Mostrar el registro sencillo del ítem

Estudio de seguridad en dispositivos móviles con sistema operativo Android

dc.contributor.advisorGamba González, Yamid Gabriel
dc.contributor.authorCardozo Beltrán, Cristian Fabián
dc.contributor.authorCelis Amaya, Jurgen Farid
dc.coverage.spatialBucaramanga (Santander, Colombia)spa
dc.date.accessioned2021-09-24T13:51:23Z
dc.date.available2021-09-24T13:51:23Z
dc.date.issued2021
dc.identifier.urihttp://hdl.handle.net/20.500.12749/14400
dc.description.abstractEn los últimos años el estilo de vida de las personas ha cambiado considerablemente con la llegada de los smartphones, ya que estos contienen una amplia gama de aplicaciones que facilitan múltiples tareas en el área laboral y en la vida cotidiana, permitiéndonos guardar información personal o de suma sensibilidad en ellos. Debido a la información que los Smartphones almacenan, se han convertido en un blanco atractivo para los atacantes, colocando en riesgo la disponibilidad, integridad y confidencialidad de esta, por ello se vuelve necesario plantear una serie de recomendaciones para prevenir incidentes de seguridad. En este proyecto se presenta una investigación, donde se presenta como resultado una serie de recomendaciones y pasos a seguir para evitar incidentes de seguridad en dispositivos móviles con sistema operativo Android.spa
dc.description.tableofcontentsRESUMEN EJECUTIVO ............................................................................................... 11 ABSTRAC ..................................................................................................................... 12 INTRODUCCIÓN .......................................................................................................... 13 1PLANTEAMIENTO DEL PROBLEMA ......................................................................... 14 ÁRBOL DE PROBLEMA .......................................................................................... 16 2JUSTIFICACIÓN ......................................................................................................... 19 3OBJETIVOS ................................................................................................................ 22 OBJETIVO GENERAL ............................................................................................. 22 OBJETIVOS ESPECÍFICOS .................................................................................... 22 4ANTECEDENTES ....................................................................................................... 23 5MARCO REFERENCIAL ............................................................................................. 24 MARCO CONCEPTUAL ........................................................................................... 24 MARCO TEORICO .................................................................................................. 25 5.2.1Arquitectura plataforma Android: ........................................................................... 25 5.2.2Sistema de seguridad en Sistema Operativo Android ........................................... 27 5.2.3Actualidad Malware móvil ...................................................................................... 31 6MARCO LEGAL .......................................................................................................... 34 Ley 1581 .................................................................................................................. 34 ISO 27002 ................................................................................................................ 34 MINTIC ..................................................................................................................... 34 ISO 31000 ................................................................................................................ 34 7ESTADO DEL ARTE ................................................................................................... 35 8METODOLOGÍA ......................................................................................................... 44 9CONTEXTO DE LA SEGURIDAD EN DISPOSITIVOS MÓVILES .............................. 47 CARACTERIZACIÓN DE LA SEGURIDAD EN ANDROID ...................................... 47 9.1.1Vulnerabilidades .................................................................................................... 47 9.1.2Amenazas ............................................................................................................. 50 9.1.3Riesgos ................................................................................................................. 51 9.1.4ncidentes ............................................................................................................... 52 10ESCENARIO DE PRUEBAS ..................................................................................... 54 DISEÑO ................................................................................................................. 54 VALIDACIÓN DE INCIDENTES ............................................................................. 55 10.2.1Phishing .............................................................................................................. 56 10.2.2Acces Point Falso ............................................................................................... 59 10.2.3Android Debug Bridge ......................................................................................... 62 10.2.4Keylogger ............................................................................................................ 66 10.2.5Ransomware ....................................................................................................... 68 11GUÍA DE RECOMENDACIONES ............................................................................. 72 Descripción ............................................................................................................ 72 Diseño .................................................................................................................... 72 Apartados ............................................................................................................... 72 Como está definida ................................................................................................ 73 Publico dirigido ....................................................................................................... 73 12CONCLUSIONES ..................................................................................................... 74 Objetivó 1 ............................................................................................................... 74 Objetivó 2 ............................................................................................................... 74 Objetivó 3 ............................................................................................................... 74 13RECOMENDACIONES PARA EL FUTURO ............................................................. 76 14REFERENCIAS ......................................................................................................... 77spa
dc.format.mimetypeapplication/pdfspa
dc.language.isospaspa
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/2.5/co/*
dc.titleEstudio de seguridad en dispositivos móviles con sistema operativo Androidspa
dc.title.translatedSecurity study on mobile devices with Android operating systemspa
dc.degree.nameIngeniero de Sistemasspa
dc.publisher.grantorUniversidad Autónoma de Bucaramanga UNABspa
dc.rights.localAbierto (Texto Completo)spa
dc.publisher.facultyFacultad Ingenieríaspa
dc.publisher.programPregrado Ingeniería de Sistemasspa
dc.description.degreelevelPregradospa
dc.type.driverinfo:eu-repo/semantics/bachelorThesis
dc.type.localTrabajo de Gradospa
dc.type.coarhttp://purl.org/coar/resource_type/c_7a1f
dc.subject.keywordsSystems engineerspa
dc.subject.keywordsTechnological innovationsspa
dc.subject.keywordsMalwarespa
dc.subject.keywordsMobile devicesspa
dc.subject.keywordsVulnerabilityspa
dc.subject.keywordsMobile communication systemsspa
dc.subject.keywordsOperating systemsspa
dc.subject.keywordsCell phonespa
dc.identifier.instnameinstname:Universidad Autónoma de Bucaramanga - UNABspa
dc.identifier.reponamereponame:Repositorio Institucional UNABspa
dc.type.hasversioninfo:eu-repo/semantics/acceptedVersion
dc.rights.accessrightsinfo:eu-repo/semantics/openAccessspa
dc.relation.referencesA. Solairaj, S. C. (2016). Keyloggers software detection techniques. 10th International Conference on Intelligent Systems and Control (ISCO) (págs. 1-3). Coimbatore: IEEE.spa
dc.relation.referencesAhmad, D. M. (2017). A novel approach to enhance the security of android based smart phones. International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS) (págs. 1-5). Coimbatore, India: IEEEspa
dc.relation.referencesAlzaylaee MK, Y. S. (2019). DL-Droid: Deep learning based android malware detection using real devices. Elsevier Ltd, 3-5.spa
dc.relation.referencesAndrea Atzeni, F. d. (2020). The Rise of Android Banking Trojans. IEEE Potentials, 1-2.spa
dc.relation.referencesAndrew Feutrill, D. R. (2018). The Effect of Common Vulnerability Scoring System Metrics on Vulnerability Exploit Delay. Sixth International Symposium on Computing and Networking (CANDAR) (págs. 1-3). Takayama: IEE.spa
dc.relation.referencesAndroid . (25 de Septiembre de 2020). developer.android.com. Obtenido de developer.android.com: https://developer.android.com/studio/command-line/adb?hl=es-419spa
dc.relation.referencesAndroid . (17 de Septiembre de 2020). developer.android.com. Obtenido de developer.android.com: https://developer.android.com/studio/debug/dev-options?hl=es-419spa
dc.relation.referencesAndroid. (27 de Diciembre de 2019). developer.android. Obtenido de developer.android: https://developer.android.com/guide/topics/manifest/permission-element#plevelspa
dc.relation.referencesAndroid. (27 de Diciembre de 2019). developer.android. Obtenido de developer.android: https://developer.android.com/guide/topics/manifest/uses-permission-elementspa
dc.relation.referencesAndroid. (5 de Mayo de 2020). android developers. Obtenido de android developers: https://developer.android.com/guide/platform?hl=es-419#api-frameworkspa
dc.relation.referencesAndroid. (9 de Septiembre de 2020). android source. Obtenido de android source: https://source.android.com/security/overview/kernel-security.html?hl=es-419spa
dc.relation.referencesAndroid. (9 de Septiembre de 2020). android source. Obtenido de android source : https://source.android.com/security/app-sandboxspa
dc.relation.referencesAndroid. (7 de Mayo de 2020). developer.android. Obtenido de develspa
dc.relation.referencesAndroid. (1 de Mayo de 2020). developer.android. Obtenido de developer.android: https://developer.android.com/guide/topics/manifest/manifest-intro.htmlspa
dc.relation.referencesAndroid. (6 de Enero de 2020). source.android. Obtenido de source.android: https://source.android.com/security/app-sandboxspa
dc.relation.referencesAndroid. (1 de Septiembre de 2020). source.android.com. Obtenido de source.android.com: https://source.android.com/security/overview/kernel-security.html?hl=es-419spa
dc.relation.referencesAndroid. (13 de Octubre de 2020). source.android.com. Obtenido de source.android.com: https://source.android.com/devices/tech/dalvik/index.html?hl=es-419spa
dc.relation.referencesAnirban Sarkar, A. G. (30 de Mayo de 2019). Android Application Development: A Brief Overview of Android Platforms and Evolution of Security Systems. Third International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC) (págs. 1-2). Palladam: IEE. Obtenido de statista.com: https://www.statista.com/topics/876/android/#dossierSummary__chapter2spa
dc.relation.referencesapwg.org. (2020). Obtenido de apwg.org: https://apwg.org/trendsreports/spa
dc.relation.referencesAziz Makandar, A. P. (2017). Malware class recognition using image processing techniques. International Conference on Data Management, Analytics and Innovation (ICDMAI) (págs. 1-2). Pune: IEE. Obtenido de malwarebytes.com: https://es.malwarebytes.com/malware/spa
dc.relation.referencesBilić, D. G. (8 de Enero de 2020). welivesecurity. Obtenido de welivesecurity: https://www.welivesecurity.com/la-es/2020/01/08/descienden-detecciones-malware-android-crecenios/spa
dc.relation.referencesChetan Kotkar, P. G. (2015). Prevention mechanism for prohibiting SMS malware attack on android smartphone. Annual IEEE India Conference (INDICON) (págs. 1-2). New Delhi: IEE.spa
dc.relation.referencesESET . (16 de Julio de 2014). welivesecurity.com. Obtenido de welivesecurity.com: https://www.welivesecurity.com/la-es/2014/07/16/riesgos-seguridad-android-ademas-malware/spa
dc.relation.referencesHuda M. Salih, M. S. (2020). Spyware Injection in Android using Fake Application. International Conference on Computer Science and Software Engineering (CSASE) (págs. 1-1). Duhok: IEEspa
dc.relation.referencesincibe. (11 de 04 de 2014). www.incibe.es. Obtenido de www.incibe.es: https://www.osi.es/es/actualidad/blog/2014/04/11/aprendiendo-identificar-los-10-phishing-masutilizados-por-ciberdelincuenspa
dc.relation.referencesINCIBE. (20 de Marzo de 2017). incibe.es. Obtenido de incibe.es: https://www.incibe.es/protege-tuempresa/blog/amenaza-vs-vulnerabilidad-sabes-se-diferencianspa
dc.relation.referencesIqbal Shahid, Y. A. (2018). Android (Nougats) security issues and solutions. IEEE International Conference on Applied System Invention (ICASI) (págs. 2-4). Chiba, Japan: IEEE.spa
dc.relation.referencesISO. (2013). iso.org. Obtenido de iso.org: https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:ed-2:v1:enspa
dc.relation.referencesISO. (2018). iso.org. Obtenido de iso.org: https://www.iso.org/obp/ui#iso:std:iso:31000:ed-2:v1:esspa
dc.relation.referencesISO. (2018). normaiso27001. Obtenido de normaiso27001: https://normaiso27001.es/referenciasnormativas-iso-27000/#def377spa
dc.relation.referencesJoseph Yisa Ndagi, J. K. (2019). Machine Learning Classification Algorithms for Adware in Android Devices: A Comparative Evaluation and Analysis. 15th International Conference on Electronics, Computer and Computation (ICECCO) (págs. 1-1). Abuja: IEEspa
dc.relation.referencesJu-Seong Ko, J.-S. J.-H.-K. (2019). Real Time Android Ransomware Detection by Analyzed Android Applications. nternational Conference on Electronics, Information, and Communication (ICEIC) (págs. 1-3). Auckland: IEE.spa
dc.relation.referenceskaspersky. (9 de Abril de 2013). kaspersky.com. Obtenido de kaspersky.com: https://latam.kaspersky.com/blog/que-es-un-keylogger2/453/#:~:text=Un%20keylogger%20es%20un%20software,que%20el%20usuario%20lo%20note.spa
dc.relation.referencesKaspersky. (23 de 10 de 2018). Kaspersky.com. Obtenido de Kaspersky.com: https://www.kaspersky.es/blog/mobile-malware-part-4/17232/spa
dc.relation.referenceskaspersky. (4 de 4 de 2019). kaspersky.com. Obtenido de kaspersky.com: https://www.kaspersky.es/blog/stalkerware-spouseware/18179/spa
dc.relation.referenceskaspersky. (2020). kaspersky. Obtenido de kaspersky: https://www.kaspersky.es/resourcecenter/threats/mobilespa
dc.relation.referenceskaspersky. (s.f.). kaspersky.com. Obtenido de kaspersky.com: https://www.kaspersky.es/resourcecenter/threats/data-theftspa
dc.relation.referenceskaspersky. (s.f.). kaspersky.com. Obtenido de kaspersky.com: https://latam.kaspersky.com/resourcecenter/threats/implementation-techniquesspa
dc.relation.referenceskaspersky. (s.f.). kaspersky.com. Obtenido de kaspersky.com: https://latam.kaspersky.com/resourcecenter/definitions/what-is-ransomwarespa
dc.relation.referencesKatharina Krombholz, H. H. (2014). Advanced social engineering attacks. Journal of Information Security and Applications, 1-5.spa
dc.relation.referencesKhandelwal Ankita, M. A. (2015). An insight into the security issues and their solutions for android phones. 2nd International Conference on Computing for Sustainable Global Development (INDIACom) (págs. 1-4). New Delhi, India: IEEEspa
dc.relation.referencesKuo Fong Kao, W. C. (2014). An Accurate Fake Access Point Detection Method Based on Deviation of Beacon Time Interval. International Conference on Software Security and Reliability-Companion (págs. 1-2). San Francisco: IEEspa
dc.relation.referencesMINTIC. (2012). mintic.gov.co. Obtenido de mintic.gov.co: https://www.mintic.gov.co/portal/604/articles4274_documento.pdfspa
dc.relation.referencesMINTIC. (2020). mintic.gov. Obtenido de mintic.gov: https://mintic.gov.co/portal/604/articles126556_Lineamientos_TIC_planes_desarrollo.pdfspa
dc.relation.referencesMohammad Wazid, A. K. (2013). A framework for detection and prevention of novel keylogger spyware attacks. International Conference on Intelligent Systems and Control (ISCO) (págs. 1-4). Coimbatore: IEE.spa
dc.relation.referencesMohammad Wazid, S. Z. (2019). Mobile Banking: Evolution and Threats: Malware Threats and Security Solutions. IEEE Consumer Electronics Magazine, 1-3spa
dc.relation.referencesMojtaba Bagherzadeh, N. K.-P. (2 de Febrero de 2018). [Journal First] Analyzing a Decade of Linux System Calls. IEEE/ACM 40th International Conference on Software Engineering (ICSE) (págs. 1-1). Gothenburg: IEE. Obtenido de https://www.elmundo.es/economia/2017/02/07/5899f8e0e5fdea28738b4668.htmlspa
dc.relation.referencesNour Abura'ed, H. O. (2014). Mobile phishing attack for Android platform. 10th International Conference on Innovations in Information Technology (IIT) (págs. 1-3). Al Ain: IEEEspa
dc.relation.referencesNour Abura'ed, H. O. (2014). Mobile Phishing Attack for Android Platform. 2014 10th International Conference on Innovations in Information Technology (IIT) (págs. 1-3). Al Ain, Emiratos Árabes Unidos: IEEE Xplore.spa
dc.relation.referencesSantos, J. C. (2011). Seguridad informatica. Bogota: Ediciones de la U.spa
dc.relation.referencesSatish Kandukuru, R. M. (2017). Android malicious application detection using permission vector and network traffic analysis. 2nd International Conference for Convergence in Technology (I2CT) (págs. 1-6). Mumbai: IEEEspa
dc.relation.referencesShu-Dong Liu, Y.-l. L.-g. (2017). Attack behavioural analysis and secure access for wireless Access Point (AP) in open system authentication. 13th International Wireless Communications and Mobile Computing Conference (IWCMC) (págs. 1-3). Valencia: IEEE.spa
dc.relation.referencesstatcounter. (1 de abril de 2019). statcounter.com. Obtenido de statcounter.com: https://gs.statcounter.com/os-market-share/mobile/worldwidespa
dc.relation.referencesstatcounter. (1 de abril de 2020). statcounter.com. Obtenido de statcounter.com: https://gs.statcounter.com/os-market-share/mobile/worldwidespa
dc.relation.referencesThomas, D. R., Beresford, A., & Rice, A. (8 de 2015). Security Metrics for the Android Ecosystem. Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (págs. 87–98). Denver, Colorado, EE. UU: ACMspa
dc.relation.referencesThomas, D., Beresford, A., & Rice, A. (2015). Security Metrics for the Android Ecosystem. 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM ’15). New Yorkspa
dc.relation.referencesThomas, D., Beresford, A., & Rice, A. (2015). Security Metrics for the Android Ecosystem. 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM ’15). New York.spa
dc.relation.referencesTidke Sonali Kothari, K. P. (2018). Detection and Prevention of Android Malware Thru Permission Analysis. Fourth International Conference on Computing Communication Control and Automation (ICCUBEA) (págs. 1-4). Pune, India: IEEEspa
dc.relation.referencesVecchiato Daniel, V. M. (2016). Risk Assessment of User-Defined Security Configurations for Android Devices. 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE) (págs. 1-2). Ottawa, ON, Canada: IEEE.spa
dc.relation.referencesWanqing, Y., Qian Kai, L. D.-T., Chen, W., Rogers, T., Chern, J.-C., & Yao, J. (2015). Promoting Mobile Computing and Security. IEEE Integrated STEM Education Conference (págs. 2,3). Princeton, NJ, USA: IEEEspa
dc.relation.referencesWu T L, T. R. (2019). Catering to your concerns: Automatic generation of personalised security-centric descriptions for android apps. ACM Transactions on Cyber-Physical Systems, 1-21spa
dc.relation.referencesXU MENG, S. M.-W. (2016). Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques. ACM Computing Surveys, 1-47.spa
dc.contributor.cvlacGamba González, Yamid Gabriel [0000041982]spa
dc.subject.lembIngeniería de sistemasspa
dc.subject.lembInnovaciones tecnológicasspa
dc.subject.lembSistemas móviles de comunicaciónspa
dc.subject.lembSistemas operativosspa
dc.subject.lembTeléfono celularspa
dc.identifier.repourlrepourl:https://repository.unab.edu.cospa
dc.description.abstractenglishIn recent years, people's lifestyles have changed considerably with the arrival of smartphones, as they contain a wide range of applications that facilitate multiple tasks in the workplace and in daily life, allowing us to save personal or personal information. extreme sensitivity in them. Due to the information that Smartphones store, they have become an attractive target for attackers, putting its availability, integrity and confidentiality at risk, which is why it is necessary to make a series of recommendations to prevent security incidents. This project presents an investigation, which presents as a result a series of recommendations and steps to follow to avoid security incidents on mobile devices with Android operating system.spa
dc.subject.proposalSandboxing androidspa
dc.subject.proposalVulnerabilidadspa
dc.subject.proposalAndroidspa
dc.subject.proposalDispositivos móvilesspa
dc.type.redcolhttp://purl.org/redcol/resource_type/TP
dc.rights.creativecommonsAtribución-NoComercial-SinDerivadas 2.5 Colombia*
dc.coverage.campusUNAB Campus Bucaramangaspa
dc.description.learningmodalityModalidad Presencialspa


Ficheros en el ítem

Thumbnail
Nombre:
2021_Tesis_Cristian_Fabian_Car ...
Tamaño:
1.542Mb
Formato:
PDF
Descripción:
Tesis
Ver/
Thumbnail
Nombre:
2021_Licencia_Cristian_Fabian_ ...
Tamaño:
205.3Kb
Formato:
PDF
Descripción:
Licencia
Ver/

Este ítem aparece en la(s) siguiente(s) colección(ones)

Mostrar el registro sencillo del ítem

Atribución-NoComercial-SinDerivadas 2.5 Colombia
Excepto si se señala otra cosa, la licencia del ítem se describe como Atribución-NoComercial-SinDerivadas 2.5 Colombia