SCAP compliant android vulnerability scanner

Thumbnail Image

Files

PALANDE_umbc_0434M_11679.pdf (4.47 MB)

Links to Files

Permanent Link

http://hdl.handle.net/11603/15521

Collections

UMBC Theses and Dissertations

Author/Creator

Author/Creator ORCID

Date

2017-01-01

Type of Work

theses
Text

Department

Computer Science and Electrical Engineering

Program

Computer Science

Citation of Original Publication

Rights

This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu
Distribution Rights granted to UMBC by the author.

Subjects

android
security
standardization

Abstract

This theses attempts to explain the SCAP compliance of a preliminary vulnerability scanner which is in the form of an OVAL interpreter (and thus, SCAP compliant) , which scans for vulnerabilities reported because of the telephony feature in android, in the year 2016 as reported in the national vulnerability database (NVD). The implementation of the scanner is achieved by attempting to write an OVAL definition file, which when evaluated against a system characteristics file , produces an OVAL results file. The result file thus generated is in a standard form , which can be understood and interpreted by other SCAP compliant scanners as well, thus ensuring interoperability and standardization.