Mostrar el registro sencillo del ítem
Estudio de seguridad en dispositivos móviles con sistema operativo Android
dc.contributor.advisor | Gamba González, Yamid Gabriel | |
dc.contributor.author | Cardozo Beltrán, Cristian Fabián | |
dc.contributor.author | Celis Amaya, Jurgen Farid | |
dc.coverage.spatial | Bucaramanga (Santander, Colombia) | spa |
dc.date.accessioned | 2021-09-24T13:51:23Z | |
dc.date.available | 2021-09-24T13:51:23Z | |
dc.date.issued | 2021 | |
dc.identifier.uri | http://hdl.handle.net/20.500.12749/14400 | |
dc.description.abstract | En los últimos años el estilo de vida de las personas ha cambiado considerablemente con la llegada de los smartphones, ya que estos contienen una amplia gama de aplicaciones que facilitan múltiples tareas en el área laboral y en la vida cotidiana, permitiéndonos guardar información personal o de suma sensibilidad en ellos. Debido a la información que los Smartphones almacenan, se han convertido en un blanco atractivo para los atacantes, colocando en riesgo la disponibilidad, integridad y confidencialidad de esta, por ello se vuelve necesario plantear una serie de recomendaciones para prevenir incidentes de seguridad. En este proyecto se presenta una investigación, donde se presenta como resultado una serie de recomendaciones y pasos a seguir para evitar incidentes de seguridad en dispositivos móviles con sistema operativo Android. | spa |
dc.description.tableofcontents | RESUMEN EJECUTIVO ............................................................................................... 11 ABSTRAC ..................................................................................................................... 12 INTRODUCCIÓN .......................................................................................................... 13 1PLANTEAMIENTO DEL PROBLEMA ......................................................................... 14 ÁRBOL DE PROBLEMA .......................................................................................... 16 2JUSTIFICACIÓN ......................................................................................................... 19 3OBJETIVOS ................................................................................................................ 22 OBJETIVO GENERAL ............................................................................................. 22 OBJETIVOS ESPECÍFICOS .................................................................................... 22 4ANTECEDENTES ....................................................................................................... 23 5MARCO REFERENCIAL ............................................................................................. 24 MARCO CONCEPTUAL ........................................................................................... 24 MARCO TEORICO .................................................................................................. 25 5.2.1Arquitectura plataforma Android: ........................................................................... 25 5.2.2Sistema de seguridad en Sistema Operativo Android ........................................... 27 5.2.3Actualidad Malware móvil ...................................................................................... 31 6MARCO LEGAL .......................................................................................................... 34 Ley 1581 .................................................................................................................. 34 ISO 27002 ................................................................................................................ 34 MINTIC ..................................................................................................................... 34 ISO 31000 ................................................................................................................ 34 7ESTADO DEL ARTE ................................................................................................... 35 8METODOLOGÍA ......................................................................................................... 44 9CONTEXTO DE LA SEGURIDAD EN DISPOSITIVOS MÓVILES .............................. 47 CARACTERIZACIÓN DE LA SEGURIDAD EN ANDROID ...................................... 47 9.1.1Vulnerabilidades .................................................................................................... 47 9.1.2Amenazas ............................................................................................................. 50 9.1.3Riesgos ................................................................................................................. 51 9.1.4ncidentes ............................................................................................................... 52 10ESCENARIO DE PRUEBAS ..................................................................................... 54 DISEÑO ................................................................................................................. 54 VALIDACIÓN DE INCIDENTES ............................................................................. 55 10.2.1Phishing .............................................................................................................. 56 10.2.2Acces Point Falso ............................................................................................... 59 10.2.3Android Debug Bridge ......................................................................................... 62 10.2.4Keylogger ............................................................................................................ 66 10.2.5Ransomware ....................................................................................................... 68 11GUÍA DE RECOMENDACIONES ............................................................................. 72 Descripción ............................................................................................................ 72 Diseño .................................................................................................................... 72 Apartados ............................................................................................................... 72 Como está definida ................................................................................................ 73 Publico dirigido ....................................................................................................... 73 12CONCLUSIONES ..................................................................................................... 74 Objetivó 1 ............................................................................................................... 74 Objetivó 2 ............................................................................................................... 74 Objetivó 3 ............................................................................................................... 74 13RECOMENDACIONES PARA EL FUTURO ............................................................. 76 14REFERENCIAS ......................................................................................................... 77 | spa |
dc.format.mimetype | application/pdf | spa |
dc.language.iso | spa | spa |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/2.5/co/ | * |
dc.title | Estudio de seguridad en dispositivos móviles con sistema operativo Android | spa |
dc.title.translated | Security study on mobile devices with Android operating system | spa |
dc.degree.name | Ingeniero de Sistemas | spa |
dc.publisher.grantor | Universidad Autónoma de Bucaramanga UNAB | spa |
dc.rights.local | Abierto (Texto Completo) | spa |
dc.publisher.faculty | Facultad Ingeniería | spa |
dc.publisher.program | Pregrado Ingeniería de Sistemas | spa |
dc.description.degreelevel | Pregrado | spa |
dc.type.driver | info:eu-repo/semantics/bachelorThesis | |
dc.type.local | Trabajo de Grado | spa |
dc.type.coar | http://purl.org/coar/resource_type/c_7a1f | |
dc.subject.keywords | Systems engineer | spa |
dc.subject.keywords | Technological innovations | spa |
dc.subject.keywords | Malware | spa |
dc.subject.keywords | Mobile devices | spa |
dc.subject.keywords | Vulnerability | spa |
dc.subject.keywords | Mobile communication systems | spa |
dc.subject.keywords | Operating systems | spa |
dc.subject.keywords | Cell phone | spa |
dc.identifier.instname | instname:Universidad Autónoma de Bucaramanga - UNAB | spa |
dc.identifier.reponame | reponame:Repositorio Institucional UNAB | spa |
dc.type.hasversion | info:eu-repo/semantics/acceptedVersion | |
dc.rights.accessrights | info:eu-repo/semantics/openAccess | spa |
dc.relation.references | A. Solairaj, S. C. (2016). Keyloggers software detection techniques. 10th International Conference on Intelligent Systems and Control (ISCO) (págs. 1-3). Coimbatore: IEEE. | spa |
dc.relation.references | Ahmad, D. M. (2017). A novel approach to enhance the security of android based smart phones. International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS) (págs. 1-5). Coimbatore, India: IEEE | spa |
dc.relation.references | Alzaylaee MK, Y. S. (2019). DL-Droid: Deep learning based android malware detection using real devices. Elsevier Ltd, 3-5. | spa |
dc.relation.references | Andrea Atzeni, F. d. (2020). The Rise of Android Banking Trojans. IEEE Potentials, 1-2. | spa |
dc.relation.references | Andrew Feutrill, D. R. (2018). The Effect of Common Vulnerability Scoring System Metrics on Vulnerability Exploit Delay. Sixth International Symposium on Computing and Networking (CANDAR) (págs. 1-3). Takayama: IEE. | spa |
dc.relation.references | Android . (25 de Septiembre de 2020). developer.android.com. Obtenido de developer.android.com: https://developer.android.com/studio/command-line/adb?hl=es-419 | spa |
dc.relation.references | Android . (17 de Septiembre de 2020). developer.android.com. Obtenido de developer.android.com: https://developer.android.com/studio/debug/dev-options?hl=es-419 | spa |
dc.relation.references | Android. (27 de Diciembre de 2019). developer.android. Obtenido de developer.android: https://developer.android.com/guide/topics/manifest/permission-element#plevel | spa |
dc.relation.references | Android. (27 de Diciembre de 2019). developer.android. Obtenido de developer.android: https://developer.android.com/guide/topics/manifest/uses-permission-element | spa |
dc.relation.references | Android. (5 de Mayo de 2020). android developers. Obtenido de android developers: https://developer.android.com/guide/platform?hl=es-419#api-framework | spa |
dc.relation.references | Android. (9 de Septiembre de 2020). android source. Obtenido de android source: https://source.android.com/security/overview/kernel-security.html?hl=es-419 | spa |
dc.relation.references | Android. (9 de Septiembre de 2020). android source. Obtenido de android source : https://source.android.com/security/app-sandbox | spa |
dc.relation.references | Android. (7 de Mayo de 2020). developer.android. Obtenido de devel | spa |
dc.relation.references | Android. (1 de Mayo de 2020). developer.android. Obtenido de developer.android: https://developer.android.com/guide/topics/manifest/manifest-intro.html | spa |
dc.relation.references | Android. (6 de Enero de 2020). source.android. Obtenido de source.android: https://source.android.com/security/app-sandbox | spa |
dc.relation.references | Android. (1 de Septiembre de 2020). source.android.com. Obtenido de source.android.com: https://source.android.com/security/overview/kernel-security.html?hl=es-419 | spa |
dc.relation.references | Android. (13 de Octubre de 2020). source.android.com. Obtenido de source.android.com: https://source.android.com/devices/tech/dalvik/index.html?hl=es-419 | spa |
dc.relation.references | Anirban Sarkar, A. G. (30 de Mayo de 2019). Android Application Development: A Brief Overview of Android Platforms and Evolution of Security Systems. Third International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC) (págs. 1-2). Palladam: IEE. Obtenido de statista.com: https://www.statista.com/topics/876/android/#dossierSummary__chapter2 | spa |
dc.relation.references | apwg.org. (2020). Obtenido de apwg.org: https://apwg.org/trendsreports/ | spa |
dc.relation.references | Aziz Makandar, A. P. (2017). Malware class recognition using image processing techniques. International Conference on Data Management, Analytics and Innovation (ICDMAI) (págs. 1-2). Pune: IEE. Obtenido de malwarebytes.com: https://es.malwarebytes.com/malware/ | spa |
dc.relation.references | Bilić, D. G. (8 de Enero de 2020). welivesecurity. Obtenido de welivesecurity: https://www.welivesecurity.com/la-es/2020/01/08/descienden-detecciones-malware-android-crecenios/ | spa |
dc.relation.references | Chetan Kotkar, P. G. (2015). Prevention mechanism for prohibiting SMS malware attack on android smartphone. Annual IEEE India Conference (INDICON) (págs. 1-2). New Delhi: IEE. | spa |
dc.relation.references | ESET . (16 de Julio de 2014). welivesecurity.com. Obtenido de welivesecurity.com: https://www.welivesecurity.com/la-es/2014/07/16/riesgos-seguridad-android-ademas-malware/ | spa |
dc.relation.references | Huda M. Salih, M. S. (2020). Spyware Injection in Android using Fake Application. International Conference on Computer Science and Software Engineering (CSASE) (págs. 1-1). Duhok: IEE | spa |
dc.relation.references | incibe. (11 de 04 de 2014). www.incibe.es. Obtenido de www.incibe.es: https://www.osi.es/es/actualidad/blog/2014/04/11/aprendiendo-identificar-los-10-phishing-masutilizados-por-ciberdelincuen | spa |
dc.relation.references | INCIBE. (20 de Marzo de 2017). incibe.es. Obtenido de incibe.es: https://www.incibe.es/protege-tuempresa/blog/amenaza-vs-vulnerabilidad-sabes-se-diferencian | spa |
dc.relation.references | Iqbal Shahid, Y. A. (2018). Android (Nougats) security issues and solutions. IEEE International Conference on Applied System Invention (ICASI) (págs. 2-4). Chiba, Japan: IEEE. | spa |
dc.relation.references | ISO. (2013). iso.org. Obtenido de iso.org: https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:ed-2:v1:en | spa |
dc.relation.references | ISO. (2018). iso.org. Obtenido de iso.org: https://www.iso.org/obp/ui#iso:std:iso:31000:ed-2:v1:es | spa |
dc.relation.references | ISO. (2018). normaiso27001. Obtenido de normaiso27001: https://normaiso27001.es/referenciasnormativas-iso-27000/#def377 | spa |
dc.relation.references | Joseph Yisa Ndagi, J. K. (2019). Machine Learning Classification Algorithms for Adware in Android Devices: A Comparative Evaluation and Analysis. 15th International Conference on Electronics, Computer and Computation (ICECCO) (págs. 1-1). Abuja: IEE | spa |
dc.relation.references | Ju-Seong Ko, J.-S. J.-H.-K. (2019). Real Time Android Ransomware Detection by Analyzed Android Applications. nternational Conference on Electronics, Information, and Communication (ICEIC) (págs. 1-3). Auckland: IEE. | spa |
dc.relation.references | kaspersky. (9 de Abril de 2013). kaspersky.com. Obtenido de kaspersky.com: https://latam.kaspersky.com/blog/que-es-un-keylogger2/453/#:~:text=Un%20keylogger%20es%20un%20software,que%20el%20usuario%20lo%20note. | spa |
dc.relation.references | Kaspersky. (23 de 10 de 2018). Kaspersky.com. Obtenido de Kaspersky.com: https://www.kaspersky.es/blog/mobile-malware-part-4/17232/ | spa |
dc.relation.references | kaspersky. (4 de 4 de 2019). kaspersky.com. Obtenido de kaspersky.com: https://www.kaspersky.es/blog/stalkerware-spouseware/18179/ | spa |
dc.relation.references | kaspersky. (2020). kaspersky. Obtenido de kaspersky: https://www.kaspersky.es/resourcecenter/threats/mobile | spa |
dc.relation.references | kaspersky. (s.f.). kaspersky.com. Obtenido de kaspersky.com: https://www.kaspersky.es/resourcecenter/threats/data-theft | spa |
dc.relation.references | kaspersky. (s.f.). kaspersky.com. Obtenido de kaspersky.com: https://latam.kaspersky.com/resourcecenter/threats/implementation-techniques | spa |
dc.relation.references | kaspersky. (s.f.). kaspersky.com. Obtenido de kaspersky.com: https://latam.kaspersky.com/resourcecenter/definitions/what-is-ransomware | spa |
dc.relation.references | Katharina Krombholz, H. H. (2014). Advanced social engineering attacks. Journal of Information Security and Applications, 1-5. | spa |
dc.relation.references | Khandelwal Ankita, M. A. (2015). An insight into the security issues and their solutions for android phones. 2nd International Conference on Computing for Sustainable Global Development (INDIACom) (págs. 1-4). New Delhi, India: IEEE | spa |
dc.relation.references | Kuo Fong Kao, W. C. (2014). An Accurate Fake Access Point Detection Method Based on Deviation of Beacon Time Interval. International Conference on Software Security and Reliability-Companion (págs. 1-2). San Francisco: IEE | spa |
dc.relation.references | MINTIC. (2012). mintic.gov.co. Obtenido de mintic.gov.co: https://www.mintic.gov.co/portal/604/articles4274_documento.pdf | spa |
dc.relation.references | MINTIC. (2020). mintic.gov. Obtenido de mintic.gov: https://mintic.gov.co/portal/604/articles126556_Lineamientos_TIC_planes_desarrollo.pdf | spa |
dc.relation.references | Mohammad Wazid, A. K. (2013). A framework for detection and prevention of novel keylogger spyware attacks. International Conference on Intelligent Systems and Control (ISCO) (págs. 1-4). Coimbatore: IEE. | spa |
dc.relation.references | Mohammad Wazid, S. Z. (2019). Mobile Banking: Evolution and Threats: Malware Threats and Security Solutions. IEEE Consumer Electronics Magazine, 1-3 | spa |
dc.relation.references | Mojtaba Bagherzadeh, N. K.-P. (2 de Febrero de 2018). [Journal First] Analyzing a Decade of Linux System Calls. IEEE/ACM 40th International Conference on Software Engineering (ICSE) (págs. 1-1). Gothenburg: IEE. Obtenido de https://www.elmundo.es/economia/2017/02/07/5899f8e0e5fdea28738b4668.html | spa |
dc.relation.references | Nour Abura'ed, H. O. (2014). Mobile phishing attack for Android platform. 10th International Conference on Innovations in Information Technology (IIT) (págs. 1-3). Al Ain: IEEE | spa |
dc.relation.references | Nour Abura'ed, H. O. (2014). Mobile Phishing Attack for Android Platform. 2014 10th International Conference on Innovations in Information Technology (IIT) (págs. 1-3). Al Ain, Emiratos Árabes Unidos: IEEE Xplore. | spa |
dc.relation.references | Santos, J. C. (2011). Seguridad informatica. Bogota: Ediciones de la U. | spa |
dc.relation.references | Satish Kandukuru, R. M. (2017). Android malicious application detection using permission vector and network traffic analysis. 2nd International Conference for Convergence in Technology (I2CT) (págs. 1-6). Mumbai: IEEE | spa |
dc.relation.references | Shu-Dong Liu, Y.-l. L.-g. (2017). Attack behavioural analysis and secure access for wireless Access Point (AP) in open system authentication. 13th International Wireless Communications and Mobile Computing Conference (IWCMC) (págs. 1-3). Valencia: IEEE. | spa |
dc.relation.references | statcounter. (1 de abril de 2019). statcounter.com. Obtenido de statcounter.com: https://gs.statcounter.com/os-market-share/mobile/worldwide | spa |
dc.relation.references | statcounter. (1 de abril de 2020). statcounter.com. Obtenido de statcounter.com: https://gs.statcounter.com/os-market-share/mobile/worldwide | spa |
dc.relation.references | Thomas, D. R., Beresford, A., & Rice, A. (8 de 2015). Security Metrics for the Android Ecosystem. Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (págs. 87–98). Denver, Colorado, EE. UU: ACM | spa |
dc.relation.references | Thomas, D., Beresford, A., & Rice, A. (2015). Security Metrics for the Android Ecosystem. 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM ’15). New York | spa |
dc.relation.references | Thomas, D., Beresford, A., & Rice, A. (2015). Security Metrics for the Android Ecosystem. 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM ’15). New York. | spa |
dc.relation.references | Tidke Sonali Kothari, K. P. (2018). Detection and Prevention of Android Malware Thru Permission Analysis. Fourth International Conference on Computing Communication Control and Automation (ICCUBEA) (págs. 1-4). Pune, India: IEEE | spa |
dc.relation.references | Vecchiato Daniel, V. M. (2016). Risk Assessment of User-Defined Security Configurations for Android Devices. 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE) (págs. 1-2). Ottawa, ON, Canada: IEEE. | spa |
dc.relation.references | Wanqing, Y., Qian Kai, L. D.-T., Chen, W., Rogers, T., Chern, J.-C., & Yao, J. (2015). Promoting Mobile Computing and Security. IEEE Integrated STEM Education Conference (págs. 2,3). Princeton, NJ, USA: IEEE | spa |
dc.relation.references | Wu T L, T. R. (2019). Catering to your concerns: Automatic generation of personalised security-centric descriptions for android apps. ACM Transactions on Cyber-Physical Systems, 1-21 | spa |
dc.relation.references | XU MENG, S. M.-W. (2016). Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques. ACM Computing Surveys, 1-47. | spa |
dc.contributor.cvlac | Gamba González, Yamid Gabriel [0000041982] | spa |
dc.subject.lemb | Ingeniería de sistemas | spa |
dc.subject.lemb | Innovaciones tecnológicas | spa |
dc.subject.lemb | Sistemas móviles de comunicación | spa |
dc.subject.lemb | Sistemas operativos | spa |
dc.subject.lemb | Teléfono celular | spa |
dc.identifier.repourl | repourl:https://repository.unab.edu.co | spa |
dc.description.abstractenglish | In recent years, people's lifestyles have changed considerably with the arrival of smartphones, as they contain a wide range of applications that facilitate multiple tasks in the workplace and in daily life, allowing us to save personal or personal information. extreme sensitivity in them. Due to the information that Smartphones store, they have become an attractive target for attackers, putting its availability, integrity and confidentiality at risk, which is why it is necessary to make a series of recommendations to prevent security incidents. This project presents an investigation, which presents as a result a series of recommendations and steps to follow to avoid security incidents on mobile devices with Android operating system. | spa |
dc.subject.proposal | Sandboxing android | spa |
dc.subject.proposal | Vulnerabilidad | spa |
dc.subject.proposal | Android | spa |
dc.subject.proposal | Dispositivos móviles | spa |
dc.type.redcol | http://purl.org/redcol/resource_type/TP | |
dc.rights.creativecommons | Atribución-NoComercial-SinDerivadas 2.5 Colombia | * |
dc.coverage.campus | UNAB Campus Bucaramanga | spa |
dc.description.learningmodality | Modalidad Presencial | spa |
Ficheros en el ítem
Este ítem aparece en la(s) siguiente(s) colección(ones)
-
Ingeniería de Sistemas [374]