| Author: | Wu, Guancen |
| Title: | Assessing the security of URL protection mechanisms in apps |
| Advisors: | Luo, Xiapu (COMP) |
| Degree: | M.Sc. |
| Year: | 2018 |
| Subject: | Hong Kong Polytechnic University -- Dissertations Mobile computing -- Security measures Application software -- Security measures |
| Department: | Department of Computing |
| Pages: | 71 pages : color illustrations |
| Language: | English |
| Abstract: | Since online-services are becoming increasingly aware of the security implications of Uniform Resource Locator (URL), more and more new technologies have been designed for URL protection in order to prevent server resource from malicious acquisition. Recently, these technologies have been used in mobile applications, however, little is known about their efficiencies because mobile applications pose a new challenge. In this work, we propose and develop a new framework, named URLTracer, for automatically assessing the security of URL protection mechanisms. The basic idea of URLTracer is to detect and locate the URL protection module in mobile apps and then assess its security based on the attack strategy that exploits the URL protection module in mobile apps to circumvent the URL protection mechanism at the server side. This framework has three components: 1) Packet Tracer module intercepts http packets and analyzes whether these packets include some URL protection modules or human-computer recognition modules by changing the parameters in HTTP header (e.g., request parameters, user agent, etc.) and comparing the responses to the changed packets and that to the original packets; 2) Function Explorer finds out URL parameters related functions according to recursive query of request string in smali file, and then it may save these functions; 3) Key Function Tracer locates the key function that creates the URL signature. The input of this component is the output of Function Explorer and its output is the function that creates the URL signature. By examining the results of URLTracer and the URL of real apps, we can find whether or not the URL protection mechanisms in apps have security risks. By applying the tool to inspecting the most popular top 100 apps in China market, we find that 27% of them have URL protection modules, and URLTracer show that 95% of them have security risks. |
| Rights: | All rights reserved |
| Access: | restricted access |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| 991022109836803411.pdf | For All Users (off-campus access for PolyU Staff & Students only) | 1.17 MB | Adobe PDF | View/Open |
Copyright Undertaking
As a bona fide Library user, I declare that:
- I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
- I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
- I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.
Please use this identifier to cite or link to this item:
https://theses.lib.polyu.edu.hk/handle/200/9404