Showing 1–2 of 2 results for author: Petraityte, M

A Model for Android and iOS Applications Risk Calculation: CVSS Analysis and Enhancement Using Case-Control Studies

Authors: Milda Petraityte, Ali Dehghantanha, Gregory Epiphaniou

Abstract: Various researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and industry-wide standards are relying on CVSS score to evaluate cybersecurity compliance. This paper suggests several improvements to the calculation of Impact and Exp… ▽ More Various researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and industry-wide standards are relying on CVSS score to evaluate cybersecurity compliance. This paper suggests several improvements to the calculation of Impact and Exploitability sub-scores within the CVSS, improve its accuracy and help threat intelligence analysts to focus on the key risks associated with their assets. We will apply our suggested improvements against risks associated with several Android and iOS applications and discuss achieved improvements and advantages of our modelling, such as the importance and the impact of time on the overall CVSS score calculation. △ Less

Submitted 27 July, 2018; originally announced July 2018.

Comments: 19 Pages

Mobile Phone Forensics: An Investigative Framework based on User Impulsivity and Secure Collaboration Errors

Authors: Milda Petraityte, Ali Dehghantanha, Gregory Epiphaniou

Abstract: This paper uses a scenario-based role-play experiment based on the usage of QR codes to detect how mobile users respond to social engineering attacks conducted via mobile devices. The results of this experiment outline a guided mobile phone forensics investigation method which could facilitate the work of digital forensics investigators while analysing the data from mobile devices. The behavioural… ▽ More This paper uses a scenario-based role-play experiment based on the usage of QR codes to detect how mobile users respond to social engineering attacks conducted via mobile devices. The results of this experiment outline a guided mobile phone forensics investigation method which could facilitate the work of digital forensics investigators while analysing the data from mobile devices. The behavioural response of users could be impacted by several aspects, such as impulsivity, smartphone usage and security or simply awareness that QR codes could contain malware. The findings indicate that the impulsivity of users is one of the key areas that determine the common mistakes of mobile device users. As a result, an investigative framework for mobile phone forensics is proposed based on the impulsivity and common mistakes of mobile device users. As a result, an investigative framework for mobile phone forensics is proposed based on the impulsivity and common mistakes of mobile device users. It could help the forensics investigators by potentially shortening the time spent on investigation of possible breach scenarios. △ Less

Submitted 25 June, 2017; originally announced June 2017.

Journal ref: Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, Pages 79-89,Chapter 6, 2017