Privacy mode helps secure Android smartphones

ScienceDaily (13 month 2011) researchers at the University of North Carolina have developed software that helps prevent their personal information stolen by hackers smartphone Android.

"There are lots of concerns potential leaks of personal information from smartphones," says Dr. Xuxian Jiang, an Assistant Professor of computer science at NC State and co-author of paper describing the research. "We have developed software that creates a privacy mode for Android, give users a flexible control over what personal information is available for various applications." software application called privacy Smartphone steal information and Taming (TISSA).

TISSA works by creating a private Administrator setting that allows users to customize the level of information ????? access to all Smartphone application. These settings can be changed whenever the relevant applications that have been executed – not only when the applications are not installed.

The prototype of TISSA has four possible privacy settings for each application. These settings are trusted, Anonymized, Bogus, empty. If an application is trusted, TISSA does not impose restrictions on access to additional information. If the user chooses Anonymized, TISSA provides the application with a built-in information that allows the application to run, without providing access to detailed personal information. Artificial setting provides an application with fake results asking for personal information. An empty setting responds to requests of information by saying relevant information does not exist or is not available.

Jiang said it was easy to integrate TISSA change more settings to allow more fine-grained control of access to personal information. "These settings may be even more specialized for different types of information, such as a list of your contacts or position," said Jiang. "Settings can also be specialized for different applications."

For example, a user can install a weather application that requires location data to provide the user with the local weather forecast. Instead of telling the application exactly where is the user, can be programmed to TISSA was a built-in application data — such as random location within a 10-mile section of the user. This will allow an application to provide weather information, local weather, but will ensure that the application could not be used to track the movements of the user.

Researchers are now exploring how to make the software available for Android users. "Relatively minor software change," Jiang said, "and it can combine with the over-the-air update."

The paper, "Taming information-stealing applications Smartphone (bandroaid), was a surgeon by Jiang; Yajin Zhou 's, ph d student. On the NC State; Dr. Vincent Freeh, a Professor of computer science at NC State; And Dr. Zhang's Research Center, Xinwen of Huawei America. The paper will be presented at the Fourth International Conference, trusted computing, in Pittsburgh, finances and research supported by the National Science Foundation, NC State secure open systems initiative, which receives funding from the research of the United States Army.

Email or share this story:

---

The source of the story:

The above story is published (with writers adaptations by a teamdaily science) materials provided by University of North Carolina.

---

Note: If no source is cited, instead.

Disclaimer: hdioth in this article do not necessarily reflect those of his team or ScienceDaily.

Security and privacy issues in PDF

Facultad de Informática UPM researchersScienceDaily (Feb. 22, 2011) compiled information about security and privacy for authors or readers of PDF documents, the most popular format for publishing of digital documents.

This work by researchers from Facultad de Informática de Madrid Universidad Politécnica set of privacy threats security surveys related to a digital document. It handles information related to your publisher that he leaked after the document is sent over the Internet, as well as information related to the reader that can be downloaded each time they open for inspection. The work focuses primarily on the PDF document format is the most popular digital document publication.

Publishing digital documents on the Internet is a serious security and privacy threats to authors and readers. Previous research by scholars in the distributed systems laboratory of the Facultad de Informática of UPM is leaking information addressed in the FAQ of a Microsoft Office document. This study focuses on PDF format, which is the de facto standard for document exchange. Many institutions around the world have adopted PDF as a standard, their estimated that billions of PDF documents that are published or downloaded each day. The results of this research were baiomn of systems and software.

Published documents can contain additional data related to the author, such as user name, the location of the document's author, even parts of deleted documents before publication.

Some of this information, such as user name or the last day of the document was referred to as metadata, applications use the reader or editor to improve the user experience; However, they may cause privacy breaches, mainly because the authors are not aware of their discovery to publish the document. Other sensitive information leaked due to poor design of the document template. For example, whenever a paragraph of a document is deleted, the paragraph did not remove the PDF but rather than mark it as "invisible". In this way, the calling application did not imagine the text that was deleted when the document is opened for reading. Therefore deleted data is saved with the document, can be read by any malicious user who knows where to find it. UPM researchers developed several tools to extract information from PDF document readers that are inaccessible.

Information leakage prevention

There are cases where many popular publication document costs a lot more information than the publishers is to communicate. For example, the Coalition Provisional Authority of Iraq post the PDF on "event" Calipari Sgrena-May 2005. Black boxes were used to hide the names of some of the people involved in the incident, but all were discovered easily by copying the text from the original document into a text editor. Several companies and institutions have distributed instructions to avoid leaking information in documents released after the reported news about documents published on the Internet that contains sensitive information that was not supposed to be made public.

From the perspective of the reader, open a downloaded PDF document could expose sensitive information such as IP address of the user's computer, user name, potentially other information stored on the computer that is used to open the document. The reason for this is the interactive features of PDF applications. You can automatically run a number of actions, such as connecting to a Web site or read data from the disk each time a PDF is opened for reading. Ideally, you should warn the user of the risks of action taken, OK. This study emphasized that in many settings, particularly when you open a PDF inside a Web browser, are caused when performing actions without notice to the user or the agreement. Their work, researchers describe how UPM it will be possible to recall and information about all of the user who downloads the PDF reader.

Finally, the researchers believe that UPM PDF format is a medium powerful document conversion. The main purpose of their work is to make users aware of the risks that they face each time they publish a document on the Internet and to provide time guidelines effective to reduce the leakage of sensitive information.

Email or share this story:

---

The source of the story:

The above story is published (with writers adaptations by a teamdaily science) materials provided by Facultad de Informática de la Universidad Politécnica de Madrid.

---

A journal:

1. Aniello Castiglione, Alfredo de Santis, Claudio Soriente. Security and privacy as portable document format. Journal of systems and software, 2010; 83 (10): DOI: 10.1016/1813 j. jss. 2010.05 .062

Note: If no source is cited, instead.

Disclaimer: hdioth in this article do not necessarily reflect those of his team or ScienceDaily.

Security and privacy issues in PDF

UPM researchers Facultad de Informática ScienceDaily (22 February 2011) compile information about the security and privacy for authors or readers of PDF documents, the most popular format for publishing digital documents.

This work by researchers Facultad de Informática of the Universidad Politécnica de Madrid surveys security privacy threats related to digital document publication. It handles information related to publisher, it is revealed after the document is sent over the Internet, as well as information related to the reader may be downloaded every time they open for examination. The work focuses on primarily the PDF format is the most popular document format document for publishing a digital document.

Publishing digital documents on the Internet is a serious security and privacy threats to editors and readers. Previous research by scholars laboratory distributed systems of UPM Facultad de Informática discusses popular document formats information through Microsoft Office. This study focuses on PDF format, which is the de facto standard for exchanging a digital document. Many institutions around the world have adopted PDF as a standard, and have their has been estimated that billions of PDF documents are published, or downloaded every day. Results of this study were published in Journal of systems and software.

Published documents may include additional data related to the author, such as user name, placing the document on the connector computer and also deleted documents before publication.

Some of this information, such as user name or the last day of the Conference are called document meta-data, applications, use reader or editor to improve the user experience; However, they lead to privacy breaches, mainly because the authors are not aware of their discovery to publish the document. Other sensitive information was leaked due to poor design of the document template. For example, when a paragraph of document is deleted, the PDF will not remove the applications of the paragraph, but instead mark it as "invisible". In this way, the calling application did not imagine the deleted when the document is opened for reading. Hence the deleted data is saved with the document, can be read by any malicious user knows where to find it. UPM researchers developed several tools to extract information from PDF documents that are inaccessible to a regular document.

Preventing information loss

There are many popular events that publication of the document is far more information than game publishers is to communicate. For example, the temporary authority of coalition in Iraq publish PDF Sgrena incident in "Calipari" May 2005. Black boxes were used to hide the names of some of the people involved in the incident, but all were easily by copying the text from the original document into a text editor. A number of companies and institutions has distributed guidelines to prevent information loss in documents published after the media reporting news about documents published on the Internet containing sensitive information should not be made.

In terms of reader, open a downloaded PDF document can reveal sensitive information like the IP address of the user's computer, potentially username and any other information that is stored on the computer that is used to open the document. The reason for this is the interactive features of applications in PDF. You can run multiple actions at once, like to connect to the Web site or read data from disk automatically every time the PDF is opened for reading. Ideally, you should warn the user risks of photography, has requested the certificate. This study has many settings that, especially when you open a PDF document inside a Web browser, not caused to the user or the agreement without notice. Their work, researchers UPM vmtoda how do I retrieve and of information about each user who downloads and reads of the PDF.

Finally, the researchers believe the PDF template UPM is a powerful document exchange medium. The main purpose of their work is to make users aware of the risks that they face every time they publish a document on the Web to provide guidance effective to reduce the leakage of sensitive information.

Email or share this story:

---

Story source:

The story above printed (with adapting to editing by a team of the day-to-day science) materials provided by Facultad de Informática de la Universidad Politécnica de Madrid.

---

a journal:

1. Aniello Castiglione, Alfredo de Santis, Claudio Soriente. Security and privacy in Portable Document Format. Journal of systems and software, 2010; 83 (10): doai 1813: 10.1016/j. jss. .062 04 2010.

Note: you mentioned if not counting, the source is when instead.

Disclaimer: opinions in this article do not necessarily reflect those of its employees or ScienceDaily.