Full metadata record
DC FieldValueLanguage
dc.contributor.authorWang, Pingen_US
dc.contributor.authorChao, Kuo-Mingen_US
dc.contributor.authorLo, Chi-Chunen_US
dc.contributor.authorLin, Wen-Huien_US
dc.contributor.authorLin, Hsiao-Chungen_US
dc.contributor.authorChao, Wun-Jieen_US
dc.date.accessioned2019-04-03T06:39:48Z-
dc.date.available2019-04-03T06:39:48Z-
dc.date.issued2016-08-01en_US
dc.identifier.issn1550-1329en_US
dc.identifier.urihttp://dx.doi.org/10.1177/1550147716662947en_US
dc.identifier.urihttp://hdl.handle.net/11536/134285-
dc.description.abstractNumerous security concerns exist in smart home systems in which Internet of Things devices are connected through a home network to enable control using a centralised gateway with a handset device from the Internet. Safeguarding personal information privacy is an increasing concern in smart living services. To guarantee the mobile security of smart living services, security managers use taint checking approaches with dynamic taint propagation analysis operations to examine how a software-defined networking app uses sensitive information and investigate suspicious security vulnerabilities of devices and the effects of the spread of taint propagation over the Internet by identifying taint paths. For solving the dynamic taint propagation analysis problem, most approaches focus on cloud computing applications (apps) with malware threat analysis that involves program vulnerability analyses, rather than on the risk posed by suspicious apps connected to the cloud computing server. Accordingly, this article proposes a taint propagation analysis model incorporating a weighted spanning tree analysis scheme for tracking data with taint marking using several taint checking tools with an open software-defined networking architecture for solving the dynamic taint propagation analysis problem. In the proposed model, Android programs perform dynamic taint propagation to analyse the spread of risks posed by suspicious apps connected to the centralised gateway in a smart home system. In probabilistic risk analysis, risk and defence capability are used for each taint path to assist a defender in recognising the attack results against network threats caused by malware infection and to estimate the losses of associated taint sources. A case of threat analysis of a typical cyber security attack is presented to demonstrate the proposed approach. A new approach was used for verifying the details of an attack sequence for malware infection by incorporating a finite state machine to appropriately represent the real dynamic taint propagation analysis situations at various configuration settings and safeguard deployment. The experimental results proved that the threat analysis model enables a defender to convert the spread of taint propagation to loss and estimate the risk of a specific threat using behavioural analysis associated with 60 families of real malware. Consequently, our scheme was significantly effective in predicting the risk and loss of tainted data propagation for security concerns in smart home systems when the number of taint paths associated with the propagation rules discovered through taint analysis was increased.en_US
dc.language.isoen_USen_US
dc.subjectMobile securityen_US
dc.subjecttaint checkingen_US
dc.subjectsoftware-defined networkingen_US
dc.subjectdynamic taint propagationen_US
dc.subjectsmart home systemen_US
dc.titleUsing malware for software-defined networking-based smart home security management through a taint checking approachen_US
dc.typeArticleen_US
dc.identifier.doi10.1177/1550147716662947en_US
dc.identifier.journalINTERNATIONAL JOURNAL OF DISTRIBUTED SENSOR NETWORKSen_US
dc.citation.volume12en_US
dc.citation.issue8en_US
dc.citation.spage0en_US
dc.citation.epage0en_US
dc.contributor.department資訊管理與財務金融系 註:原資管所+財金所zh_TW
dc.contributor.departmentDepartment of Information Management and Financeen_US
dc.identifier.wosnumberWOS:000383391000018en_US
dc.citation.woscount2en_US
Appears in Collections:Articles


Files in This Item:

  1. 377cc39681c152b0fa0404ea714521fc.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.