Thumbnail Image
Publication

Vulnerability exploration and data protection in end-user applications

Zhao, Rui
Citations
Altmetric:
Advisor
Yue, Chuan
Editor
Date
Date Issued
2016
Date Submitted
Keywords
protection
 vulnerability
 security
 applications
Collections
2010-2019 - Mines Theses & Dissertations
Show all metadata
Files
Thumbnail Image
Zhao_mines_0052E_11161.pdf
Adobe PDF6.54 MB
Research Projects
Organizational Units
Journal Issue
URI
https://hdl.handle.net/11124/170631
Embargo Expires
2018-01-17
Abstract
Using different end-user applications on personal computers and mobile devices has become an integral part of our daily lives. For example, we use Web browsers and mobile applications to perform many important tasks such as Web browsing, banking, shopping, and bill-paying. However, due to the security vulnerabilities in many applications and also due to the lack of security knowledge or awareness of end users, users’ sensitive data may not be properly protected in those applications and can be leaked to attackers resulting in severe consequences such as identity theft, financial loss, and privacy leakage. Therefore, exploring potential vulnerabilities and protecting sensitive data in end-user applications are of great need and importance. In this dissertation, we explore the vulnerabilities in both end-user applications and end users. In terms of end-user applications, we focus on Web browsers, browser extensions, stand-alone applications, and mobile applications by manually or automatically exploring their vulnerabilities and by proposing new data protection mechanisms. Specifically, we (1) investigate vulnerabilities of the password managers in the five most popular Web browsers, (2) investigate vulnerabilities of two commercial browser extension and cloud based password managers, (3) propose a framework for automatic detection of information leakage vulnerabilities in browser extensions, (4) propose a secure cloud storage middleware for end-user applications, and (5) investigate cross-site input inference attacks on mobile Web users. In terms of end users, we focus on phishing attacks by investigating users’ susceptibility to both traditional phishing and Single Sign-On phishing. Specifically, we (6) explore the feasibility of creating extreme phishing attacks and evaluate the effectiveness of such phishing attacks. By conducting these research projects, we expect to advance the scientific and technological understanding on protecting users’ sensitive data in applications, and make users’ online experience more secure and enjoyable.
Associated Publications
Rights
Copyright of the original work is retained by the author.
Embedded videos