Chinese Journal of Network and Information Security ›› 2017, Vol. 3 ›› Issue (1): 68-78.doi: 10.11959/j.issn.2096-109x.2017.00132
• Academic paper • Previous Articles
Jiao LIANG1,Wu LIU1,Wei-li HAN1(),Xiao-yang WANG1,Si-yu GAN2,Shuo SHEN3
Revised:
2016-11-15
Online:
2017-01-15
Published:
2020-03-20
Supported by:
CLC Number:
Jiao LIANG,Wu LIU,Wei-li HAN,Xiao-yang WANG,Si-yu GAN,Shuo SHEN. Code security of mobile backup modules on the Android platform[J]. Chinese Journal of Network and Information Security, 2017, 3(1): 68-78.
[1] | BUYYA R , YEO S , VENUGOPAL S , et al. Cloud computing and emerging IT platforms: vision, hype, and reality for delivering computing as the 5th utility[J]. Future Generation Computer Sys-tems, 2009, 25 (6): 599-616. |
[2] | [EB/OL].. |
[3] | [EB/OL].. |
[4] | [EB/OL].. |
[5] | [EB/OL].. |
[6] | HAY R , PELES O . Remote exploitation of the dropbox SDK for Android[EB/OL]. . |
[7] | [EB/OL].. |
[8] | [EB/OL].. |
[9] | [EB/OL].. |
[10] | [EB/OL].. |
[11] | [EB/OL].. |
[12] | [EB/OL].. |
[13] | [EB/OL].. |
[14] | VLADIMIROVA T , BANU R , SWEETING M N , et al. On-board security services in small satellites[C]// IETF RFC. 2000. |
[15] | HARNIK D , PINKAS B , SHULMAN-PELEG A . Side channels in cloud services: deduplication in cloud storage[J]. IEEE Security&Privacy[C]. 2010, 8 (6): 40-47. |
[16] | RECORDON D , HARDT D . The OAuth 2.0 authorization frame-work[J]. Polymer, 2009, 50 (24): 5708-5712. |
[17] | GOLDBERG A , BUFF R , SCHMITT A . A comparison of HTTP and HTTPS performance[J]. Computer Measurement Group, 1998. |
[18] | SUN T , HAWKEY K , BEZNOSOV K . Systematically breaking and fixing OpenID security: formal analysis, semi-automated em-pirical evaluation, and practical countermeasures[J]. Computers&Security, 2012, 31 (4): 465-483. |
[19] | DURUMERIC Z , KASTEN J , ADRIAN D , et al. The Matter ofHeartbleed[C]// Conference on Internet Measurement, 2014: 475-488. |
[20] | 魏兴国 . HTTP 和 HTTPS 协议安全性分析[J]. 程序员, 2007 (7): 53-55. |
WEI X G , Security analysis of HTTP and HTTPS protocol[J]. The Programmer, 2007 (7): 53-55. | |
[21] | FAHL S , HARBACH M , MUDERS T , et al. Why eve and mallory love Android: an analysis of Android SSL (in)security[C]// ACM Conference on Computer and Communications Security. 2012: 50-61. |
[22] | FAHL S , HARBACH M , PERL H , et al. Rethinking SSL develop-ment in an appified world[C]// ACM Sigsac Conference on Com-puter&Communications Security. 2013: 49-60. |
[23] | PATIL M A V , KALE M N D . Survey on secure authorized de-duplication in hybrid cloud[J]. International Journal on Recent and Innovation Trends in Computing and Communication. 2014, 2 (11): 3574-3577. |
[24] | WANG X , YU H . How to break MD5 and other hash functions[C]// International Conference on Theory and Applications of Crypto-graphic Techniques. 2005: 561-561. |
[25] | PULLS T . (More) Side channels in cloud storage[M]// Privacy and Identity Management for Life. Berlin Heidelberg: Springer 2011: 102-115. |
[26] | BELLARE M , KEELVEEDHI S , RISTENPART T . DupLESS:server-aided encryption for deduplicated storage[C]// Usenix Con-ference on Security. 2013: 179-194. |
[27] | LIU J , ASOKAN N , PINKAS B . Secure deduplication of encrypted data without additional independent servers[C]// The 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 2015: 874-885. |
[28] | XU J , CHANG E C , ZHOU J . Weak leakage-resilient client-side deduplication of encrypted data in cloud storage[C]// The 8th ACM SIGSAC Symposium on Information, Computer and Communica-tions Security. 2013: 195-206. |
[29] | 张天琪 . OAuth 协议安全性研究[J]. 信息网络安全, 2013, (3): 68-70. |
ZHANG T Q , Study on OAuth protocol security[J]. Netinfo Secu-rity, 2013 (3): 68-70. | |
[30] | HAMMER-LAHAV E . Introducing oauth 2.0[J]. Hueniverse, 2010. |
[31] | PAI S , SHARMA Y , KUMAR S , et al. Formal verification of OAuth 2.0 using alloy framework[C]// The International Conference on Communication Systems and Network Technologies. 2011: 655-659. |
[32] | CHARI S , JUTLA C S , ROY A . Universally composable security analysis of OAuth v2.0.[J]. Iacr Cryptology Eprint Archive, 2011. |
[33] | SLACK Q , FROSTIG R . OAuth 2.0 implicit grant flow analysis using Murphi[J]. |
[34] | ALESSANDRI T , BESCHI D , CASCIARO S , et al. The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems[C]// ACM Conference on Computer and Communications Security. 2012: 378-390. |
[35] | MCGLOIN M , HUNT P , OAuth 2.0 Threat model and security considerations[J]. Internet Engineering Task Force (IETF) RFC, 2013: |
[36] | KIANI K . How to secure your oauth implementation[EB/OL]. KIANI K . How to secure your oauth implementation[EB/OL]. . |
[37] | WANG R , ZHOU Y , CHEN S , et al. Explicating SDKS: uncovering assumptions underlying secure authentication and authoriza-tion[C]// Presented as Part of the 22nd USENIX Security Sympo-sium. 2013: 399-314. |
[38] | CHEN E Y , PEI Y , CHEN S , et al. Oauth demystified for mobile application developers[C]// The 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM. 2014: 892-903. |
[39] | WANG H , ZHANG Y , LI J , et al. Vulnerability assessment of oauth implementations in android applications[C]// The 31st Annual Computer Security Applications Conference. ACM. 2015: 61-70. |
[40] | [EB/OL].. |
[41] | [EB/OL].. |
[42] | FERNANDES D A B , SOARES L F B , GOMES J V , et al. Security issues in cloud environments: a survey[J]. International Journal of Information Security, 2013, 13 (2): 113-170. |
[43] | SUBASHINI S , KAVITHA V . A survey on security issues in ser-vice delivery models of cloud computing[J]. Journal of Network&Computer Applications, 2011, 35 (1): 1-11. |
[44] | CHOW R , GOLLE P , JAKOBSSON M , et al. Controlling data in the cloud: outsourcing computation without outsourcing control[J]. ACM Workshop on Cloud Computing Security, 2009: 85-90. |
[45] | ATENIESE G , BURNS R , CURTMOLA R , et al. Provable data possession at untrusted stores[C]// ACM Conference on Computer and Communications Security. ACM, 2007: 598-609. |
[46] | JUELS A , KALISKI B S . Pors: proofs of retrievability for large files[C]// ACM Conference on Computer and Communications Se-curity. ACM, 2007: 584-597. |
[47] | BOWERS K D , JUELS A , OPREA A . Proofs of retrievability:theory and implementation[C]// ACM Cloud Computing Security Workshop 2009: 43-54. |
[48] | ATENIESE G , PIETRO R D , MANCINI L V , et al. Scalable and effi-cient provable data possession.[C]// The 4th International Conference on Security and Privacy in Communication Networks. 2008: 1-10. |
[49] | ERWAY C C , PAPAMANTHOU C , TAMASSIA R . Dynamic provable data possession[J]. ACM Transactions on Information&System Security. 2009, 17 (4): 213-222. |
[50] | QUINLAN S , DORWARD S . Venti: a new approach to archival storage[C]// The Conference on File and Storage Technologies. USENIX Association. 2002: 89-101. |
[51] | DOUCEUR J R , ADYA A , BOLOSKY W J , et al. Reclaiming space from duplicate files in a serverless distributed file system[C]// The International Conference on Distributed Computing Systems. 2002: 617-624. |
[52] | BELLARE M , KEELVEEDHI S . Interactive message-locked en-cryption and secure deduplication[M]// Public-Key Cryptography-PKC 2015. Berlin Heidelberg: Springer 2015: 516-538. |
[53] | MULAZZANI M , SCHRITTWIESER S , LEITHNER M , et al. Dark clouds on the horizon: using cloud storage as attack vector and online slack space[C]// USENIX Security. 2011: 5. |
[54] | [EB/OL].. |
[1] | Yilong WANG, Zhenyu LI, Daofu GONG, Fenlin LIU. Image double fragile watermarking algorithm based on block neighborhood [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 38-48. |
[2] | Renfeng CHEN, Hongbin ZHU. Research on credit card transaction security supervision based on PU learning [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 73-78. |
[3] | Guanyun FENG, Cai FU, Jianqiang LYU, Lansheng HAN. Insider threat detection based on operational attention and data augmentation [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 102-112. |
[4] | Genlin XIE, Guozhen CHENG, Yawen WANG, Qingfeng WANG. Software diversity evaluating method based on gadget feature analysis [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 161-173. |
[5] | Peng HOU, Zhixin LI, Fei ZHANG, Xu SUN, Dan CHEN, Yihao CUI, Hanbing ZHANG, Yinan JIN, Hongfeng CHAI. Technology and practice of intelligent governance for financial data security [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 174-187. |
[6] | Min XIAO, Faying MAO, Yonghong HUANG, Yunfei CAO. Anonymous trust management scheme of VANET based on attribute signature [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 33-45. |
[7] | Jianlong XU, Jian LIN, Yusen LI, Zhi XIONG. Distributed user privacy preserving adjustable personalized QoS prediction model for cloud services [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 70-80. |
[8] | Xunxun CHEN, Mingzhe LI, Ning LYU, Liang HUANG. Intrinsic assurance: a systematic approach towards extensible cybersecurity [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 92-102. |
[9] | Jiashuo SONG, Zhenzhen LI, Haiyang DING, Zichen LI. Efficient and fully simulated oblivious transfer protocol on elliptic curve [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 158-166. |
[10] | Fenghua LI, Hui LI, Ben NIU, Weidong QIU. Academic connotation and research trends of privacy computing [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 1-8. |
[11] | Fei TANG, Ning GAN, Xianggui YANG, Jinyang WANG. Anti malicious KGC certificateless signature scheme based on blockchain and domestic cryptographic SM9 [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 9-19. |
[12] | Xue BAI, Baodong QIN, Rui GUO, Dong ZHENG. Two-party cooperative blind signature based on SM2 [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 39-51. |
[13] | Jun LIU, Lin YUAN, Zhishang FENG. Survey of key management schemes for cluster networks [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 52-69. |
[14] | Min XIAO, Tao YAO, Yuanni LIU, Yonghong HUANG. Dynamic and efficient vehicular cloud management scheme with privacy protection [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 70-83. |
[15] | Jiaying LIN, Wenbo ZHOU, Weiming ZHANG, Nenghai YU. Lip forgery detection via spatial-frequency domain combination [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 146-155. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|