Browse > Article
http://dx.doi.org/10.9717/kmms.2014.17.12.1494

Quantitative Risk Assessment in Major Smartphone Operating Systems in Asian Countries  

Joh, HyunChul (Dept. of Computer Eng., Kyungil University)
Publication Information
Journal of Korea Multimedia Society / v.17, no.12, 2014 , pp. 1494-1502 More about this Journal
Abstract
Since smartphones are utilized in the ranges from personal usages to governmental data exchanges, known but not patched vulnerabilities in smartphone operating systems are considered as major threats to the public. To minimize potential security breaches on smartphones, it is necessary to estimate possible security threats. So far, there have been numerous studies conducted to evaluate the security risks caused by mobile devices qualitatively, but there are few quantitative manners. For a large scale risk evaluation, a qualitative assessment is a never ending task. In this paper, we try to calculate relative risk levels triggered by software vulnerabilities from unsecured smartphone operating systems (Android and iOS) among 51 Asian countries. The proposed method combines widely accepted risk representation in both theory and industrial fields. When policy makers need to make a strategic decision on mobile security related agendas, they might find the presented approach useful.
Keywords
Smartphone Operating System; Software Security Vulnerability; Risk Assessment; Quantitative Analysis; Asia;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 T.M. Chen, "30th Anniversary of the PC and the Post-PC Era [Editor's Note]," IEEE Network, Vol. 25, No. 5, pp. 2-3, 2011.
2 T. Bajarin, Why Your Smartphone Will Be Your Next PC, http://techland.time.com/2013/02/25/why-your-smartphone-will-beyour-next-pc/ (accessed Jul., 7, 2014).
3 Portio Research Limited, Mobile Factbook, Portio Research Limited, http://www.portioresearch.com/media/3986/Portio%20 Research%20Mobile%20FactbooF%202013.pdf (accessed Jul., 7, 2014).
4 Sophos Ltd. Security Threat Report 2013, http://www.sophos.com/en-us/medialibrary/PDFs/other/sophossecuritythreatreport2013.pdf (accessed Jul., 7, 2014).
5 S. Farrell, "Why Didn't We Spot That?," IEEE Internet Computing, Vol. 14, No. 1, pp. 84-87, 2010.
6 H. Joh, Quantitative Analyses of Software Vulnerabilities, Doctor's Thesis of Colorado State University, 2011.
7 M.L. Polla, F. Martinelli, and D. Sgandurra, "A Survey on Security for Mobile Devices," IEEE Communications Surveys & Tutorials, Vol. 15, No. 1, pp. 446-471, 2013.   DOI
8 C.P. Pfleeger and S.L. Pfleeger, Security in Computing, 3rd ed. Prentice Hall PTR, Saddle River, New Jersey, 2003.
9 M. Theoharidou, A. Mylonas, and D. Gritzalis. "A Risk Assessment Method for Smartphones," Proceedings of the 27th Information Security and Research, IFIP Advances in Information and Communication Technology, pp. 428-440, 2012.
10 A. Mylonas, S. Dritsas, B. Tsoumas, and D. Gritzalis, "Smartphone Security Evaluation The Malware Attack Case," Proceedings of the 2011 International Conference on Security and Cryptography, pp. 25-36, 2011.
11 W. Jeon, J. Kim, Y. Lee, and D. Won, "A Practical Analysis of Smartphone Security," Proceedings of the 2011 International Conference on Human Interface and the Management of Information, pp. 311-320, 2011.
12 T. Cho, Y. Kim, S. Han, and S. Seo, "Potential Vulnerability Analysis of Mobile Banking Applications," Proceedings of the 2013 International Conference on ICT Convertgence, pp. 1114-1115, 2013.
13 M. Shahzad, M.Z. Shafiq, and A.X. Liu, "A Large Scale Exploratory Analysis of Software Vulnerability Life Cycles," Proceedings of the 34th International Conference on Software Engineering, pp. 771-781, 2012.
14 S. Frei, M. May, U. Fiedler, and B. Plattner, "Large-Scale Vulnerability Analysis," Proceedings of the 2006 SIGCOMM Workshop on Large-scale Attack Defense, pp. 131-138, 2006.
15 H. Joh and Y.K. Malaiya, "Defining and Assessing Quantitative Security Risk Measures Using Vulnerability Lifecycle and Cvss Metrics," Proceedings of the 2011 International Conference on Security and Management, pp. 10-16, 2011.
16 P. Mell, K. Scarfone, and S. Romanosky, CVSS: A complete Guide to the Common Vulnerability Scoring System Version 2.0, Forum of Incident Response and Security Teams, 2007.
17 Cisco Systems Inc., Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update 2013-2018. White Paper, 2014.
18 National Institute of Standards and Technology, Risk management guide for information technology systems, Special Publication 800-30, 2001.
19 L.A. Cox, "Some Limitations of "Risk = Threat x Vulnerability x Consequence" for Risk Analysis of Terrorist Attacks," Risk Analysis, Vol. 28, No. 6, pp. 1749-1761, 2008.   DOI
20 O.H. Alhazmi and Y.K. Malaiya, "Application of Vulnerability Discovery Models to Major Operating Systems," IEEE Transactions on Reliability, Vol. 57, No. 1, pp. 14-22, 2008.   DOI
21 A. Arora, R. Krishnan, R. Telang, and Y. Yang, "An Empirical Analysis of Software Vendors' Patch Release Behavior: Impact of Vulnerability Disclosure," Information Systems Research, Vol. 21, No. 1, pp. 115-132, 2010.   DOI
22 I. Mun and S. Oh, "Design and Implementation of A Weakness Analyzer for Mobile Applications," Journal of Korea Multimedia Society, Vol. 14, No. 10, pp. 1335-1347, 2011.   과학기술학회마을   DOI   ScienceOn