Mason Archival Repository Service

Development of a Secure Mobile GPS Tracking and Management System

Show simple item record

dc.contributor.advisor Chen, Jim X. Liu, Anyi
dc.creator Liu, Anyi 2011-12-09 2012-01-30T17:41:40Z NO_RESTRICTION en_US 2012-01-30T17:41:40Z 2012-01-30
dc.description.abstract With increasing demand of mobile devices and cloud computing, it becomes increasingly important to develop efficient mobile application and its secured backend, such as web applications and virtualization environment. This dissertation reports a systematic study of mobile application development and the security issues of its related backend. First, to standardize the software development of mobile application, we design an efficient mobile application that investigate the key issues of mobile application development, such as location tracking, embedded database management (EDBM), and wireless communication. Our application has been implemented and commercialized on Window Mobile smartphones. Second, to prevent SQL injection attacks (SQLIAs), we propose a black-box input validation approach, which harnesses the effectiveness of genetic and input validation algorithms to dynamically extract users' inputs and detect malicious SQL control queries. Compared to state-of-the-art protection approaches, our method does not require any code changes on either the client, the web-server, or the back-end database. To evaluate the overhead and the detection performance of our system, we have implemented the SQLProb and tested it by using benchmark SQL attacks. Our experimental results show that we can detect all known SQL injection attacks while maintaining very low resource utilization. Third, to protect user's private information from being exfiltrated to outside attacker, we propose a architectural solution to detect covert channels in real-time. Our intrusion detection system, namely Observer, runs a secure virtual machine that mimics the malicious virtual machine so that any differences between two virtual machines can be identified in real time. Unlike most existing signature or anomaly-based covert channel detection approaches, Observer does not require any legitimate data to build a normal behavior model. To evaluate Observer, we have run covert channels and detected them in real-time. Our experimental results demonstrate that Observer can detect most covert storage channels with a high detection rate and low latency and overhead. Lastly, to detect more advanced covert channel attacks, such as covert timing channels (CTCs), we design a novel metric that can quantitatively measure the difference between the timing patterns of normal and CTCs. The key challenge we are facing is to detect CTC online in a environment, where accurate time keeping might be affected by many dynamic conditions. Our wavelet-based metric can quantitatively measure the distance between the outbound networking flows of benign VMs and malicious VMs, which contains CTCs. In addition, this online approach reduces the whole procedure of modeling legitimate traffic while remains transparent to end-users. Our experimental result demonstrates a high detection and a low false positive rate in detecting different CTC attacks.
dc.language.iso en_US en_US
dc.subject Information Security en_US
dc.subject Mobile Application en_US
dc.subject Web Security en_US
dc.subject Intrusion Detection and Prevention en_US
dc.subject Real-Time Detection en_US
dc.subject Covert Channel en_US
dc.title Development of a Secure Mobile GPS Tracking and Management System en_US
dc.type Dissertation en PhD in Information Technology en_US Doctoral en Information Technology en George Mason University en

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search MARS


My Account