Show simple item record

dc.contributor.advisorYue, Chuan
dc.contributor.authorZhao, Rui
dc.date.accessioned2017-01-19T21:59:16Z
dc.date.accessioned2022-02-03T12:55:44Z
dc.date.available2018-01-17T04:18:44Z
dc.date.available2022-02-03T12:55:44Z
dc.date.issued2016
dc.identifierT 8185
dc.identifier.urihttps://hdl.handle.net/11124/170631
dc.descriptionIncludes bibliographical references.
dc.description2016 Fall.
dc.description.abstractUsing different end-user applications on personal computers and mobile devices has become an integral part of our daily lives. For example, we use Web browsers and mobile applications to perform many important tasks such as Web browsing, banking, shopping, and bill-paying. However, due to the security vulnerabilities in many applications and also due to the lack of security knowledge or awareness of end users, users’ sensitive data may not be properly protected in those applications and can be leaked to attackers resulting in severe consequences such as identity theft, financial loss, and privacy leakage. Therefore, exploring potential vulnerabilities and protecting sensitive data in end-user applications are of great need and importance. In this dissertation, we explore the vulnerabilities in both end-user applications and end users. In terms of end-user applications, we focus on Web browsers, browser extensions, stand-alone applications, and mobile applications by manually or automatically exploring their vulnerabilities and by proposing new data protection mechanisms. Specifically, we (1) investigate vulnerabilities of the password managers in the five most popular Web browsers, (2) investigate vulnerabilities of two commercial browser extension and cloud based password managers, (3) propose a framework for automatic detection of information leakage vulnerabilities in browser extensions, (4) propose a secure cloud storage middleware for end-user applications, and (5) investigate cross-site input inference attacks on mobile Web users. In terms of end users, we focus on phishing attacks by investigating users’ susceptibility to both traditional phishing and Single Sign-On phishing. Specifically, we (6) explore the feasibility of creating extreme phishing attacks and evaluate the effectiveness of such phishing attacks. By conducting these research projects, we expect to advance the scientific and technological understanding on protecting users’ sensitive data in applications, and make users’ online experience more secure and enjoyable.
dc.format.mediumborn digital
dc.format.mediumdoctoral dissertations
dc.languageEnglish
dc.language.isoeng
dc.publisherColorado School of Mines. Arthur Lakes Library
dc.relation.ispartof2016 - Mines Theses & Dissertations
dc.rightsCopyright of the original work is retained by the author.
dc.subjectprotection
dc.subjectvulnerability
dc.subjectsecurity
dc.subjectapplications
dc.titleVulnerability exploration and data protection in end-user applications
dc.typeText
dc.contributor.committeememberZhang, Xiaoli
dc.contributor.committeememberHan, Qi
dc.contributor.committeememberMehta, Dinesh P.
dc.contributor.committeememberWang, Hua
dc.contributor.committeememberZhang, Hao
dcterms.embargo.terms2018-01-17
dcterms.embargo.expires2018-01-17
thesis.degree.nameDoctor of Philosophy (Ph.D.)
thesis.degree.levelDoctoral
thesis.degree.disciplineElectrical Engineering and Computer Science
thesis.degree.grantorColorado School of Mines
dc.rights.accessEmbargo Expires: 01/17/2018


Files in this item

Thumbnail
Name:
Zhao_mines_0052E_11161.pdf
Size:
6.538Mb
Format:
PDF

This item appears in the following Collection(s)

Show simple item record