Secure Information Technology Center – Austria

Static Analysis of Windows Phone Applications

Kategorie: IT-Security

The objective of the project was to analyse a number of Windows Phone Apps on common security issues. It started with the manual analysis of selected applications. Soon it became evident that many of the analysis steps can be easily automated to save time. Another observation was that several applications suffer from similar security issues.
Weiter lesen…

Browser Plugin to interact with SkyTrust

Kategorie: IT-Security

Online services for data storage (e.g. Dropbox, Google Drive) provide no ability to encrypt stored data prior to the actual upload process. Desktop programs of third-party vendors are in principle capable of supplying this functionality. However, these applications are likely not available for specific (mobile) operating systems or fail to protect sensitive key material adequately. As a consequence, in this project a browser plugin for Google Chrome has been elaborated as a proof-of-concept which rewrites existing browser interfaces in order to insert a transparent encryption layer. Instead of relying on tertiary desktop applications, cryptographic operations are performed on a secure platform, named Skytrust, which also protects the used key material. The advantage of this apporach is that existing web applications require no adaptation in order to cryptographically protect a user’s data. Weiter lesen…

Platform Independent CMA System

Kategorie: Cloud Computing, IT-Security

Despite their continuously growing popularity, mobile end-user devices still suffer from limited computing resources. This complicates the use of complex mobile applications that require resource-intensive computations.
Recently, several frameworks have been developed that enable mobile applications to follow the cloud-based mobile augmentation (CMA) approach. This approach defines a strategy to dynamically outsource resource-intensive tasks to external resources. None of the existing frameworks focuses on cross-platform applicability and interoperability issues. It turns out that all of the existing frameworks are tailored to specific platforms and specific operating systems. Furthermore, security is not tackled at all by any of the frameworks.
Weiter lesen…