Browse > Article
http://dx.doi.org/10.7840/KICS.2012.37C.2.119

Security Verification Framework for e-GOV Mobile App  

Bang, Ji-Ho (홍익대학교 컴퓨터공학과 실시간시스템 연구실)
Ha, Rhan (홍익대학교 컴퓨터공학과 실시간시스템 연구실)
Kang, Pil-Yong (한국인터넷진흥원)
Kim, Hong-Geun (한국인터넷진흥원)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.37, no.2C, 2012 , pp. 119-131 More about this Journal
Abstract
Recently smart phones have been proliferating widely and quickly. Since the number of mobile apps that are being developed and deployed to domestic/international app stores is rising, more apps are being installed and deleted by users without any difficulty. The deployed apps are each attested through distinct verification framework of specific app stores. However, such verification frameworks are insufficient in checking security concerns. Unfortunately, the security verification framework is necessary since the incidents of leaking privacy and confidential information are being increased in lately. The aim of this paper is to provide the security verification framework that assures security and reliability of the e-government mobile apps. In order to verify proposed verification framework, a few apps were selected and inspected through proposed framework and these inspection results are included in this paper.
Keywords
Mobile App; App Store; Security Verification; Vulnerability;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 William Enck, Machigar Ongtang, and, Patrick McDaniel, "On lightweight mobile phone application certification", Proceedings of the 16th ACM conference on Computer and communications security, Nov. 2009
2 KT Olleh마켓, http://seller.ollehmarket.com
3 LGU+ OZ스토어, http://devpartner.lguplus.co.kr
4 SKT T스토어, http://dev.tstore.co.kr
5 애플 앱스토어, http://developer.apple.com
6 구글 안드로이드마켓, http://market.android.com
7 BSI, http://buidsecurityin.us-cert.gov
8 방송통신위원회, "위치정보의 보호 및 이용 등에 관한 법률(시행 2010.9.23)", 법률 제10166호, 2010
9 행정안전부, "개인정보 보호법(시행 2011.9.30)", 법률 제10465호, 2011
10 KISA, "모바일 운영체제 기반의 악성코드 대응 기법 연구", 2010
11 한국인터넷진흥원, "모바일 앱 보안성 검증 안내서", 행정안전부.한국인터넷진흥원, Aug. 2011
12 중앙일보, "스마트폰 앱 80만명 위치정보 빼가", Apr. 2011
13 허재두 등, "모바일 앱스토어 기술 동향", 전자통신동향분석, 제25권 제3호, pp.52-61, 2010   과학기술학회마을
14 Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steve Hanna, David Wagner, "A survey of mobile malware in the wild", Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, Oct. 2011
15 정보통신부, "공공부문 SW사업 발주.관리 표준 프로세스", 한국정보통신표준(KICS.KO-09.0038), 2007
16 ISO/IEC 15408:2009, "Common Criteria for Information Technology Security Evaluation Version 3.1"
17 행정안전부, "소프트웨어 개발보안 가이드", 발간등록번호(11-1311000-000330-10), 2011
18 J. Burns, "Developing Secure Mobile Applications for Android", iSEC Partners, 2008
19 W. Enck, M. Machigar, and P. McDaniel, "Understanding Android Security", IEEE Security & Privacy, pp.50-57, 2009
20 A. Shabtai, U. Kanonov, Y. Elovici, S. Dolev, and C. Glezer, "Google Android: A Comprehensive Security Assessment", IEEE Security & Privacy, pp.35-44, 2010
21 David Wetherall, Ben Greenstein, Seungyeop Han, Peter Hornyack, Jaeyeon Jung, Stuart Schechter, Xiao Wang, David Choffnes, "Privacy Revelations for Web and Mobile Apps", Proceedings of HotOS, May 2011
22 M. Egele, C. Kruegel, E. Kirda, and G. Vigna, "PiOS: Detecting Privacy Leaks in iOS Applications", NDSS, 2011
23 Peter Gilbert, Byung-Gon Chun, Landon Cox, and Jaeyeon Jung, "Vision: Automated Security Validation of Mobile Apps at App Markets", Proceedings of Workshop on ACM Mobile Cloud Computing & Services, June 2011