The Multi-level Security for the Android OS
作者: Ji-Soo Oh , Min-Woo Park , Tai-Myoung Chung
DOI: 10.1007/978-3-319-09147-1_54
关键词: Android (operating system) 、 Vulnerability 、 Security level 、 Permission 、 Security framework 、 Information sensitivity 、 Computer security model 、 Computer science 、 Computer security 、 Message passing
摘要: Recently, the Android smartphone has become a frequent target of attackers. The provides personalized services such as finance and healthcare application, so attackers may invade user’s privacy by compromising smartphone. platform permission based security model, but there are several vulnerabilities. First, when components communicate through message passing mechanism, can eavesdrop or intercept message. It lead to leakage sensitive information. Second, non-privileged caller access more privileged callee exploiting vulnerable interfaces. In this paper, we propose multi-level framework protect against attacks described above. Our assigns level all applications, it regulates communication between at runtime.
springer.com
sci-hub.st 参考文章(8)
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner, Analyzing inter-application communication in Android Proceedings of the 9th international conference on Mobile systems, applications, and services - MobiSys '11. pp. 239- 252 ,(2011) , 10.1145/1999995.2000018
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691
Ryo Sato, Daiki Chiba, Shigeki Goto, Detecting Android Malware by Analyzing Manifest Files Proceedings of the Asia-Pacific Advanced Network. ,vol. 36, pp. 23- 31 ,(2013) , 10.7125/APAN.36.4
Patrick P.F. Chan, Lucas C.K. Hui, S.M. Yiu, A privilege escalation vulnerability checking system for android applications international conference on communication technology. pp. 681- 686 ,(2011) , 10.1109/ICCT.2011.6157963
William Enck, Machigar Ongtang, Patrick McDaniel, Understanding Android Security ieee symposium on security and privacy. ,vol. 7, pp. 50- 57 ,(2009) , 10.1109/MSP.2009.26
Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy, Privilege escalation attacks on android international conference on information security. pp. 346- 360 ,(2010) , 10.1007/978-3-642-18178-8_30
Sven Bugiel, Lucas Davi, Ahmad-Reza Sadeghi, Thomas Fischer, Alexandra Dmitrienko, Bhargava Shastry, Towards Taming Privilege-Escalation Attacks on Android network and distributed system security symposium. ,(2012)
Chan, C K Lucas, P F Patrick, Hui, Yiu, [IEEE 2011 IEEE 13th International Conference on Communication Technology (ICCT) - Jinan, China (2011.09.25-2011.09.28)] 2011 IEEE 13th International Conference on Communication Technology - A privilege escalation vulnerability checking system for android applications ,(2011)