IEEE Transactions on Dependable and Secure Computing
IEEE Transactions on Dependable and Secure Computing (TDSC) is a bimonthly journal that publishes archival research results focusing on foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. Read the full scope of TDSC
IEEE Transactions on Dependable and Secure Computing (TDSC) has moved to the OnlinePlus publication model.
From the September/October 2015 issue
Towards Automated Risk Assessment and Mitigation of Mobile Applications
By Yiming Jing, Gail-Joon Ahn, Ziming Zhao, and Hongxin Hu
Mobile operating systems, such as Apple’s iOS and Google’s Android, have supported a ballooning market of feature-rich mobile applications. However, helping users understand and mitigate security risks of mobile applications is still an ongoing challenge. While recent work has developed various techniques to reveal suspicious behaviors of mobile applications, there exists little work to answer the following question: are those behaviors necessarily inappropriate? In this paper, we seek an approach to cope with such a challenge and present a continuous and automated risk assessment framework called RiskMon that uses machine-learned ranking to assess risks incurred by users’ mobile applications, especially Android applications. RiskMon combines users’ coarse expectations and runtime behaviors of trusted applications to generate a risk assessment baseline that captures appropriate behaviors of applications. With the baseline, RiskMon assigns a risk score on every access attempt on sensitive information and ranks applications by their cumulative risk scores. Furthermore, we demonstrate how RiskMon supports risk mitigation with automated permission revocation. We also discuss a proof-of-concept implementation of RiskMon as an extension of the Android mobile platform and provide both system evaluation and usability study of our methodology.
Editorials and Announcements
Call for Papers
- Special Issue on Social Networks Security
Submission Deadline: December 31, 2015
- Special Issue/Section: Emerging Embedded and Cyber Physical System Security Challenges and Innovations
Full Paper Regular Submission Due: February 1, 2016
- Open call for papers for TDSC
- The State of the Journal (March/April 2014)
- Editor's Note (May/June 2014)
- Editorial (January/February 2014)
- Editorial (January/February 2012)
Access recently published TDSC articles
Subscribe to the RSS feed of latest TDSC content added to the digital library.
Sign up for the Transactions Connection newsletter.
Swimming with Sharks: Security Roundtable