Framework for applications authenticity check

Abstract

Installation and usage of different applications and softwares on different Operating Systems (OS) is a very common practice nowadays. The reason being easy availability of applications easy availability in Information Technology (IT) market. Moreover, these softwares also have user-friendly environment along with the various options they provide according to the needs of different organizations. Furthermore, most of the applications are free and the cost is negligible in case of paid softwares. Various critical organizations use such applications which makes their systems less complicated. The systems there may be secured and updated but installation of a vulnerable application may lead to a security breach. With the advancement in technology, new threats are arising in the cybersecurity environment. These applications, with lots of visible options, may have some hidden vulnerabilities in them. The installation of such application may lead to making the system vulnerable to various attacks. It may result in business loss and disclosure of critical information. Therefore, there is a need to check the authenticity of applications before their installation on critical systems. Different standards and guidelines are already available for checking the applications authenticity. Moreover, various frameworks and tools are also available for this purpose but those are very specific to an OS or a single point of check. Our thesis focuses on the critical study of such frameworks, tools, and identification of various options which should be a part of the application’s authenticity check system. Moreover, an integrated framework has been proposed to check the application’s authenticity before its installation. The framework covers the aspects of confidentiality, integrity, availability and authentication. Therefore, it guarantees the system security from vulnerabilities which may come along with the applications. The framework has been validated using five PDF readers applications. The data sets for validation of our framework has been collected from “CVE Details”. This website provides vulnerabilities of specific application along with scoring or severity of the vulnerability.