Sisyphus: um organizador de informações relacionadas a vulnerabilidades e correções para dispositivos Android
Abstract
It is not a trivial effort to index and organize Common Vulnerabilities and Exposures (CVEs) related to Android smartphones and comprehend how the industry addresses these security issues. This is due to the fact that each smartphone vendor makes its reports available in a different format, and the CVE database contains records that are not related to Android devices. For this reason, this study proposes a layer-based tool in which each layer handles a portion of the repetitious and exhausting task. Extracting, transforming, standardizing, and loading this information into a new database for these data to be utilized by other services and applications.References
AOSP (2023). Android Open Source Project. https://source.android.com/.
CVE (2023). Common Vulnerabilities and Exposures. https://cve.mitre.org/.
Huawei (2023). HUAWEI EMUI/Magic UI security updates. Disponível em: https://consumer.huawei.com/en/support/bulletin/. Acesso em: 2023-08-01.
Jimenez, M., Papadakis, M., Bissyandé, T. F., and Klein, J. (2016). Profiling Android vulnerabilities. In 2016 IEEE QRS, pages 222–229.
Joshi, J. and Parekh, C. (2016). Android smartphone vulnerabilities: A survey. In 2016 ICACCA (Spring), pages 1–5. IEEE.
Khan, E. R. and Anwar, H. (2015). Research methods of computer science. Laxmi.
Kimball, R. and Caserta, J. (2011). The Data Warehouse ETL Toolkit: Practical Techniques for Extracting, Cleaning, Conforming, and Delivering Data. Wiley.
Meng, H., Thing, V. L., Cheng, Y., Dai, Z., and Zhang, L. (2018). A survey of android exploits in the wild. Computers & Security, 76:71–91.
Mitchell, R. (2018). Web scraping with Python. ”O’Reilly Media, Inc.”.
NIST (2023). National Vulnerability Database API. Disponível em: https://nvd.nist.gov/developers/vulnerabilities. Acesso em: 2023-08-01.
Oppo (2023). Oppo security response center. https://security.oppo.com/.
Samsung (2023). Security Updates. https://security.samsungmobile.com/.
STATCOUNTER (2023). GlobalStats. https://gs.statcounter.com.
Tiwari, P. K. and Velayutham, T. (2019). Android Vulnerabilities: Taxonomy and nextGen Ecosystem. In 2019 IEEE IBSSC, pages 1–7. IEEE.
Vivo (2023). Android Security Updates. https://www.vivo.com/en/security.
CVE (2023). Common Vulnerabilities and Exposures. https://cve.mitre.org/.
Huawei (2023). HUAWEI EMUI/Magic UI security updates. Disponível em: https://consumer.huawei.com/en/support/bulletin/. Acesso em: 2023-08-01.
Jimenez, M., Papadakis, M., Bissyandé, T. F., and Klein, J. (2016). Profiling Android vulnerabilities. In 2016 IEEE QRS, pages 222–229.
Joshi, J. and Parekh, C. (2016). Android smartphone vulnerabilities: A survey. In 2016 ICACCA (Spring), pages 1–5. IEEE.
Khan, E. R. and Anwar, H. (2015). Research methods of computer science. Laxmi.
Kimball, R. and Caserta, J. (2011). The Data Warehouse ETL Toolkit: Practical Techniques for Extracting, Cleaning, Conforming, and Delivering Data. Wiley.
Meng, H., Thing, V. L., Cheng, Y., Dai, Z., and Zhang, L. (2018). A survey of android exploits in the wild. Computers & Security, 76:71–91.
Mitchell, R. (2018). Web scraping with Python. ”O’Reilly Media, Inc.”.
NIST (2023). National Vulnerability Database API. Disponível em: https://nvd.nist.gov/developers/vulnerabilities. Acesso em: 2023-08-01.
Oppo (2023). Oppo security response center. https://security.oppo.com/.
Samsung (2023). Security Updates. https://security.samsungmobile.com/.
STATCOUNTER (2023). GlobalStats. https://gs.statcounter.com.
Tiwari, P. K. and Velayutham, T. (2019). Android Vulnerabilities: Taxonomy and nextGen Ecosystem. In 2019 IEEE IBSSC, pages 1–7. IEEE.
Vivo (2023). Android Security Updates. https://www.vivo.com/en/security.
Published
2023-10-23
How to Cite
ANDRADE, Ewerton; FRANCA, Hudson; LIMA, Wesllen; BARBOSA, Davi.
Sisyphus: um organizador de informações relacionadas a vulnerabilidades e correções para dispositivos Android. In: REGIONAL SCHOOL OF COMPUTER NETWORKS (ERRC), 20. , 2023, Porto Alegre/RS.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 109-114.
DOI: https://doi.org/10.5753/errc.2023.886.
