Refine
Year of publication
- 2019 (3) (remove)
Document Type
- Bachelor Thesis (1)
- Doctoral Thesis (1)
- Master's Thesis (1)
Language
- German (3) (remove)
Keywords
- Data flow analysis (1)
- Datenfluss (1)
- Datenflussanalyse (1)
- Datenflussmodell (1)
- Statische Analyse (1)
Institute
- Institut für Softwaretechnik (3) (remove)
Absicherung der analytischen Interpretation von Geolokalisierungsdaten in der Mobilfunkforensik
(2019)
Abstract
Location based services maybe are within one of the most outstanding features of modern mobile devices. Despite the fact, that cached geolocation data could be used to reconstruct motion profiles, the amount of devices capable to provide these information in the field of criminal investigations is growing.
Motivation
The aim of this work is to generate in-depth knowledge to questions concerning geolocation in the field of mobile forensics, making especially somehow cached geolocation data forensically valuable. On top, tools meeting the specific requirements of law enforcement personnel shall be developed.
Problems
Geolocation processes within smartphones are quite complex. For the device to locate its position, different reference systems like GPS, cell towers or WiFi hot\-spots are used in a variety of ways. The whole mobile geolocation mechanism is proprietary to the device manufacturer and not build with forensic needs in mind. One major problem regarding forensic investigations is, that mainly reference points are being extracted and processed instead of real life device location data. In addition, these geolocation information only consist of bits and bytes or numeric values that have to be securely assigned to their intended meaning. The location data recovered are full of gaps providing only a part of the process or device usage. This possible loss of data has to be determined deriving a reliable measurement for the completeness, integrity and accuracy of data. Last but not least, as for every evidence within a criminal investigation, it has to be assured, that manipulations of the data or errors in position estimation have no disadvantageous effect on the analysis.
Research Questions
In the context of localisation services in modern smartphones, it always comes back to similar questions during forensic everyday life:
* Can locations be determined at any time?
* How accurate is the location of a smartphone?
* Can location data from smartphones endure in court?
Approach
For a better understanding of geolocation processes in modern smartphones and to evaluate the quality and reliability of the geolocation artefacts, information from different platforms shall be theoretically analysed as well as observed in-place during the geolocation process. The connection between data points and localisation context will be examined in predefined live experiments as well as desktop- and native applications on smartphones.
Results
Within the scope of this thesis self developed tools have been used for forensic investigations as well as analytical interpretation of geodata from modern smartphones. Hereby a generic model for assessing the quality of location data has emerged, which can be generally applied to geodata from mobile devices.
Data flow models in the literature are often very fine-grained, which transfers to the data flow analysis performed on them and thus leads to a decrease in the analysis' understandability. Since a data flow model, which abstracts from the majority of implementation details of the program modeled, allows for potentially easier to understand data flow analyses, this master thesis deals with the specification and construction of a highly abstracted data flow model and the application of data flow analyses on this model. The model and the analyses performed on it have been developed in a test-driven manner, so that a wide range of possible data flow scenarios could be covered. As a concrete data flow analysis, a static security check in the form of a detection of insufficient user input sanitization has been performed. To date, there's no data flow model on a similarly high level of abstraction. The proposed solution is therefore unique and facilitates developers without expertise in data flow analysis to perform such analyses.
Für die Entwicklung sicherer Softwaresysteme erweitert UMLsec die UML durch die Definition von Sicherheitsanforderungen, die erfüllt sein müssen. In Klassendiagrammen können Attribute und Methoden von Klassen Sicherheitseigenschaften wie secrecy oder integrity haben, auf die nicht authorisierte Klassen keinen Zugriff haben sollten. Vererbungen zwischen Klassen erzeugen eine Komplexität und werfen die Frage auf, wie man mit der Vererbung von Sicherheitseigenschaften umgehen sollte. Neben der Option in sicherheitskritischen Fällen auf Vererbungen zu verzichten, gibt es im Gebiet der objektorientierten Datenbanken bereits viele allgemeine Recherchen über die Auswirkungen von Vererbung auf die Sicherheit. Das Ziel dieser Arbeit ist es, Ähnlichkeiten und Unterschiede von der Datenbankseite und den Klassendiagrammen zu identifizieren und diese Lösungsansätze zu übertragen und zu formalisieren. Eine Implementierung des Modells evaluiert, ob die Lösungen in der Praxis anwendbar sind.