How to Block the Malicious Access to Android External Storage
作者: Sisi Yuan , Yuewu Wang , Pingjian Wang , Lingguang Lei , Quan Zhou
DOI: 10.1007/978-3-030-12146-4_18
关键词: Android (operating system) 、 Permission 、 External storage 、 Linux kernel 、 Access control 、 Access control list 、 Operating system 、 ext4 、 Ransomware 、 Computer science
摘要: External storage (e.g., SD card) is an important component of the Android mobile terminals, commonly used for storing user information (including sensitive data such as photos). However, current protection mechanisms permission mechanism) on external are somehow coarse-grained, where controlled a whole, which means all files accessible once assigned to APP. This coarse-grained control weakness could be easily leveraged by attackers. For example, ransomware can obtain access and encrypt stealthily ransom. In this paper, we introduce Access Control List (ACL) mechanism enforce fine-grained storage. With ACL, policy defined at file granularity, permissions will only granted legitimate APPs specified in white list. First, activate Linux ACL system extend it Filesystem Userspace (FUSE). Because built FUSE filesystem, different from traditional filesystems EXT4) thus not supported mechanism. Second, ACL-policy configuration interface framework, enables device owner APP developers set policies their Finally, implement prototype based Nexus 6 devices deployed 6.0.1 kernel 3.10.4, evaluate stability, effectiveness performance. The results show our effectively prevent illegal with negligible performance overhead. As far know, first work that really Android.
springer.com
sci-hub.se 参考文章(22)
Guangdong Bai, Liang Gu, Tao Feng, Yao Guo, Xiangqun Chen, Context-Aware Usage Control for Android international conference on security and privacy in communication systems. pp. 326- 343 ,(2010) , 10.1007/978-3-642-16161-2_19
Sven Bugiel, Ahmad-Reza Sadeghi, Stephan Heuser, Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies usenix security symposium. pp. 131- 146 ,(2013)
Andreas Gr, POSIX Access Control Lists on Linux usenix annual technical conference. pp. 259- 272 ,(2003)
Longfei Wu, Xiaojiang Du, Hongli Zhang, An effective access control scheme for preventing permission leak in Android 2015 International Conference on Computing, Networking and Communications (ICNC). pp. 57- 61 ,(2015) , 10.1109/ICCNC.2015.7069315
Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel, Semantically rich application-centric security in Android Security and Communication Networks. ,vol. 5, pp. 658- 673 ,(2012) , 10.1002/SEC.360
Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi, Bhargava Shastry, Practical and lightweight domain isolation on Android Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '11. pp. 51- 62 ,(2011) , 10.1145/2046614.2046624
Valerio Arena, Vincenzo Catania, Giuseppe La Torre, Salvatore Monteleone, Fabio Ricciato, SecureDroid: An Android security framework extension for context-aware policy enforcement 2013 International Conference on Privacy and Security in Mobile Systems (PRISMS). pp. 1- 8 ,(2013) , 10.1109/PRISMS.2013.6927185
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691
M. Conti, B. Crispo, E. Fernandes, Y. Zhauniarovich, CRêPE: A System for Enforcing Fine-Grained Context-Related Policies on Android IEEE Transactions on Information Forensics and Security. ,vol. 7, pp. 1426- 1438 ,(2012) , 10.1109/TIFS.2012.2204249
Zhaohui Wang, Rahul Murmuria, Angelos Stavrou, Implementing and Optimizing an Encryption Filesystem on Android mobile data management. pp. 52- 62 ,(2012) , 10.1109/MDM.2012.31