Security metrics for the Android ecosystem
| cam.issuedOnline | 2015-10-12 | |
| dc.contributor.author | Thomas, DR | |
| dc.contributor.author | Beresford, AR | |
| dc.contributor.author | Rice, A | |
| dc.contributor.orcid | Thomas, Daniel [0000-0001-8936-0683] | |
| dc.contributor.orcid | Beresford, Alastair R [0000-0003-0818-6535] | |
| dc.contributor.orcid | Rice, Andrew [0000-0002-4677-8032] | |
| dc.date.accessioned | 2018-09-07T21:24:54Z | |
| dc.date.available | 2018-09-07T21:24:54Z | |
| dc.date.issued | 2015-10-12 | |
| dc.description.abstract | © 2015 ACM. The security of Android depends on the timely delivery of updates to fix critical vulnerabilities. In this paper we map the complex network of players in the Android ecosystem who must collaborate to provide updates, and determine that inaction by some manufacturers and network operators means many handsets are vulnerable to critical vulnerabil- ities. We define the FUM security metric to rank the per- formance of device manufacturers and network operators, based on their provision of updates and exposure to critical vulnerabilities. Using a corpus of 20 400 devices we show that there is significant variability in the timely delivery of security updates across different device manufacturers and network operators. This provides a comparison point for purchasers and regulators to determine which device man- ufacturers and network operators provide security updates and which do not. We find that on average 87.7% of An- droid devices are exposed to at least one of 11 known critical vulnerabilities and, across the ecosystem as a whole, assign a FUM security score of 2.87 out of 10. In our data, Nexus devices do considerably better than average with a score of 5.17; and LG is the best manufacturer with a score of 3.97. | |
| dc.identifier.doi | 10.17863/CAM.27064 | |
| dc.identifier.isbn | 9781450338196 | |
| dc.identifier.uri | https://www.repository.cam.ac.uk/handle/1810/279693 | |
| dc.language.iso | eng | |
| dc.publisher | ACM | |
| dc.publisher.url | http://dx.doi.org/10.1145/2808117.2808118 | |
| dc.subject | 46 Information and Computing Sciences | |
| dc.subject | 4604 Cybersecurity and Privacy | |
| dc.title | Security metrics for the Android ecosystem | |
| dc.type | Conference Object | |
| prism.endingPage | 98 | |
| prism.publicationDate | 2015 | |
| prism.publicationName | SPSM 2015 - Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, co-located with: CCS 2015 | |
| prism.startingPage | 87 | |
| pubs.conference-name | 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, | |
| pubs.funder-project-id | Engineering and Physical Sciences Research Council (EP/M020320/1) | |
| pubs.funder-project-id | EPSRC (1453439) | |
| rioxxterms.licenseref.startdate | 2015-10-12 | |
| rioxxterms.licenseref.uri | http://www.rioxx.net/licenses/all-rights-reserved | |
| rioxxterms.type | Conference Paper/Proceeding/Abstract | |
| rioxxterms.version | AM | |
| rioxxterms.versionofrecord | 10.1145/2808117.2808118 |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- spsm-scoring.pdf
- Size:
- 672.63 KB
- Format:
- Adobe Portable Document Format
- Description:
- Accepted version
- Licence
- http://www.rioxx.net/licenses/all-rights-reserved
License bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- DepositLicenceAgreement.pdf
- Size:
- 417.78 KB
- Format:
- Adobe Portable Document Format