BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Security metrics for the Android ecosystem - Daniel Thomas (Univer
 sity of Cambridge)
DTSTART:20151005T130500Z
DTEND:20151005T135500Z
UID:TALK61354@talks.cam.ac.uk
CONTACT:Andrew Rice
DESCRIPTION:The security of Android depends on the timely delivery of upda
 tes to fix critical vulnerabilities. In this paper we map the complex netw
 ork of players in the Android ecosystem who must collaborate to  provide u
 pdates\, and determine that inaction by some manufacturers and network ope
 rators means many handsets are vulnerable to critical vulnerabilities. We 
 define the FUM security metric to rank the performance of device manufactu
 rers and network operators\, based on their provision of updates and expos
 ure to critical vulnerabilities. Using a corpus of 20 400 devices we show 
 that there is significant variability in the timely delivery of security u
 pdates across different device manufacturers and network operators. This p
 rovides a comparison point for purchasers and regulators to determine whic
 h device manufacturers and network operators provide security updates and 
 which do not. We find that on average 87.7% of Android devices are exposed
  to at least one of 11 known critical vulnerabilities and\, across the eco
 system as a whole\, assign a FUM security score of 2.87 out of 10. In our 
 data\, Nexus devices do considerably better than average with a score of 5
 .17\; and LG is the best manufacturer with a score of 3.97.\n\nThis is a p
 ractice talk for ACM CCS Workshop on Security and Privacy in Smartphones a
 nd Mobile Devices (SPSM) 2015\, "Security metrics for the Android ecosyste
 m" by Daniel R. Thomas\, Alastair R. Beresford and Andrew Rice https://www
 .cl.cam.ac.uk/~drt24/papers/spsm-scoring.pdf\n
LOCATION:SS03\, William Gates Building
END:VEVENT
END:VCALENDAR