A Risk Assessment Method for Smartphones - Information Security and Privacy Research
Conference Papers Year : 2012

A Risk Assessment Method for Smartphones

Abstract

Smartphones are multi-purpose ubiquitous devices, which face both, smartphone-specific and typical security threats. This paper describes a method for risk assessment that is tailored for smartphones. The method does not treat this kind of device as a single entity. Instead, it identifies smartphone assets and provides a detailed list of specific applicable threats. For threats that use application permissions as the attack vector, risk triplets are facilitated. The triplets associate assets to threats and permission combinations. Then, risk is assessed as a combination of asset impact and threat likelihood. The method utilizes user input, with respect to impact valuation, coupled with statistics for threat likelihood calculation. Finally, the paper provides a case study, which demonstrates the risk assessment method in the Android platform.
Fichier principal
Vignette du fichier
978-3-642-30436-1_36_Chapter.pdf (174.79 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01518232 , version 1 (04-05-2017)

Licence

Identifiers

Cite

Marianthi Theoharidou, Alexios Mylonas, Dimitris Gritzalis. A Risk Assessment Method for Smartphones. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. pp.443-456, ⟨10.1007/978-3-642-30436-1_36⟩. ⟨hal-01518232⟩
193 View
1905 Download

Altmetric

Share

More