enter the soil detail and distributor details. User can view those soil details and distributor details. Admin collect all information about soil and distributor location also. 1.1   Objectives The objective of this project is user friendly app for people. Here attach all details about soil and distributor places. 1.2   System Specifications Hardware Requirements:- Ø Android OS Software Requirements: - Operating System :    Android OS Front-End             :     HTML, CSS, and JS Back-End              :     Angular JS, PHP, MYSQL Tool         ...
Read more