Full metadata record
DC FieldValueLanguage
dc.contributorDepartment of Computingen_US
dc.contributor.advisorLuo, Xiapu (COMP)-
dc.creatorWu, Guancen-
dc.identifier.urihttps://theses.lib.polyu.edu.hk/handle/200/9404-
dc.languageEnglishen_US
dc.publisherHong Kong Polytechnic University-
dc.rightsAll rights reserveden_US
dc.titleAssessing the security of URL protection mechanisms in appsen_US
dcterms.abstractSince online-services are becoming increasingly aware of the security implications of Uniform Resource Locator (URL), more and more new technologies have been designed for URL protection in order to prevent server resource from malicious acquisition. Recently, these technologies have been used in mobile applications, however, little is known about their efficiencies because mobile applications pose a new challenge. In this work, we propose and develop a new framework, named URLTracer, for automatically assessing the security of URL protection mechanisms. The basic idea of URLTracer is to detect and locate the URL protection module in mobile apps and then assess its security based on the attack strategy that exploits the URL protection module in mobile apps to circumvent the URL protection mechanism at the server side. This framework has three components: 1) Packet Tracer module intercepts http packets and analyzes whether these packets include some URL protection modules or human-computer recognition modules by changing the parameters in HTTP header (e.g., request parameters, user agent, etc.) and comparing the responses to the changed packets and that to the original packets; 2) Function Explorer finds out URL parameters related functions according to recursive query of request string in smali file, and then it may save these functions; 3) Key Function Tracer locates the key function that creates the URL signature. The input of this component is the output of Function Explorer and its output is the function that creates the URL signature. By examining the results of URLTracer and the URL of real apps, we can find whether or not the URL protection mechanisms in apps have security risks. By applying the tool to inspecting the most popular top 100 apps in China market, we find that 27% of them have URL protection modules, and URLTracer show that 95% of them have security risks.en_US
dcterms.extent71 pages : color illustrationsen_US
dcterms.isPartOfPolyU Electronic Thesesen_US
dcterms.issued2018en_US
dcterms.educationalLevelM.Sc.en_US
dcterms.educationalLevelAll Masteren_US
dcterms.LCSHHong Kong Polytechnic University -- Dissertationsen_US
dcterms.LCSHMobile computing -- Security measuresen_US
dcterms.LCSHApplication software -- Security measuresen_US
dcterms.accessRightsrestricted accessen_US

Files in This Item:
File Description SizeFormat 
991022109836803411.pdfFor All Users (off-campus access for PolyU Staff & Students only)1.17 MBAdobe PDFView/Open


Copyright Undertaking

As a bona fide Library user, I declare that:

  1. I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
  2. I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
  3. I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.

By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.

Show simple item record

Please use this identifier to cite or link to this item: https://theses.lib.polyu.edu.hk/handle/200/9404