MOBIL ILOVALARDA MA’LUMOTLARNI OʻGʻIRLASH VA SOXTALASHTIRISHGA QARSHI HIMOYA USULLARINI TAHLIL QILISH VA BAHOLASH
Keywords:
Kalit so‘zlar: mobil ilovalar, ma’lumotlar xavfsizligi, kriptografiya, autentifikatsiya, JWT, OAuth 2.0, RASP, shifrlash, zaifliklar, axborot xavfsizligiAbstract
Annotatsiya
Maqsad: Ushbu tadqiqot mobil ilovalarda ma’lumotlarni o‘g‘irlash va
soxtalashtirish tahdidlariga qarshi qo‘llaniladigan himoya usullarini tizimli tahlil qilish
va samaradorlik mezonlari bo‘yicha baholashga qaratilgan. Metodlar: Tadqiqotda
adabiyotlarni tizimli ko‘rib chiqish, taqqoslama tahlil va STRIDE tahdid modellash
metodologiyasi qo‘llanildi. 2018–2024-yillar oralig‘ida chop etilgan 120 dan ortiq
maqola ko‘rib chiqilib, 38 tasi tanlandi; himoya mexanizmlari to‘rtta mezon bo‘yicha
1–5 ball tizimida baholandi. Natijalar: Hujum vektorlari tahlili shuni ko‘rsatdiki,
tarmoq hujumlari (28%) va zararli dasturlar (23%) eng ko‘p tarqalgan tahdidlardir.
AES-256 shifrlash (4,9/5,0), TLS 1.3 (4,8/5,0) va OAuth 2.0 (4,6/5,0) eng yuqori
samaradorlikka ega himoya mexanizmlari sifatida aniqlandi. Taklif etilgan uch
qatlamli himoya modeli ma’lumot o‘g‘irlashni aniqlashda 94,7%, tarmoq hujumlarini
oldini olishda esa 97,2% ko‘rsatkichga erishdi. Xulosa: Ko‘p qatlamli himoya
yondashuvi yagona mexanizmga nisbatan 2,3–2,8 baravarga samarali ekanligi
tasdiqlandi. Mobil ilova ishlab chiquvchilarga AES-256 shifrlash, qisqa muddatli JWT
tokenlar va TLS 1.3 ni majburiy qo‘llash tavsiya etiladi.
References
Foydalanilgan adabiyotlar
1. Statista Research Department. (2024). Number of smartphone users worldwide from
2016 to 2028. Statista. https://www.statista.com/statistics/330695/number-of-
smartphone-users-worldwide/
2. OWASP Foundation. (2023). OWASP Mobile Application Security Verification
Standard (MASVS). OWASP. https://owasp.org/www-project-mobile-app-
security/
3. Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., & Wagner, D. (2012). Android
permissions: User attention, comprehension, and behavior. Proceedings of the
Eighth Symposium on Usable Privacy and Security, 1–14.
https://doi.org/10.1145/2335356.2335360
4. Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B. G., Cox, L. P., Jung, J.,
McDaniel, P., & Sheth, A. N. (2014). TaintDroid: An information-flow tracking
system for realtime privacy monitoring on smartphones. ACM Transactions on
Computer Systems, 32(2), 1–29. https://doi.org/10.1145/2619091
5. Lu, L., Li, Z., Wu, Z., Lee, W., & Jiang, G. (2012). CHEX: Statically vetting Android
apps for component hijacking vulnerabilities. Proceedings of the 2012 ACM
Conference on Computer and Communications Security, 229–240.
https://doi.org/10.1145/2382196.2382223
6. Shostack, A. (2014). Threat Modeling: Designing for Security. Wiley.
7. Lim, I., Yoo, C., & Kim, J. (2022). A study on security vulnerabilities and
countermeasures for Android applications. Journal of Information Security and
Applications, 65, 103109. https://doi.org/10.1016/j.jisa.2022.103109
8. NIST. (2023). Guidelines for the Selection, Configuration, and Use of Transport
Layer Security (TLS) Implementations (NIST SP 800-52 Rev. 2). National Institute
of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-52r2
9. RFC 7519. (2015). JSON Web Token (JWT). Internet Engineering Task Force
(IETF). https://www.rfc-editor.org/rfc/rfc7519
10. RFC 6749. (2012). The OAuth 2.0 Authorization Framework. Internet Engineering
Task Force (IETF). https://www.rfc-editor.org/rfc/rfc6749
